Skip to content

ci: declare explicit least-privilege permissions for Go workflow#517

Open
matt-elastic wants to merge 1 commit into
elastic:masterfrom
matt-elastic:gh-4357-workflow-permissions
Open

ci: declare explicit least-privilege permissions for Go workflow#517
matt-elastic wants to merge 1 commit into
elastic:masterfrom
matt-elastic:gh-4357-workflow-permissions

Conversation

@matt-elastic

Copy link
Copy Markdown

Adds a top-level permissions: contents: read block to go.yml to make the GITHUB_TOKEN permissions explicit. This Pr is opened in the context of elastic/cp-hosted-team#4357.

Types of Changes

  • Refactoring (improves code quality but has no user-facing effect)

Readiness Checklist

  • My code follows the code style of this project
  • I have added tests to cover my changes: To the best of my knowledge, Github actions first need to be merged to master so that Github picks them up.

Adds a top-level `permissions: contents: read` block to go.yml so its
GITHUB_TOKEN no longer inherits the repository's default (potentially
broader) permission set. Addresses elastic/cp-hosted-team#4357.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens CI security by making the GITHUB_TOKEN permissions explicit for the Go workflow, aligning with least-privilege guidance for GitHub Actions.

Changes:

  • Add a top-level permissions: block with contents: read in .github/workflows/go.yml.
  • Remove a whitespace-only line in the workflow.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants