CI security hardening: restrict permissions in AI issue detection workflows (#163068)

2026-03-21 03:03:17 +01:00 · 2026-02-15 16:33:23 +01:00
parent 8e1c6c2157
commit 07dcc2eae0
2 changed files with 8 additions and 6 deletions
--- a/.github/workflows/detect-duplicate-issues.yml
+++ b/.github/workflows/detect-duplicate-issues.yml
@@ -5,13 +5,14 @@ on:
  issues:
    types: [labeled]

-permissions:
-  issues: write
-  models: read
+permissions: {}

 jobs:
  detect-duplicates:
    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      models: read

    steps:
      - name: Check if integration label was added and extract details
--- a/.github/workflows/detect-non-english-issues.yml
+++ b/.github/workflows/detect-non-english-issues.yml
@@ -5,13 +5,14 @@ on:
  issues:
    types: [opened]

-permissions:
-  issues: write
-  models: read
+permissions: {}

 jobs:
  detect-language:
    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      models: read

    steps:
      - name: Check issue language