auto-complete-element icon indicating copy to clipboard operation
auto-complete-element copied to clipboard
verified publisher icon github

Add explicit read-only permissions to GitHub Actions workflows

Open Copilot opened this issue 2 months ago • 0 comments

Add permissions: contents: read to workflow files to follow the principle of least privilege for GitHub Actions security.

Changes

  • .github/workflows/nodejs.yml: Added explicit read-only contents permission
  • .github/workflows/publish.yml: Added explicit read-only contents permission

This restricts workflows to read-only access unless additional permissions are explicitly granted, reducing the attack surface if workflow tokens are compromised.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot avatar Oct 29 '25 19:10 Copilot