Skip to content

chore: update CI workflow permissions to read-all and adjust job-specific permissions#1311

Merged
shm11C3 merged 3 commits into
developfrom
chore/update-ci-permission
Apr 2, 2026
Merged

chore: update CI workflow permissions to read-all and adjust job-specific permissions#1311
shm11C3 merged 3 commits into
developfrom
chore/update-ci-permission

Conversation

@shm11C3

@shm11C3 shm11C3 commented Apr 2, 2026

Copy link
Copy Markdown
Owner

Summary

Related Issues

Type of Change

  • Bug fix (fix/ branch)
  • New feature (feat/ branch)
  • Refactoring (refactor/ branch)
  • Documentation (docs/ branch)
  • Dependencies update
  • Other (chore/ branch)

Screenshots / Videos

Test Plan

  • Manual testing
  • Unit tests

Checklist

  • Self-reviewed the code
  • Linting and formatting pass (npm run lint && npm run format / cargo tauri-lint && cargo tauri-fmt)
  • Tests pass (npm test / cargo tauri-test)
  • No new warnings or errors

Copilot AI review requested due to automatic review settings April 2, 2026 15:26
@github-actions github-actions Bot added the github_actions Pull requests that update GitHub Actions code label Apr 2, 2026
@github-actions

github-actions Bot commented Apr 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 99.09% (🎯 60%) 990 / 999
🔵 Statements 98.87% (🎯 60%) 1051 / 1063
🔵 Functions 98.79% (🎯 60%) 245 / 248
🔵 Branches 93.96% (🎯 60%) 327 / 348
File CoverageNo changed files found.
Generated in workflow #2602 for commit a8975b7 by the Vitest Coverage Report Action

Copilot AI reviewed Apr 2, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR standardizes GitHub Actions GITHUB_TOKEN permissions across multiple workflows by setting a workflow-level default (permissions: read-all) and then using job-level permission blocks where elevated access (e.g., write) is required.

Changes:

  • Adds permissions: read-all at the workflow level across several CI/automation workflows.
  • Moves/keeps write permissions on specific jobs that need them (e.g., labeler, auto-merge, auto-update workflows).
  • Removes now-redundant per-job contents: read permissions in some workflows (notably ci.yml and perf-test.yml).

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 10 comments.

Show a summary per file
File Description
.github/workflows/publish.yml Adds workflow-level permissions: read-all above existing job permissions.
.github/workflows/pr-labeler.yml Sets workflow default to read-all and keeps job-level contents: read / pull-requests: write.
.github/workflows/perf-test.yml Adds workflow-level read-all, removes explicit job contents: read (notify job still has issues: write).
.github/workflows/claude.yml Adds workflow-level read-all while job keeps explicit scoped permissions including id-token: write.
.github/workflows/ci.yml Adds workflow-level read-all and removes many per-job contents: read blocks (some jobs still override).
.github/workflows/check-version.yml Adds workflow-level read-all, removes job-level explicit permissions.
.github/workflows/auto-update-tauri.yml Adds workflow-level read-all, adds job-level write permissions for update job.
.github/workflows/auto-update-safe-chain.yml Adds workflow-level read-all, adds job-level write permissions for update job.
.github/workflows/auto-update-npm.yml Adds workflow-level read-all, adds job-level write permissions for update job.
.github/workflows/auto-merge.yml Adds workflow-level read-all, adds job-level write permissions for auto-merge job.

