fix: move workflow permissions to top#7
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the release workflow configuration to define GitHub Actions token permissions at the workflow level (instead of job-level), and mirrors that change in the README’s usage example.
Changes:
- Move
permissions: { contents: write, pull-requests: write }to the top level in.github/workflows/release.yml. - Update the README’s workflow snippet to match the new permission placement.
- Introduce a couple of whitespace-only changes (blank lines containing spaces).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| README.md | Updates the documented workflow example to place permissions at the workflow level. |
| .github/workflows/release.yml | Moves permissions from the release job to the workflow root. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
|
|
||
| jobs: | ||
| release: |
There was a problem hiding this comment.
The YAML example now sets permissions at the workflow level, but the later "## Permissions" section still says to set permissions under the job's permissions key. Please update that text to reflect that workflow-level permissions is also valid (or adjust the example back to job-level) so the README stays consistent.
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| release: | |
| jobs: | |
| release: | |
| permissions: | |
| contents: write | |
| pull-requests: write |
| on: | ||
| pull_request: | ||
| types: [ closed ] | ||
|
|
There was a problem hiding this comment.
This blank line contains trailing whitespace. Please remove the extra spaces to avoid churn in diffs and potential whitespace/linting failures.
| on: | ||
| pull_request: | ||
| types: [ closed ] | ||
|
|
There was a problem hiding this comment.
This blank line contains trailing whitespace. Please remove the extra spaces to avoid churn in diffs and potential whitespace/linting failures.
|
|
||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
|
|
||
| jobs: | ||
| release: |
There was a problem hiding this comment.
Moving permissions to the workflow level makes these write permissions the default for all jobs in this workflow. If additional jobs are added later, consider either keeping write permissions scoped to the release job or explicitly overriding permissions for other jobs to preserve least-privilege.
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| release: | |
| jobs: | |
| release: | |
| permissions: | |
| contents: write | |
| pull-requests: write |
No description provided.