Skip to content

ci: fix excessive GitHub workflow token permissions#5274

Merged
kenhys merged 1 commit intofluent:masterfrom
gaganhr94:fix/token-permissions
Mar 16, 2026
Merged

ci: fix excessive GitHub workflow token permissions#5274
kenhys merged 1 commit intofluent:masterfrom
gaganhr94:fix/token-permissions

Conversation

@gaganhr94
Copy link
Contributor

@gaganhr94 gaganhr94 commented Mar 11, 2026

Which issue(s) this PR fixes:
Fixes #5273

What this PR does / why we need it:
Moves contents: write and pull-requests: write permissions from the workflow level to the job level in backport.yml, and sets the workflow-level permissions to contents: read. This follows the principle of least privilege and resolves the OpenSSF Scorecard Token-Permissions warning.

Docs Changes:
N/A

Release Note:
N/A

@gaganhr94
ci: fix excessive GitHub workflow token permissions
9b9c3cf 
Move contents: write and pull-requests: write permissions from
workflow level to job level in backport.yml, and set the workflow-level
permissions to contents: read. This follows the principle of least
privilege.

Signed-off-by: Gagan H R <hrgagan4@gmail.com>
kenhys
kenhys approved these changes Mar 16, 2026
View reviewed changes
Copy link
Contributor

@kenhys kenhys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@kenhys kenhys merged commit 4cc94dc into fluent:master Mar 16, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kenhys kenhys kenhys approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ci: fix excessive GitHub workflow token permissions

2 participants

@gaganhr94 @kenhys