[CI] Add workflow permissions for helm CI job #17727
Conversation
|
👋 Hi! Thank you for contributing to the vLLM project. 💬 Join our developer Slack at https://slack.vllm.ai to discuss your PR in #pr-reviews, coordinate on features in #feat- channels, or join special interest groups in #sig- channels. Just a reminder: PRs would not trigger full CI run by default. Instead, it would only run Once the PR is approved and ready to go, your PR reviewer(s) can run CI to test the changes comprehensively before merging. To run CI, PR reviewers can either: Add 🚀 |
russellb
changed the title
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Russell Bryant <rbryant@redhat.com>
github-actions
bot
added
the
ready
Signed-off-by: Russell Bryant <rbryant@redhat.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Yuqi Zhang <yuqizhang@google.com>
Signed-off-by: Russell Bryant <rbryant@redhat.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: minpeter <kali2005611@gmail.com>
Potential fix for https://github.com/vllm-project/vllm/security/code-scanning/24
To fix the issue, we will add a
permissionsblock at the root level of the workflow. This block will specify the minimum permissions required for the workflow to function correctly. Based on the workflow's operations, it primarily reads repository contents and does not appear to require write permissions. Therefore, we will setcontents: readas the default permission. If any specific steps require additional permissions, they can be added at the job level.Suggested fixes powered by Copilot Autofix. Review carefully before merging.