Request approval to fix SonarCloud workflow permission warnings #778
Description
Hi @derberg @fmvilas @magicmatatjahu ,
I noticed that the SonarCloud quality gate for this repository is currently
failing due to new security warnings related to GitHub Actions workflow
permissions.
SonarCloud reports the following issue on new code:
- “Move this write permission from workflow level to job level”
These warnings appear in non-centrally-managed workflow files
(e.g. if-nodejs-release.yml) and are marked as new issues affecting the
security rating.
I would like to work on fixing these warnings by:
- Moving
writepermissions from the workflow level to only the jobs
that actually require them - Making no functional or behavioral changes to the workflows
Before proceeding, I wanted to ask for confirmation that this change is
acceptable and aligns with the project’s contribution process.
Happy to submit a PR once approved.
Thanks!