Skip to content

Comments

add pull-requests: read permission to verify-dockerfile workflow#283

Merged
kernelsam merged 1 commit intomainfrom
add-pull-requests-read-permission
Feb 18, 2026
Merged

add pull-requests: read permission to verify-dockerfile workflow#283
kernelsam merged 1 commit intomainfrom
add-pull-requests-read-permission

Conversation

@kernelsam
Copy link
Contributor

@kernelsam kernelsam commented Feb 18, 2026

The verify-dockerfile-refreshed-at-updated reusable workflow needs pull-requests: read to function correctly with the callers permissions.

@kernelsam
add pull-requests: read permission to verify-dockerfile workflow
bf6631c 
The verify-dockerfile-refreshed-at-updated reusable workflow needs
pull-requests: read to function correctly with the callers permissions.
@kernelsam kernelsam requested a review from a team as a code owner February 18, 2026 18:49
@kernelsam kernelsam requested a review from docktermj February 18, 2026 18:49
@kernelsam kernelsam enabled auto-merge (squash) February 18, 2026 18:49
@github-actions
Copy link
Contributor

github-actions bot commented Feb 18, 2026

🤖 Claude Code Review

PR Code Review

Code Quality

Code style - Simple workflow file, no style violations.

No commented-out code - Clean file.

Meaningful variable names - N/A for this workflow file.

DRY principle - Delegates to a reusable workflow from senzing-factory/build-resources, which is the correct pattern.

No defects - The workflow is minimal and correct. Permissions follow least-privilege: contents: read and pull-requests: read at the job level, with permissions: {} at the top level (denying all by default).

CLAUDE.md review - No issues. The project config is general and environment-agnostic.

Testing

N/A - This is a CI workflow file, not application code. No unit/integration tests required.

Documentation

README - No update needed for a CI workflow addition.

API docs - N/A.

Inline comments - The workflow is self-explanatory; no comments needed.

⚠️ CHANGELOG.md - Not included in this diff. If this project maintains a changelog, adding a CI workflow entry may be expected. Low priority for infrastructure-only changes.

Markdown formatting - The YAML file is not a Markdown file. No CommonMark issues.

Security

No hardcoded credentials - None present.

Input validation - N/A for workflow.

Proper error handling - N/A for workflow; failure behavior is inherited from the reusable workflow.

No sensitive data in logs - N/A.

No license files - No .lic files or AQAAAD-prefixed strings present.

Summary: This is a clean, minimal addition of a reusable CI workflow. The permission model correctly uses least-privilege (permissions: {} globally, scoped permissions at the job level). No issues found. The only minor note is a potential CHANGELOG entry, which may or may not be required by project convention.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Contributor

github-actions bot commented Feb 18, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@docktermj docktermj self-assigned this Feb 18, 2026
@kernelsam kernelsam merged commit 4e13842 into main Feb 18, 2026
45 checks passed
@kernelsam kernelsam deleted the add-pull-requests-read-permission branch February 18, 2026 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@docktermj docktermj

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernelsam @docktermj