Skip to content

ci: restrict workflow token to read-only access#3266

Open
arpitjain099 wants to merge 1 commit into
linkedin:masterfrom
arpitjain099:chore/restrict-workflow-token-perms
Open

ci: restrict workflow token to read-only access#3266
arpitjain099 wants to merge 1 commit into
linkedin:masterfrom
arpitjain099:chore/restrict-workflow-token-perms

Conversation

@arpitjain099

Copy link
Copy Markdown

Adds permissions: contents: read to the GitHub Actions CI workflow.

The workflow checks out the repository, builds with Gradle, and runs unit tests. It uploads coverage to Codecov using a separate API token but does not use the GITHUB_TOKEN for any write operations. Pinning the token to read-only limits the potential for misuse if any action in the pipeline were to be compromised.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant