Skip to content
This repository was archived by the owner on Mar 9, 2026. It is now read-only.

ci: add top-level permissions to workflow files#52

Merged
roottool merged 1 commit intomainfrom
ci/add-top-level-permissions
Feb 15, 2026
Merged

ci: add top-level permissions to workflow files#52
roottool merged 1 commit intomainfrom
ci/add-top-level-permissions

Conversation

@roottool
Copy link
Copy Markdown
Owner

@roottool roottool commented Feb 15, 2026

Description

Add explicit top-level permissions to 5 workflow files that were missing them, following GitHub Actions security best practices for least-privilege token scoping.

Type of Change

  • Tooling / CI (changes to build tools, CI configuration)

Boundary Checklist (Required for Implementation Changes)

  • This is a non-implementation change (Documentation, Tooling, or CI only)
    • Reason: CI workflow configuration only — no changes to source code or library behavior

Security & API Stability

Security Impact:

  • Reviewed against security rules in AGENTS.md
  • This change improves security by explicitly restricting workflow token permissions to the minimum required (contents: read)

API Contract:

  • No changes to public API (parse function signature, type definitions)
  • No breaking changes to ParseResult, ParseIssue, or IssueCode

Versioning:

  • Change is compatible with current v0.x versioning policy

Testing

Automated Checks:

  • TypeScript type checking passes (bun run check:type:source)
  • All tests pass (bun run test)
  • Build succeeds (bun run build)

Additional Verification:

  • Verified bun run check passes (lint + format)
  • YAML syntax validated by successful formatting check

Changes

File Permission Added
ci.yml Top-level: contents: read; setup job: added contents: read (job-level overrides top-level)
wc-type-check.yml Top-level: contents: read
wc-lint-format.yml Top-level: contents: read
wc-test.yml Top-level: contents: read
wc-export-validation.yml Top-level: contents: read

Signature

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

@roottool @claude
ci: add top-level permissions to workflow files
8527131 
Add explicit top-level `permissions` to 5 workflow files that were
missing them, following GitHub Actions security best practices for
least-privilege token scoping.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@roottool roottool self-assigned this Feb 15, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Feb 15, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (62829ad) to head (8527131).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##              main       #52   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines           22        22           
  Branches         6         6           
=========================================
  Hits            22        22
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@roottool roottool merged commit a393f5f into main Feb 15, 2026
12 checks passed
@roottool roottool deleted the ci/add-top-level-permissions branch February 15, 2026 06:45
@roottool roottool added the ci Some changes have been changed to CI. label Mar 1, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@roottool roottool

Labels

ci Some changes have been changed to CI.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@roottool