freckle
chore(ci): add permissions to workflow files
chore(ci): add permissions to workflow files
Summary
Added explicit permissions: contents: read declarations to GitHub Actions workflow files (.github/workflows/add-asana-comment.yml and .github/workflows/ci.yml). This follows GitHub's security best practices by explicitly declaring the minimum required permissions for workflows rather than relying on default permissions, implementing the principle of least privilege.
Previously, these workflows inherited the repository's default permissions. By explicitly setting contents: read, we ensure the workflows operate with only the minimum necessary permissions.
Review & Testing Checklist for Human
- [ ] Verify CI checks pass: Confirm all workflow runs complete successfully with the new permission restrictions
- [ ] Test Asana integration: On this PR, verify that the Asana comment workflow still posts comments correctly
Notes
This is part of a broader security improvement initiative across the freckle organization to ensure all workflows have explicit permission declarations.
Link to Devin run: https://app.devin.ai/sessions/8be07b97ddec449cb5b2a86c82f8a57d Requested by: [email protected] (@joris974)
![devin-ai-integration[bot] avatar](https://avatars.githubusercontent.com/in/811515?v=4 "Published by a pub.dev verified publisher"){kind=small}
🤖 Devin AI Engineer
I'll be helping with this pull request! Here's what you should know:
✅ I will automatically:
- Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
- Look at CI failures and help fix them
Note: I can only respond to comments from users who have write access to this repository.
⚙️ Control Options:
- [ ] Disable automatic comment and CI monitoring