Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add permissions to GitHub actions workflows, update actions versions #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
danieljoos merged 1 commit into from
Dec 8, 2025
Merged

Add permissions to GitHub actions workflows, update actions versions #181

danieljoos merged 1 commit into from
Dec 8, 2025

Conversation

@danieljoos
Copy link
Contributor

@danieljoos danieljoos commented Dec 8, 2025

This pull request attempts to fix two of the code scanning issues found:
Missing permissions block in the GitHub actions workflows.

It also updates the versions of the used GitHub actions and uses the go.mod file to determine the Go version for the release workflow.

The --rm-dist flag for goreleaser has been deprecated in favor of --clean and was removed in v2. (docs)

Copilot AI review requested due to automatic review settings December 8, 2025 11:09
Copilot AI reviewed Dec 8, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request enhances the security and maintainability of GitHub Actions workflows by adding explicit permissions blocks and updating action versions. It also modernizes the Go version management by reading from go.mod instead of hardcoding, and updates the deprecated --rm-dist flag to --clean for GoReleaser v2+ compatibility.

Key changes:

  • Added minimal permissions blocks to both workflows (write for releases, read for CI)
  • Updated GitHub action versions to v6 across all workflows
  • Changed Go version strategy from hardcoded 1.19 to using go.mod file (which specifies 1.20)

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/release.yml Added contents: write permission, updated all action versions to v6, switched to reading Go version from go.mod, and changed goreleaser flag to --clean
.github/workflows/main.yml Added contents: read permission and updated checkout action from @master to @v6

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@danieljoos danieljoos merged commit 1c00a9c into master Dec 8, 2025
10 checks passed
@danieljoos danieljoos deleted the danieljoos-fix-workflows branch December 8, 2025 11:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ericyan ericyan ericyan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@danieljoos @ericyan