Skip to content

security: add permissions block to workflows#1053

Open
elastic-vault-github-plugin-prod[bot] wants to merge 3 commits into
mainfrom
gh-oblt/add-permission-block-to-workflows
Open

security: add permissions block to workflows#1053
elastic-vault-github-plugin-prod[bot] wants to merge 3 commits into
mainfrom
gh-oblt/add-permission-block-to-workflows

Conversation

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Details

⚠️ This PR was created by an automated tool. Please review the changes carefully. ⚠️

We want to set the default permissions for workflows to read-only for contents.
This is a security measure to prevent accidental changes to the repository.

This change adds a top-level permissions block to all workflows in the .github/workflows directory.

permissions:
  contents: read

In some cases workflows might need more permissions than just contents: read.
Please checkout this branch and add the necessary permissions to the workflows.

If your workflow uses a Personal Access Token (PAT), we can still add the permissions block,
but it will not have any effect.

Merging this PR as is might cause workflows that need more permissions to fail.

If there are any questions, please reach out to the @elastic/observablt-ci

@elastic-vault-github-plugin-prod elastic-vault-github-plugin-prod Bot requested a review from a team July 8, 2026 11:21
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

🤖 GitHub comments

Just comment with:

  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

mallendem
mallendem previously approved these changes Jul 9, 2026
@mallendem

Copy link
Copy Markdown

@copilot resolve the merge conflicts in this pull request

@snyk-io

snyk-io Bot commented Jul 9, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Resolved the merge conflict in .github/workflows/test-reporter.yml. The conflict was in the top-level permissions block — our branch had only contents: read and actions: read, while origin/main added checks: write and pull-requests: write (and removed the redundant per-job permissions from the coverage job). The file now matches origin/main (commit resolve merge conflict in test-reporter.yml with origin/main).

Copilot AI requested a review from mallendem July 9, 2026 11:04
@mallendem mallendem force-pushed the gh-oblt/add-permission-block-to-workflows branch from 90b92a1 to 60a73f9 Compare July 9, 2026 11:09
@mallendem mallendem enabled auto-merge (squash) July 9, 2026 11:13
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

Minimum allowed coverage is 100%

Generated by 🐒 cobertura-action against d1187a3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants