Skip to content

feat: add minimal permissions to GitHub Actions workflows#9

Merged
yutafujita merged 2 commits intomasterfrom
feat/gh-actions-permissions
Apr 2, 2026
Merged

feat: add minimal permissions to GitHub Actions workflows#9
yutafujita merged 2 commits intomasterfrom
feat/gh-actions-permissions

Conversation

@yutafujita
Copy link
Copy Markdown

@yutafujita yutafujita commented Apr 2, 2026
edited
Loading

Summary

GITHUB_TOKENの権限を最小化し、万が一Actionが侵害された場合の被害を最小限に抑えるため、ワークフローレベルで permissions を明示的に定義しました。

変更内容

  • tests.yml: contents: read を追加(checkout のみ使用)
  • asset-size.yml: contents: read + pull-requests: write を追加(checkout + PRコメント投稿)

Test plan

  • 全ジョブが正常に動作すること

🤖 Generated with Claude Code

@yutafujita @claude
feat: add minimal permissions to GitHub Actions workflows
1ef85bd 
Apply least-privilege principle to GITHUB_TOKEN by explicitly
defining permissions at workflow level:
- tests.yml: contents: read (checkout only)
- asset-size.yml: contents: read + pull-requests: write
  (checkout + PR comment via asset-size-reporter)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
linhmtran168
linhmtran168 previously approved these changes Apr 2, 2026
View reviewed changes
Base automatically changed from claude/flamboyant-mendel to master April 2, 2026 10:32
@yutafujita yutafujita dismissed linhmtran168’s stale review April 2, 2026 10:32

The base branch was changed.

@yutafujita yutafujita merged commit 5941668 into master Apr 2, 2026
11 checks passed
@yutafujita yutafujita deleted the feat/gh-actions-permissions branch April 2, 2026 10:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@linhmtran168 linhmtran168 linhmtran168 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yutafujita @linhmtran168