Skip to content

ci: add read-only permissions to validation workflows#6901

Open
Yashagarwal9798 wants to merge 2 commits into
pipe-cd:masterfrom
Yashagarwal9798:ci/read-only-validation-permissions
Open

ci: add read-only permissions to validation workflows#6901
Yashagarwal9798 wants to merge 2 commits into
pipe-cd:masterfrom
Yashagarwal9798:ci/read-only-validation-permissions

Conversation

@Yashagarwal9798

@Yashagarwal9798 Yashagarwal9798 commented Jun 7, 2026

Copy link
Copy Markdown

What this PR does:

Adds top-level read-only GitHub token permissions to validation workflows:

  • .github/workflows/build.yaml
  • .github/workflows/test.yaml
  • .github/workflows/gen.yaml
  • .github/workflows/build_tool.yaml

Why we need it:

These workflows only need read access to checkout the repository and run validation jobs. Setting permissions: contents: read makes the token scope explicit and follows least-privilege security.

Which issue(s) this PR fixes:

Fixes #6899

Does this PR introduce a user-facing change?:

No.

  • How are users affected by this change:
    Users are not affected. This only changes GitHub Actions permissions.
  • Is this breaking change:
    No.
  • How to migrate (if breaking change):
    No migration is needed.

@Yashagarwal9798 Yashagarwal9798 requested a review from a team as a code owner June 7, 2026 17:54
@Yashagarwal9798
ci: add read-only permissions to validation workflows
825760e 
Signed-off-by: Yashagarwal9798 <yashagarwal9798@gmail.com>
@Yashagarwal9798 Yashagarwal9798 force-pushed the ci/read-only-validation-permissions branch from 0e9d6c8 to 825760e Compare June 7, 2026 18:02
@Yashagarwal9798

Yashagarwal9798 commented Jun 7, 2026
edited
Loading

Copy link
Copy Markdown
Author

@Ayushmore1214 @Warashi can you please review it.

Ayushmore1214
Ayushmore1214 reviewed Jun 8, 2026
View reviewed changes

@Ayushmore1214 Ayushmore1214 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Yashagarwal9798 LGTM!

@rahulshendre rahulshendre added the kind/enhancement New feature or request label Jun 12, 2026
rahulshendre
rahulshendre approved these changes Jun 12, 2026
View reviewed changes

@rahulshendre rahulshendre left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @Yashagarwal9798

rahulshendre

This comment was marked as duplicate.

Sign in to view

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rahulshendre rahulshendre rahulshendre approved these changes

@Ayushmore1214 Ayushmore1214 Ayushmore1214 approved these changes

@Warashi Warashi Awaiting requested review from Warashi Warashi is a code owner automatically assigned from pipe-cd/pipecd-approvers

@khanhtc1202 khanhtc1202 Awaiting requested review from khanhtc1202 khanhtc1202 is a code owner automatically assigned from pipe-cd/pipecd-approvers

@ffjlabo ffjlabo Awaiting requested review from ffjlabo ffjlabo is a code owner automatically assigned from pipe-cd/pipecd-approvers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/build kind/enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ci: add read-only permissions to validation workflows

3 participants

@Yashagarwal9798 @rahulshendre @Ayushmore1214