From c1b0dc3313a40bbe6d672366611694fec371d9eb Mon Sep 17 00:00:00 2001 From: Normann Date: Sat, 28 Mar 2026 06:58:48 +0100 Subject: [PATCH 1/3] fix: code scanning alert no. 3: Workflow does not contain permissions (#982) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/pytest.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pytest.yml b/.github/workflows/pytest.yml index 9cb6ea8..fa6452b 100644 --- a/.github/workflows/pytest.yml +++ b/.github/workflows/pytest.yml @@ -1,5 +1,8 @@ name: Run Pytest on Pull Request +permissions: + contents: read + on: pull_request: push: From fa09f488afbef6f52d2edf64e78aedd363cc73d0 Mon Sep 17 00:00:00 2001 From: Normann Date: Sat, 28 Mar 2026 07:00:54 +0100 Subject: [PATCH 2/3] fix: code scanning alert no. 2: Workflow does not contain permissions (#983) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/docker-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index a82b84a..8b2dba9 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -30,6 +30,7 @@ jobs: # Build platform matrix excludes. if-conditional with matrix on job level is not # supported, see https://github.com/actions/runner/issues/1985 platform-excludes: + permissions: {} runs-on: ubuntu-latest outputs: excludes: ${{ steps.excludes.outputs.matrix }} From 49ae910d15a1da0fe22c986c1c6ebc463f634403 Mon Sep 17 00:00:00 2001 From: Normann Date: Sat, 28 Mar 2026 07:02:04 +0100 Subject: [PATCH 3/3] fix: code scanning alert no. 1: Workflow does not contain permissions (#984) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/pre-commit.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 65947d3..980773d 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -1,5 +1,8 @@ name: pre-commit +permissions: + contents: read + on: pull_request: push: