Skip to content

ci: declare contents: read on the CI workflow#468

Open
arpitjain099 wants to merge 1 commit into
containerd:mainfrom
arpitjain099:chore/ci-permissions
Open

ci: declare contents: read on the CI workflow#468
arpitjain099 wants to merge 1 commit into
containerd:mainfrom
arpitjain099:chore/ci-permissions

Conversation

@arpitjain099
Copy link
Copy Markdown

@arpitjain099 arpitjain099 commented May 13, 2026

The nine jobs in ci.yml all run actions/checkout plus build/test steps. None push or call write APIs, so contents: read at the workflow level is the right minimum.

The other CI-adjacent workflows in this repo (cover.yml, labeler.yml, publish.yml, stale.yml) already declare permissions: per job; this brings ci.yml in line with the broader pattern.

@arpitjain099
ci: declare contents: read on the CI workflow
8f6adf1 
The 9 jobs in ci.yml (checks, windows-checks, tests, timings, deny,
linux-integration, windows-integration, results) all run actions/checkout
plus build/test steps. None push back to the repo or call write APIs, so
contents: read is the right floor. cover.yml / labeler.yml / publish.yml /
stale.yml in this repo already declare permissions (per-job).

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
@github-actions github-actions Bot added the T-CI Changes in project's CI label May 13, 2026
@arpitjain099
Copy link
Copy Markdown
Author

arpitjain099 commented May 18, 2026

Hi @mxpv, gentle ping on this. PR has been open for 4 days without review. I noticed you've been on the recent-merger side of recent merges in this repo. When you have a moment, would you mind giving it a quick look? No urgency. Happy to address any feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

T-CI Changes in project's CI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@arpitjain099