wails/.github/workflows/test-simple.yml at fix/workflow-permissions - deblan-mirror/wails - Gitnet

deblan-mirror/wails

mirror of https://github.com/wailsapp/wails.git synced 2026-03-18 08:29:55 +01:00

Lea Anthony 04c8224943 fix(security): restrict GITHUB_TOKEN permissions in workflows

Add explicit permissions blocks to GitHub Actions workflow files to follow
the principle of least privilege. This addresses CodeQL security warnings
about workflows not limiting GITHUB_TOKEN permissions.

Changes:
- automated-releases.yml: Add workflow-level read default, job-level
  permissions for release jobs that need write access
- build-and-test-v3.yml: Add workflow-level read default, job-level
  permissions for each job
- publish-npm.yml: Add workflow-level read default, job-level permissions
  for detect job (rebuild_and_publish already had explicit permissions)
- test-simple.yml: Add empty permissions block since it only echoes text

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-22 06:03:03 +11:00

15 lines

No EOL

224 B

YAML

Raw Permalink Blame History

 name: Test Simple
 on:
   workflow_dispatch:
 # Restrict default GITHUB_TOKEN permissions
 permissions: {}
 jobs:
   test:
     runs-on: ubuntu-latest
     permissions: {}
     steps:
     - name: Test
       run: echo "Hello World"