Hi @derberg @fmvilas @magicmatatjahu ,
I noticed that the SonarCloud quality gate for this repository is currently
failing due to new security warnings related to GitHub Actions workflow
permissions.
SonarCloud reports the following issue on new code:
- “Move this write permission from workflow level to job level”
These warnings appear in non-centrally-managed workflow files
(e.g. if-nodejs-release.yml) and are marked as new issues affecting the
security rating.
I would like to work on fixing these warnings by:
- Moving
write permissions from the workflow level to only the jobs
that actually require them
- Making no functional or behavioral changes to the workflows
Before proceeding, I wanted to ask for confirmation that this change is
acceptable and aligns with the project’s contribution process.
Happy to submit a PR once approved.
Thanks!
Hi @derberg @fmvilas @magicmatatjahu ,
I noticed that the SonarCloud quality gate for this repository is currently
failing due to new security warnings related to GitHub Actions workflow
permissions.
SonarCloud reports the following issue on new code:
These warnings appear in non-centrally-managed workflow files
(e.g.
if-nodejs-release.yml) and are marked as new issues affecting thesecurity rating.
I would like to work on fixing these warnings by:
writepermissions from the workflow level to only the jobsthat actually require them
Before proceeding, I wanted to ask for confirmation that this change is
acceptable and aligns with the project’s contribution process.
Happy to submit a PR once approved.
Thanks!