Update workflow permissions in easy-cp.yml #178919
Merged
+3
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Changed permissions from 'write-all' to more granular 'contents: read' and 'pull-requests: write' for improved security and least privilege in the GitHub Actions workflow. The workflow uses FLUTTERACTIONSBOT_CP_TOKEN for all sensitive operations (removing labels, creating PRs, commenting), so the workflow's default GITHUB_TOKEN doesn't need extensive permissions
Contributor
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
zanderso
approved these changes
Nov 28, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
Nov 29, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
Nov 29, 2025
auto-submit bot
pushed a commit
to flutter/packages
that referenced
this pull request
Nov 29, 2025
flutter/flutter@022b155...2b5fa94 2025-11-29 engine-flutter-autoroll@skia.org Roll Fuchsia Linux SDK from 3mkBM9XuntkUl3G9l... to sY2ExxZc0A8bgMF11... (flutter/flutter#179233) 2025-11-29 engine-flutter-autoroll@skia.org Roll Dart SDK from 09b91afe9f4d to 56cc05dd11a8 (1 revision) (flutter/flutter#179231) 2025-11-28 bkonyi@google.com [ Tool ] Don't try to reattach when attach target disappears (flutter/flutter#179193) 2025-11-28 engine-flutter-autoroll@skia.org Roll Dart SDK from 4bd803e19d22 to 09b91afe9f4d (1 revision) (flutter/flutter#179222) 2025-11-28 bot@stepsecurity.io Fix GitHub Actions not pinned by hash (flutter/flutter#178917) 2025-11-28 6655696+guidezpl@users.noreply.github.com Update workflow permissions in easy-cp.yml (flutter/flutter#178919) 2025-11-28 engine-flutter-autoroll@skia.org Roll Packages from b505d41 to c8be05d (1 revision) (flutter/flutter#179218) 2025-11-28 engine-flutter-autoroll@skia.org Roll Dart SDK from 394606994711 to 4bd803e19d22 (1 revision) (flutter/flutter#179215) 2025-11-28 engine-flutter-autoroll@skia.org Roll Dart SDK from 74247cdd0f18 to 394606994711 (1 revision) (flutter/flutter#179205) 2025-11-28 engine-flutter-autoroll@skia.org Roll Fuchsia Linux SDK from _e9MNK4nfBOrERVP_... to 3mkBM9XuntkUl3G9l... (flutter/flutter#179203) 2025-11-28 engine-flutter-autoroll@skia.org Roll Dart SDK from 1e6edf8a8dab to 74247cdd0f18 (2 revisions) (flutter/flutter#179201) 2025-11-27 bkonyi@google.com [ Widget Preview ] Handle changes to unexpected pubspec.yaml files gracefully (flutter/flutter#179157) 2025-11-27 engine-flutter-autoroll@skia.org Roll Dart SDK from 1d8dc04bd1d7 to 1e6edf8a8dab (9 revisions) (flutter/flutter#179190) 2025-11-27 engine-flutter-autoroll@skia.org Roll Packages from 5d8d954 to b505d41 (4 revisions) (flutter/flutter#179188) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-packages Please CC bmparr@google.com,stuartmorgan@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Packages: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://issues.skia.org/issues/new?component=1389291&template=1850622 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
mboetger
pushed a commit
to mboetger/flutter
that referenced
this pull request
Dec 2, 2025
Changed permissions from 'write-all' to more granular 'contents: read' and 'pull-requests: write' for improved security and least privilege in the GitHub Actions workflow. The workflow uses FLUTTERACTIONSBOT_CP_TOKEN for all sensitive operations (removing labels, creating PRs, commenting), so the workflow's default GITHUB_TOKEN doesn't need extensive permissions
reidbaker
pushed a commit
to AbdeMohlbi/flutter
that referenced
this pull request
Dec 10, 2025
Changed permissions from 'write-all' to more granular 'contents: read' and 'pull-requests: write' for improved security and least privilege in the GitHub Actions workflow. The workflow uses FLUTTERACTIONSBOT_CP_TOKEN for all sensitive operations (removing labels, creating PRs, commenting), so the workflow's default GITHUB_TOKEN doesn't need extensive permissions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changed permissions from 'write-all' to more granular 'contents: read' and 'pull-requests: write' for improved security and least privilege in the GitHub Actions workflow.
The workflow uses FLUTTERACTIONSBOT_CP_TOKEN for all sensitive operations (removing labels, creating PRs, commenting), so the workflow's default GITHUB_TOKEN doesn't need extensive permissions