Skip to content

ci: add missing top level contents permission#779

Merged
vdusek merged 1 commit intomasterfrom
ci/add-default-permissions
May 5, 2026
Merged

ci: add missing top level contents permission#779
vdusek merged 1 commit intomasterfrom
ci/add-default-permissions

Conversation

@vdusek
Copy link
Copy Markdown
Contributor

@vdusek vdusek commented May 5, 2026

Description

Two workflows in this repo were missing a top-level permissions: contents: read block:

  • .github/workflows/manual_release_docs.yaml
  • .github/workflows/on_issue.yaml

The other workflows here, as well as the equivalents in apify-sdk-python and crawlee-python, all set this default at the file level. This applies the principle of least privilege: jobs that need to escalate (e.g. contents: write, pages: write, issues: write) still do so via job-level overrides.

Changes

  • Add permissions: contents: read at the top level of both workflow files.

@vdusek
ci: add default contents permission to two workflows
a1a6f26 
`manual_release_docs.yaml` and `on_issue.yaml` were missing a top-level
`permissions: contents: read` block — bringing them in line with the
other workflows in this repo and with apify-sdk-python / crawlee-python.
@vdusek vdusek added adhoc Ad-hoc unplanned task added during the sprint. t-tooling Issues with this label are in the ownership of the tooling team. labels May 5, 2026
@vdusek vdusek self-assigned this May 5, 2026
@github-actions github-actions Bot added this to the 140th sprint - Tooling team milestone May 5, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 5, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.50%. Comparing base (94d5bf4) to head (a1a6f26).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #779      +/-   ##
==========================================
- Coverage   97.56%   97.50%   -0.07%     
==========================================
  Files          47       47              
  Lines        4725     4725              
==========================================
- Hits         4610     4607       -3     
- Misses        115      118       +3
Flag Coverage Δ
integration 95.28% <ø> (-0.26%) ⬇️
unit 82.11% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@vdusek vdusek changed the title ci: add default contents permission to two workflows ci: add missing contents permission May 5, 2026
@vdusek vdusek changed the title ci: add missing contents permission ci: add missing top level contents permission May 5, 2026
@vdusek vdusek requested a review from janbuchar May 5, 2026 12:00
@vdusek vdusek merged commit 52a89a3 into master May 5, 2026
26 checks passed
@vdusek vdusek deleted the ci/add-default-permissions branch May 5, 2026 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janbuchar janbuchar janbuchar approved these changes

Assignees

@vdusek vdusek

Labels

adhoc Ad-hoc unplanned task added during the sprint. t-tooling Issues with this label are in the ownership of the tooling team.

Projects

None yet

Milestone

140th sprint - Tooling team

Development

Successfully merging this pull request may close these issues.

3 participants

@vdusek @janbuchar @apify-service-account