From 8061dadcdab2c56ca254b88272b5527a5eb3384d Mon Sep 17 00:00:00 2001 From: github-actions Date: Wed, 11 Mar 2026 07:05:04 +0000 Subject: [PATCH 1/4] chore: Update action references --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index e68fdb4..d474a9d 100644 --- a/action.yml +++ b/action.yml @@ -20,7 +20,7 @@ runs: - name: Set Fortify data directory run: echo "FORTIFY_DATA_DIR=${{ runner.temp }}/fortify-data" >> $GITHUB_ENV shell: bash - - uses: fortify/github-action/setup@main + - uses: fortify/github-action/setup@mjain6/review-github-actions-vulnerabilities with: fcli: bootstrapped export-path: false From 88d1349e611fe4fc2d00f8a72f20e574d1d05246 Mon Sep 17 00:00:00 2001 From: mjain6 Date: Wed, 11 Mar 2026 12:37:47 +0530 Subject: [PATCH 2/4] Define permissions at job level instead of workflow level --- .github/workflows/publish.yml | 10 +++++++--- .github/workflows/update-repo-docs.yml | 2 ++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d00baa0..7629686 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,13 +1,14 @@ on: push: -permissions: - contents: write - pull-requests: write +permissions: read-all name: Publish release jobs: update-action-references: + permissions: + contents: write + pull-requests: write runs-on: ubuntu-latest steps: - name: Check-out source code @@ -29,6 +30,9 @@ jobs: release: if: github.ref == 'refs/heads/main' + permissions: + contents: write + pull-requests: write runs-on: ubuntu-latest needs: update-action-references steps: diff --git a/.github/workflows/update-repo-docs.yml b/.github/workflows/update-repo-docs.yml index 3706cb9..6549196 100644 --- a/.github/workflows/update-repo-docs.yml +++ b/.github/workflows/update-repo-docs.yml @@ -10,4 +10,6 @@ on: jobs: update-repo-docs: + permissions: + contents: write uses: fortify/shared-doc-resources/.github/workflows/update-repo-docs.yml@main \ No newline at end of file From 7904a1367356310a1310345a6a69705f891092e6 Mon Sep 17 00:00:00 2001 From: mjain6 Date: Wed, 11 Mar 2026 14:24:47 +0530 Subject: [PATCH 3/4] Revert action.yml to main branch version --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index d474a9d..e68fdb4 100644 --- a/action.yml +++ b/action.yml @@ -20,7 +20,7 @@ runs: - name: Set Fortify data directory run: echo "FORTIFY_DATA_DIR=${{ runner.temp }}/fortify-data" >> $GITHUB_ENV shell: bash - - uses: fortify/github-action/setup@mjain6/review-github-actions-vulnerabilities + - uses: fortify/github-action/setup@main with: fcli: bootstrapped export-path: false From d09afd765a90eb4f7946cf042cca524c6f9d8976 Mon Sep 17 00:00:00 2001 From: github-actions Date: Wed, 11 Mar 2026 08:55:08 +0000 Subject: [PATCH 4/4] chore: Update action references --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index e68fdb4..d474a9d 100644 --- a/action.yml +++ b/action.yml @@ -20,7 +20,7 @@ runs: - name: Set Fortify data directory run: echo "FORTIFY_DATA_DIR=${{ runner.temp }}/fortify-data" >> $GITHUB_ENV shell: bash - - uses: fortify/github-action/setup@main + - uses: fortify/github-action/setup@mjain6/review-github-actions-vulnerabilities with: fcli: bootstrapped export-path: false