fix: add permissions block to pr-title-check workflow [INTEG-3360] / [ACT-2078] #10352
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mgoudy91
changed the title
mgoudy91
force-pushed
the
fix/workflow-permissions
branch
2 times, most recently
from
f604b65 to
60a8c1d
Compare
mgoudy91
force-pushed
the
fix/workflow-permissions
branch
from
d8cacad to
4170a69
Compare
primeinteger
approved these changes
Jan 7, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
This change addresses GitHub Actions security best practices by explicitly defining permissions for the PR title check workflow. GitHub has been moving towards requiring explicit permissions in workflows to follow the principle of least privilege and prevent potential security issues from overly permissive default token scopes.
Approach
Added a
permissionsblock to the.github/workflows/pr-title-check.ymlworkflow with minimal required permissions:contents: read- needed to read repository contentspull-requests: read- needed to read PR information for title validationThis follows GitHub's recommended security practices for Actions workflows. The permissions are scoped to the minimum necessary for the workflow to function, which helps prevent potential security vulnerabilities from token misuse.