Skip to content

Add 'contents: read' to workflow permissions to increase the OpenSSF scorecard of the repo #1880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add 'contents: read' to workflow permissions to increase the OpenSSF scorecard of the repo #1880

wants to merge 1 commit into from

Conversation

@pavlofilatov1
Copy link

@pavlofilatov1 pavlofilatov1 commented Nov 14, 2025
edited
Loading

Proposed Changes

These changes are being introduced to increase the repository's score that is calculated by the OpenSSF Scorecard (GitHub repo) tool.

This Pull Request updates the top-level permissions configuration within repo's GitHub workflows. It sets the default contents permission to read for the workflow token. The changes were done according to the recommendations from Scorecard regarding the token permissions and the discussion of this repository.

Types of Changes

Marked it as Other, but it is not the best choice. I would appreciate a recommendation regarding the right type.

  • Bug fix (non-breaking change which fixes issue #NNNN)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause an observable behavior change in existing systems)
  • Documentation improvements (corrections, new content, etc)
  • Cosmetic change (whitespace, formatting, etc)
  • Other

Checklist

  • I have read the CONTRIBUTING.md document
  • I have signed the CA (see https://cla.pivotal.io/sign/rabbitmq)
  • All tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • Any dependent changes have been merged and published in related repositories

@pavlofilatov1
Workflow permissions were updated. 'contents: read' was added on top …
7e2b51d 
…level for all main workflows of the repository.
@lukebakken lukebakken self-assigned this Nov 14, 2025
@lukebakken lukebakken self-requested a review November 14, 2025 17:29
@lukebakken lukebakken added this to the 7.2.1 milestone Nov 14, 2025
@lukebakken
Copy link
Collaborator

lukebakken commented Nov 14, 2025

@pavlofilatov1 thanks. Ping me when this is ready for review.

@michaelklishin michaelklishin changed the title Workflow permissions were updated. 'contents: read' was added on top … Add 'contents: read' to workflow permissions to increase the OpenSSF scorecard for the repo Nov 14, 2025
@michaelklishin michaelklishin changed the title Add 'contents: read' to workflow permissions to increase the OpenSSF scorecard for the repo Add 'contents: read' to workflow permissions to increase the OpenSSF scorecard of the repo Nov 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lukebakken lukebakken Awaiting requested review from lukebakken

At least 1 approving review is required to merge this pull request.

Assignees

@lukebakken lukebakken

Labels

None yet

Projects

None yet

Milestone

7.2.1

Development

Successfully merging this pull request may close these issues.

2 participants

@pavlofilatov1 @lukebakken