Skip to content

ci: fix code scanning alerts#319

Merged
rootulp merged 5 commits into
mainfrom
fix/code-scanning-alerts
Apr 15, 2026
Merged

ci: fix code scanning alerts#319
rootulp merged 5 commits into
mainfrom
fix/code-scanning-alerts

Conversation

@rootulp

@rootulp rootulp commented Apr 14, 2026

Copy link
Copy Markdown
Collaborator

Summary

Test plan

  • CI workflows still pass (no functional changes, only permissions and ref pinning)
  • Verify code scanning alerts move to "fixed" state after merge

🤖 Generated with Claude Code

rootulp and others added 5 commits April 14, 2026 12:40
@rootulp @claude
ci(lint): add permissions block and pin 3rd-party actions
8370e1e 
Add top-level permissions with contents:read to follow least-privilege
principle. Pin technote-space/get-diff-action, golangci/golangci-lint-action,
and celestiaorg/.github markdown-lint to commit SHAs.

Resolves code scanning alerts #5, #10, #21, #23, #24.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@rootulp @claude
ci(go): add permissions block with contents:read
e342525 
Resolves code scanning alert #22.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@rootulp @claude
ci(buf-ci): pin 3rd-party actions to commit SHAs
3a68a30 
Pin bufbuild/buf-setup-action, buf-breaking-action, and buf-lint-action.

Resolves code scanning alerts #6, #7, #11.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@rootulp @claude
ci(buf-release): add permissions block and pin 3rd-party actions
385dcb4 
Add top-level permissions with contents:read. Pin bufbuild/buf-setup-action
and bufbuild/buf-push-action to commit SHAs.

Resolves code scanning alerts #9, #12, #20.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@rootulp @claude
merge: resolve conflicts with upstream/main
b7b3038 
Accept upstream's actions/checkout@v6 and golangci-lint-action@v9 bumps
while keeping pinned commit SHAs for all 3rd-party actions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@rootulp rootulp self-assigned this Apr 14, 2026
@gemini-code-assist

gemini-code-assist Bot commented Apr 14, 2026

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@rootulp rootulp marked this pull request as ready for review April 14, 2026 19:48
@rootulp rootulp requested a review from a team as a code owner April 14, 2026 19:48
@rootulp rootulp requested review from ninabarbakadze and removed request for a team April 14, 2026 19:48
@rootulp rootulp enabled auto-merge (squash) April 14, 2026 19:48
@rootulp rootulp merged commit 7b18923 into main Apr 15, 2026
12 of 13 checks passed
@rootulp rootulp deleted the fix/code-scanning-alerts branch April 15, 2026 13:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ninabarbakadze ninabarbakadze ninabarbakadze approved these changes

Assignees

@rootulp rootulp

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rootulp @ninabarbakadze