Update workflow permissions in easy-cp.yml #178919
Merged
+3
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Changed permissions from 'write-all' to more granular 'contents: read' and 'pull-requests: write' for improved security and least privilege in the GitHub Actions workflow. The workflow uses FLUTTERACTIONSBOT_CP_TOKEN for all sensitive operations (removing labels, creating PRs, commenting), so the workflow's default GITHUB_TOKEN doesn't need extensive permissions
Contributor
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
zanderso
approved these changes
Nov 28, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
Nov 29, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
Nov 29, 2025
auto-submit bot
pushed a commit
to flutter/packages
that referenced
this pull request
Nov 29, 2025
flutter/flutter@022b155...2b5fa94 2025-11-29 [email protected] Roll Fuchsia Linux SDK from 3mkBM9XuntkUl3G9l... to sY2ExxZc0A8bgMF11... (flutter/flutter#179233) 2025-11-29 [email protected] Roll Dart SDK from 09b91afe9f4d to 56cc05dd11a8 (1 revision) (flutter/flutter#179231) 2025-11-28 [email protected] [ Tool ] Don't try to reattach when attach target disappears (flutter/flutter#179193) 2025-11-28 [email protected] Roll Dart SDK from 4bd803e19d22 to 09b91afe9f4d (1 revision) (flutter/flutter#179222) 2025-11-28 [email protected] Fix GitHub Actions not pinned by hash (flutter/flutter#178917) 2025-11-28 [email protected] Update workflow permissions in easy-cp.yml (flutter/flutter#178919) 2025-11-28 [email protected] Roll Packages from b505d41 to c8be05d (1 revision) (flutter/flutter#179218) 2025-11-28 [email protected] Roll Dart SDK from 394606994711 to 4bd803e19d22 (1 revision) (flutter/flutter#179215) 2025-11-28 [email protected] Roll Dart SDK from 74247cdd0f18 to 394606994711 (1 revision) (flutter/flutter#179205) 2025-11-28 [email protected] Roll Fuchsia Linux SDK from _e9MNK4nfBOrERVP_... to 3mkBM9XuntkUl3G9l... (flutter/flutter#179203) 2025-11-28 [email protected] Roll Dart SDK from 1e6edf8a8dab to 74247cdd0f18 (2 revisions) (flutter/flutter#179201) 2025-11-27 [email protected] [ Widget Preview ] Handle changes to unexpected pubspec.yaml files gracefully (flutter/flutter#179157) 2025-11-27 [email protected] Roll Dart SDK from 1d8dc04bd1d7 to 1e6edf8a8dab (9 revisions) (flutter/flutter#179190) 2025-11-27 [email protected] Roll Packages from 5d8d954 to b505d41 (4 revisions) (flutter/flutter#179188) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-packages Please CC [email protected],[email protected] on the revert to ensure that a human is aware of the problem. To file a bug in Packages: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://issues.skia.org/issues/new?component=1389291&template=1850622 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
mboetger
pushed a commit
to mboetger/flutter
that referenced
this pull request
Dec 2, 2025
Changed permissions from 'write-all' to more granular 'contents: read' and 'pull-requests: write' for improved security and least privilege in the GitHub Actions workflow. The workflow uses FLUTTERACTIONSBOT_CP_TOKEN for all sensitive operations (removing labels, creating PRs, commenting), so the workflow's default GITHUB_TOKEN doesn't need extensive permissions
reidbaker
pushed a commit
to AbdeMohlbi/flutter
that referenced
this pull request
Dec 10, 2025
Changed permissions from 'write-all' to more granular 'contents: read' and 'pull-requests: write' for improved security and least privilege in the GitHub Actions workflow. The workflow uses FLUTTERACTIONSBOT_CP_TOKEN for all sensitive operations (removing labels, creating PRs, commenting), so the workflow's default GITHUB_TOKEN doesn't need extensive permissions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changed permissions from 'write-all' to more granular 'contents: read' and 'pull-requests: write' for improved security and least privilege in the GitHub Actions workflow.
The workflow uses FLUTTERACTIONSBOT_CP_TOKEN for all sensitive operations (removing labels, creating PRs, commenting), so the workflow's default GITHUB_TOKEN doesn't need extensive permissions