Conversation
Signed-off-by: Tamim Hamoudi <18720062+thamudi@users.noreply.github.com>
* chore: remove legacy pipeline * chore: add new updated wp templates
…egistry Update: pipeline to use private registry
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
|
|
||
| - name: Schedule Milestones | ||
| uses: readmeio/scheduled-milestones@v1.1.1 | ||
| id: scheduled | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| title: 'S-' | ||
| days: Thursday | ||
| count: 4 | ||
| format: YYYY-MM-DD | ||
|
|
||
| - name: Created Milestones | ||
| run: echo ${{ steps.scheduled.outputs.milestones }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, you must add a permissions block to the workflow. Since the root of the workflow (.github/workflows/schedule-milestones.yaml) currently has no permissions declaration, you should add it at the top level (right after the name: field, before on:). The strictest safe default is contents: read, unless the action requires more (e.g., issues: write or milestones: write). Based on the action’s apparent behavior (creating/managing milestones), you may want to include issues: write explicitly if that is required. However, as a minimal starting point and as per the CodeQL suggestion, default to contents: read – update as needed if the action fails due to insufficient scopes.
Add after the name: schedule-milestones line:
permissions:
contents: readNo imports, definitions, or extra methods are needed in a YAML workflow file.
| @@ -1,4 +1,6 @@ | ||
| name: schedule-milestones | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| schedule: |
Signed-off-by: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
3 participants
No description provided.