Restrict docs broken-links workflow permissions

[theCyberTech]

Summary

Fixes CodeQL alert 60 (actions/missing-workflow-permissions) by adding an explicit least-privilege permissions block to the docs broken-links workflow.

Change

• Adds permissions: contents: read to .github/workflows/docs-broken-links.yml

Validation

• Parsed workflow YAML successfully with Ruby
• Pre-commit ran during commit; Python-only hooks skipped because only workflow YAML changed

Summary by CodeRabbit

• Chores
  • Updated automated workflow permissions to use read-only repository access.
  • No user-facing behavior or app functionality changed.

[corridor-security]

Summary: This PR adds an explicit contents: read permissions block to the docs broken-links GitHub Actions workflow, reducing default token privileges. No exploitable security vulnerabilities were identified.

Risk: Low risk. The change narrows CI permissions and does not introduce new authentication, authorization, data handling, or external execution paths.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 3688a4fb-de33-4275-9082-4bae86dbb7ff

📥 Commits

Reviewing files that changed from the base of the PR and between 178c2d2 and 816d1f2.

📒 Files selected for processing (1)

• .github/workflows/docs-broken-links.yml

---

📝 Walkthrough

Walkthrough

The docs-broken-links workflow now declares top-level permissions with contents: read. No jobs or steps changed.

Changes

Docs broken links workflow

Layer / File(s)	Summary
Workflow permissions .github/workflows/docs-broken-links.yml	Adds a workflow-level permissions block granting contents: read.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the workflow change to restrict permissions for the docs broken-links job.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/docs-broken-links-workflow-permissions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[Copilot]

Pull request overview

This PR addresses CodeQL alert 60 (actions/missing-workflow-permissions) by explicitly setting least-privilege GitHub Actions token permissions for the documentation broken-links workflow.

Changes:

• Adds an explicit top-level permissions block to the workflow.
• Restricts GITHUB_TOKEN to contents: read for the job’s needs (e.g., actions/checkout).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.