Skip to content

CCM-17709 adding action permissions#62

Merged
timireland merged 3 commits into
mainfrom
feature/CCM-17709
May 11, 2026
Merged

CCM-17709 adding action permissions#62
timireland merged 3 commits into
mainfrom
feature/CCM-17709

Conversation

@timireland

Copy link
Copy Markdown
Contributor

Description

Adding the necessary permission to the action to be able to run when repo is made private.

Context

SLDC -8 has been updated so that repos must be private/internal by default.

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming
  • This PR includes code generated by a coding agent

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

Signed-off-by: Tim Ireland <tim.ireland@hscic.gov.uk>
Copilot AI review requested due to automatic review settings May 11, 2026 14:22
@timireland timireland requested a review from a team as a code owner May 11, 2026 14:22
m-houston
m-houston previously approved these changes May 11, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds explicit GITHUB_TOKEN permissions to the CI/CD pull request workflow to keep it functioning under stricter default permissions when repositories are private/internal.

Changes:

  • Adds a top-level permissions block to the PR CI/CD workflow.
  • Grants contents: read, pull-requests: read, and pages: write at workflow scope.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/cicd-1-pull-request.yaml Outdated
Comment thread .github/workflows/cicd-1-pull-request.yaml Outdated
@m-houston m-houston self-requested a review May 11, 2026 14:26
@m-houston m-houston dismissed their stale review May 11, 2026 14:26

CI failed

@m-houston

Copy link
Copy Markdown
Contributor

It looks like the CI workflows are failing due to missing permissions:

Invalid workflow file

The workflow is not valid. .github/workflows/cicd-1-pull-request.yaml (Line: 80, Col: 3): Error calling workflow 'NHSDigital/nhs-notify-supplier-config/.github/workflows/stage-1-commit.yaml@2bcbdb861c9027f1b15d954259ca62aa85c9a779'. The nested job 'terraform-docs' is requesting 'contents: write', but is only allowed 'contents: read'. .github/workflows/cicd-1-pull-request.yaml (Line: 80, Col: 3): Error calling workflow 'NHSDigital/nhs-notify-supplier-config/.github/workflows/stage-1-commit.yaml@2bcbdb861c9027f1b15d954259ca62aa85c9a779'. The nested job 'count-lines-of-code' is requesting 'id-token: write', but is only allowed 'id-token: none'.

Signed-off-by: Tim Ireland <tim.ireland@hscic.gov.uk>
Signed-off-by: Tim Ireland <tim.ireland@hscic.gov.uk>
@timireland timireland merged commit 2a886cc into main May 11, 2026
34 checks passed
@timireland timireland deleted the feature/CCM-17709 branch May 11, 2026 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants