Skip to content

merge develop into master #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jun 11, 2025
Merged

merge develop into master #18

merged 9 commits into from
Jun 11, 2025

Conversation

@tdejoigny-ledger
Copy link

@tdejoigny-ledger tdejoigny-ledger commented Jun 11, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 11, 2025
View reviewed changes
.github/workflows/guidelines_enforcer.yml
Comment on lines +22 to +23
name: Call Ledger guidelines_enforcer
uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 5 months ago

To fix the issue, add a permissions block to the workflow. This block should specify the least privileges required for the workflow to function correctly. Since the workflow calls a reusable workflow, it is likely that only contents: read permissions are needed to access the repository contents. If additional permissions are required (e.g., pull-requests: write), they should be added explicitly.

The permissions block can be added at the root level of the workflow to apply to all jobs or within the specific job (guidelines_enforcer) to limit permissions for that job only.

Suggested changeset 1
.github/workflows/guidelines_enforcer.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/guidelines_enforcer.yml b/.github/workflows/guidelines_enforcer.yml
--- a/.github/workflows/guidelines_enforcer.yml
+++ b/.github/workflows/guidelines_enforcer.yml
@@ -22,2 +22,4 @@
     name: Call Ledger guidelines_enforcer
+    permissions:
+      contents: read
     uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
EOF
@@ -22,2 +22,4 @@
name: Call Ledger guidelines_enforcer
permissions:
contents: read
uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
Copilot is powered by AI and may make mistakes. Always verify output.
@tdejoigny-ledger tdejoigny-ledger merged commit e4187a8 into master Jun 11, 2025
20 of 25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tdejoigny-ledger @sgliner-ledger @mruiz-ledger