Skip to content

Potential fix for code scanning alerts: Workflow does not contain permissions #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 31, 2025
Merged

Potential fix for code scanning alerts: Workflow does not contain permissions #17

merged 4 commits into from
May 31, 2025

Conversation

smaillet
Copy link
Member

Potential fix for https://github.com/UbiquityDotNET/CSemVer.GitBuild/security/code-scanning/1

To fix the issue, we need to add a permissions block to the workflow. This block should specify the least privileges required for the workflow to function correctly. Based on the operations performed in the workflow, the following permissions are needed:

  • contents: read for accessing repository contents.
  • contents: write for committing documentation changes.
  • pages: write for pushing documentation to GitHub Pages.
  • packages: write for publishing packages to NuGet.org.
  • actions: read for interacting with GitHub Actions artifacts.

The permissions block can be added at the root level of the workflow to apply to all jobs, or it can be added to individual jobs if different jobs require different permissions.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

smaillet and others added 2 commits May 31, 2025 12:32
@smaillet @github-advanced-security
Potential fix for code scanning alert no. 1: Workflow does not contai…
53c0fe0 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@smaillet @github-advanced-security
Potential fix for code scanning alert no. 2: Workflow does not contai…
cff43ba 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@smaillet smaillet changed the title Potential fix for code scanning alert no. 1: Workflow does not contain permissions Potential fix for code scanning alerts: Workflow does not contain permissions May 31, 2025
@smaillet smaillet marked this pull request as ready for review May 31, 2025 19:36
smaillet added 2 commits May 31, 2025 12:44
@smaillet
Update pr-build.yml to exclude test results if not a push
2ac8ab3 
Permissions are tightened to the point that the Publish test results step will fail on a PR now. It wouldn't do anything for a PR build in the past (except waste CPU cycles) So, this fix just skips the step entirely for PR builds.
@smaillet
Update pr-build.yml to fix syntax
e11ce1c 
Updated syntax of condition cuz, ya know. it's not like there's anything to catch errors ahead of time... [Sigh!] 🤦
@smaillet smaillet merged commit 80238ac into develop May 31, 2025
4 checks passed
@smaillet smaillet deleted the alert-autofix-1 branch May 31, 2025 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@smaillet