Skip to content

ci: add read-only permissions to validation workflows#6901

Open
Yashagarwal9798 wants to merge 2 commits into
pipe-cd:masterfrom
Yashagarwal9798:ci/read-only-validation-permissions
Open

ci: add read-only permissions to validation workflows#6901
Yashagarwal9798 wants to merge 2 commits into
pipe-cd:masterfrom
Yashagarwal9798:ci/read-only-validation-permissions

Conversation

@Yashagarwal9798

@Yashagarwal9798 Yashagarwal9798 commented Jun 7, 2026

Copy link
Copy Markdown

What this PR does:

Adds top-level read-only GitHub token permissions to validation workflows:

  • .github/workflows/build.yaml
  • .github/workflows/test.yaml
  • .github/workflows/gen.yaml
  • .github/workflows/build_tool.yaml

Why we need it:

These workflows only need read access to checkout the repository and run validation jobs. Setting permissions: contents: read makes the token scope explicit and follows least-privilege security.

Which issue(s) this PR fixes:

Fixes #6899

Does this PR introduce a user-facing change?:

No.

  • How are users affected by this change:
    Users are not affected. This only changes GitHub Actions permissions.
  • Is this breaking change:
    No.
  • How to migrate (if breaking change):
    No migration is needed.

@Yashagarwal9798 Yashagarwal9798 requested a review from a team as a code owner June 7, 2026 17:54
@Yashagarwal9798
ci: add read-only permissions to validation workflows
825760e 
Signed-off-by: Yashagarwal9798 <yashagarwal9798@gmail.com>
@Yashagarwal9798 Yashagarwal9798 force-pushed the ci/read-only-validation-permissions branch from 0e9d6c8 to 825760e Compare June 7, 2026 18:02
@Yashagarwal9798

Yashagarwal9798 commented Jun 7, 2026
edited
Loading

Copy link
Copy Markdown
Author

@Ayushmore1214 @Warashi can you please review it.

Ayushmore1214
Ayushmore1214 reviewed Jun 8, 2026
View reviewed changes

@Ayushmore1214 Ayushmore1214 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Yashagarwal9798 LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ayushmore1214 Ayushmore1214 Ayushmore1214 approved these changes

@Warashi Warashi Awaiting requested review from Warashi Warashi is a code owner automatically assigned from pipe-cd/pipecd-approvers

@khanhtc1202 khanhtc1202 Awaiting requested review from khanhtc1202 khanhtc1202 is a code owner automatically assigned from pipe-cd/pipecd-approvers

@ffjlabo ffjlabo Awaiting requested review from ffjlabo ffjlabo is a code owner automatically assigned from pipe-cd/pipecd-approvers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/build

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ci: add read-only permissions to validation workflows

2 participants

@Yashagarwal9798 @Ayushmore1214