From 48704c10b37edc008bc3f3ecc41bb6ae4dae49b2 Mon Sep 17 00:00:00 2001 From: Devlin Pajaron Date: Fri, 15 May 2026 16:51:06 +0800 Subject: [PATCH 1/4] Potential fix for code scanning alert no. 8: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/run-tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index 0abf7c3..853cb89 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -5,6 +5,9 @@ on: branches-ignore: - "main" +permissions: + contents: read + jobs: setup: name: Setup environment From c0089799c87310934bc97419563dcd874c9c9a1f Mon Sep 17 00:00:00 2001 From: Devlin Pajaron Date: Fri, 15 May 2026 16:51:54 +0800 Subject: [PATCH 2/4] Potential fix for code scanning alert no. 1: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/code-coverage.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/code-coverage.yml b/.github/workflows/code-coverage.yml index 4c6eba9..0e1faf2 100644 --- a/.github/workflows/code-coverage.yml +++ b/.github/workflows/code-coverage.yml @@ -2,6 +2,9 @@ name: Running code coverage on: [push] +permissions: + contents: read + jobs: setup: name: Setup environment From ae6e5ef4c0b03f0e7e41f11d4c9190b9e5e86851 Mon Sep 17 00:00:00 2001 From: Devlin Pajaron Date: Fri, 15 May 2026 16:53:14 +0800 Subject: [PATCH 3/4] Potential fix for code scanning alert no. 2: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/format-check-build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/format-check-build.yml b/.github/workflows/format-check-build.yml index 24079bc..d7d6877 100644 --- a/.github/workflows/format-check-build.yml +++ b/.github/workflows/format-check-build.yml @@ -5,6 +5,9 @@ on: branches-ignore: - "main" +permissions: + contents: read + jobs: setup: name: Setup environment From df269032e19ad68788e14c4e0eb7aa72b07e5820 Mon Sep 17 00:00:00 2001 From: Devlin Pajaron Date: Fri, 15 May 2026 16:56:34 +0800 Subject: [PATCH 4/4] Potential fix for code scanning alert no. 3: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/deploy-github-pages.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy-github-pages.yml b/.github/workflows/deploy-github-pages.yml index 4e1826a..d8f9aa4 100644 --- a/.github/workflows/deploy-github-pages.yml +++ b/.github/workflows/deploy-github-pages.yml @@ -5,6 +5,9 @@ on: branches: - main +permissions: + contents: read + jobs: setup: name: Setup environment @@ -19,6 +22,8 @@ jobs: name: Run documentation runs-on: ubuntu-latest needs: setup # Need to wait for setup + permissions: + contents: write steps: - uses: actions/checkout@v1 # Get last commit pushed