Skip to content

ci: add concurrency and permissions to opencode-review workflow#238

Merged
zhensherlock merged 1 commit into
mainfrom
dev
Mar 3, 2026
Merged

ci: add concurrency and permissions to opencode-review workflow#238
zhensherlock merged 1 commit into
mainfrom
dev

Conversation

@zhensherlock
Copy link
Copy Markdown
Owner

@zhensherlock zhensherlock commented Mar 3, 2026

No description provided.

@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 3, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
vue-devtools-unlocker Building Building Preview, Comment Mar 3, 2026 3:04am

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 3, 2026

Code Review: opencode-review.yml

Summary

The PR adds concurrency settings and a permissions block to the GitHub Actions workflow. Overall the changes are reasonable, but there are some issues.

Issues Found

  1. Unnecessary id-token: write permission (line 20)

    • This permission allows minting OIDC tokens for cloud provider authentication
    • Not needed for a code review workflow and is a security risk
    • Recommendation: Remove this permission

  2. Potentially unnecessary actions: read permission (line 22)

    • The workflow doesn't appear to read action workflow information
    • Recommendation: Remove if not used

  3. Potentially unnecessary issues: write permission (line 24)

    • The review prompt focuses on pull requests, not issues
    • Recommendation: Remove if the opencode tool doesn't write to issues

Suggested Fix

Replace the permissions block with a more minimal set:

permissions:
  contents: read
  pull-requests: write

Positive Changes

  • ✅ Concurrency settings (lines 7-9) are well-configured
  • cancel-in-progress: true prevents wasted CI resources
  • timeout-minutes: 10 prevents runaway workflows
  • persist-credentials: false is good security practice
  • ✅ Author association filter is appropriate

New%20session%20-%202026-03-03T03%3A05%3A15.799Z
opencode session  |  github run

@zhensherlock zhensherlock merged commit ee6df9a into main Mar 3, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zhensherlock