CodeQL flagged the workflow as missing an explicit permissions declaration (security/code-scanning/61). All jobs are read-only (checkout, install, build, test) — contents: read is sufficient. Matches the workflow-level pattern already used in coverage.yml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| ci.yml | ||
| coverage.yml | ||
| deploy-vps.yml | ||
| integration-tests.yml | ||
| onboarding-test.yml | ||
| security.yml | ||