Fix: Add explicit permissions to workflow (CodeQL security)

2026-02-07 12:11:53 +01:00 · 2025-12-08 10:40:17 +01:00 · 2025-12-08 10:40:17 +01:00 · 1c9a47ce63
commit 1c9a47ce63
parent ba364813ed
1 changed files with 6 additions and 0 deletions
--- a/.github/workflows/pester-tests.yml
+++ b/.github/workflows/pester-tests.yml
@ -7,6 +7,12 @@ on:
    branches: [ main ]
  workflow_dispatch:

+# Security: Explicit permissions (Principle of Least Privilege)
+permissions:
+  contents: read          # Required for checkout
+  checks: write           # Required for publish-unit-test-result-action
+  pull-requests: write    # Required for PR comments by test action
+
 jobs:
  test:
    runs-on: windows-latest