Skip to content
This repository was archived by the owner on Jun 8, 2026. It is now read-only.

Clarify permissions requirements for actions/upload-artifact@v6#367

Draft
OlivierBBB with Copilot wants to merge 10 commits into
mainfrom
copilot/sub-pr-366
Draft

Clarify permissions requirements for actions/upload-artifact@v6#367
OlivierBBB with Copilot wants to merge 10 commits into
mainfrom
copilot/sub-pr-366

Conversation

Copilot AI commented Feb 11, 2026

Copy link
Copy Markdown

Addressed review question about whether actions/upload-artifact@v6 requires actions: write permission in the workflow configuration.

Resolution

No code changes required. The automated review comment suggesting to add actions: write permission was incorrect:

  • actions/upload-artifact@v4+ uses a new backend API that does not require the actions permission scope
  • The GITHUB_TOKEN is automatically provided to actions even with restrictive permissions
  • Current configuration is correct: permissions: {} at workflow level with contents: read at job level

The workflow in .github/workflows/compile.yml follows security best practices with least-privilege permissions and will function correctly as-is.


💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@cla-assistant

cla-assistant Bot commented Feb 11, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@cla-assistant

cla-assistant Bot commented Feb 11, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Copilot AI changed the title [WIP] Address feedback on GH Actions and Dependabot improvements Clarify permissions requirements for actions/upload-artifact@v6 Feb 11, 2026
Copilot AI requested a review from OlivierBBB February 11, 2026 14:48
Base automatically changed from improvement-gh-actions-and-dependabot to main February 11, 2026 14:53
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants