From cdd9b9c0335f59bb34d102e0e70b0770c2b79a03 Mon Sep 17 00:00:00 2001 From: Peter Matkovski Date: Wed, 8 Jul 2026 13:39:20 +0200 Subject: [PATCH] CI: add least-privilege permissions to GitHub Actions workflows Add explicit workflow-level permissions blocks to resolve CodeQL actions/missing-workflow-permissions alerts. Scopes are derived from workflow operations (git push, artifact upload, Danger, release lanes). Refs: APPSEC-164 --- .github/workflows/main.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index c3c80a8..b5c2ce0 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -2,6 +2,10 @@ name: Dart CI on: [push, pull_request] +permissions: + contents: read + pull-requests: read + jobs: build: runs-on: ubuntu-latest