Skip to content

Add explicit read-only permissions to Python CI workflow#157

Merged
Gerrrr merged 1 commit into
apache:masterfrom
arpitjain099:security/workflow-permissions-python-app
May 14, 2026
Merged

Add explicit read-only permissions to Python CI workflow#157
Gerrrr merged 1 commit into
apache:masterfrom
arpitjain099:security/workflow-permissions-python-app

Conversation

@arpitjain099

Copy link
Copy Markdown
Contributor

Summary

  • Add an explicit workflow permissions block to .github/workflows/python-app.yml.
  • Set the token scope to contents: read.

Why

The Python CI workflow only needs repository read access for checkout/build/test operations. Explicit least-privilege permissions harden the workflow and avoid relying on broad default token scopes.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
@arpitjain099
arpitjain099 force-pushed the security/workflow-permissions-python-app branch from 0fb7311 to 32bcaf1 Compare May 13, 2026 17:13
@Gerrrr

Gerrrr commented May 14, 2026

Copy link
Copy Markdown
Contributor

Thank you, @arpitjain099 !

@Gerrrr
Gerrrr merged commit c8b0ccc into apache:master May 14, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants