Commit 5ea8169
authored
fix(ci): grant security-fix job permissions in on-main workflow (#2094)
The top-level 'permissions: contents: read' in on-main.yml was capping the permissions requested by the reusable _security-fix-agent.yml workflow, causing the workflow file to be rejected as invalid on merges to main:
The nested job 'remediate' is requesting
'contents: write, issues: write, pull-requests: write, id-token: write',
but is only allowed 'contents: read, issues: none, pull-requests: none, id-token: none'.
Grant the elevated permissions explicitly on the 'security-fix' job so the called workflow can run, while keeping the restrictive defaults for every other job.1 parent d4f0059 commit 5ea8169
1 file changed
Lines changed: 5 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
33 | 38 | | |
0 commit comments