Comment thread .github/workflows/ci.yml
Comment thread .github/workflows/perf-test.yml
Comment thread .github/workflows/check-version.yml
Comment thread .github/workflows/claude.yml
Comment thread .github/workflows/publish.yml
Comment thread .github/workflows/auto-merge.yml
Comment thread .github/workflows/auto-update-npm.yml
Comment thread .github/workflows/auto-update-tauri.yml
Comment thread .github/workflows/auto-update-safe-chain.yml
Comment thread .github/workflows/pr-labeler.yml
@github-actions

github-actions Bot commented Apr 2, 2026

Copy link
Copy Markdown
Contributor

Rust Backend Coverage Report

Coverage Details 
Filename                                         Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover    Branches   Missed Branches     Cover
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
_tests/commands/background_image_test.rs              39                 0   100.00%           6                 0   100.00%          21                 0   100.00%           0                 0         -
_tests/commands/settings_test.rs                     220                 0   100.00%          18                 0   100.00%         167                 0   100.00%           0                 0         -
commands/background_image.rs                          22                 7    68.18%          11                 5    54.55%          19                 7    63.16%           0                 0         -
commands/hardware.rs                                  65                65     0.00%          20                20     0.00%          65                65     0.00%           0                 0         -
commands/settings.rs                                 544               544     0.00%          97                97     0.00%         463               463     0.00%           0                 0         -
commands/system.rs                                     6                 6     0.00%           3                 3     0.00%           5                 5     0.00%           0                 0         -
commands/ui.rs                                        17                17     0.00%           2                 2     0.00%          13                13     0.00%           0                 0         -
commands/updater.rs                                   97                97     0.00%          15                15     0.00%          66                66     0.00%           0                 0         -
enums/error.rs                                       105                 0   100.00%           8                 0   100.00%          89                 0   100.00%           0                 0         -
enums/hardware.rs                                    188                 1    99.47%          15                 0   100.00%         114                 0   100.00%           0                 0         -
enums/settings.rs                                    415                 6    98.55%          24                 0   100.00%         279                 0   100.00%           0                 0         -
infrastructure/database/db.rs                         21                21     0.00%           2                 2     0.00%          12                12     0.00%           0                 0         -
infrastructure/database/gpu_archive.rs                49                49     0.00%           4                 4     0.00%          18                18     0.00%           0                 0         -
infrastructure/database/hardware_archive.rs           41                41     0.00%           4                 4     0.00%          21                21     0.00%           0                 0         -
infrastructure/database/migration.rs                   8                 8     0.00%           1                 1     0.00%          37                37     0.00%           0                 0         -
infrastructure/database/process_stats.rs              41                41     0.00%           4                 4     0.00%          29                29     0.00%           0                 0         -
infrastructure/providers/linux/dmidecode.rs          229                15    93.45%          16                 3    81.25%         319                14    95.61%           0                 0         -
infrastructure/providers/linux/drm_sys.rs            205               156    23.90%          21                14    33.33%         126                93    26.19%           0                 0         -
infrastructure/providers/linux/hwmon.rs              119                94    21.01%           8                 6    25.00%          68                56    17.65%           0                 0         -
infrastructure/providers/linux/kernel.rs             165                22    86.67%          19                 2    89.47%         161                 8    95.03%           0                 0         -
infrastructure/providers/linux/lspci.rs               79                16    79.75%           7                 1    85.71%          47                 8    82.98%           0                 0         -
infrastructure/providers/linux/net_sys.rs            171               171     0.00%          13                13     0.00%          93                93     0.00%           0                 0         -
infrastructure/providers/linux/procfs.rs             261                24    90.80%          25                 3    88.00%         222                19    91.44%           0                 0         -
infrastructure/providers/sysinfo_provider.rs          54                54     0.00%           2                 2     0.00%          45                45     0.00%           0                 0         -
lib.rs                                               209               209     0.00%           5                 5     0.00%         114               114     0.00%           0                 0         -
main.rs                                                3                 3     0.00%           1                 1     0.00%           3                 3     0.00%           0                 0         -
models/hardware.rs                                   133                 0   100.00%          11                 0   100.00%          83                 0   100.00%           0                 0         -
models/hardware_archive.rs                             3                 0   100.00%           1                 0   100.00%           7                 0   100.00%           0                 0         -
models/settings.rs                                   301                 0   100.00%          17                 0   100.00%         264                 0   100.00%           0                 0         -
platform/factory.rs                                   18                18     0.00%           4                 4     0.00%          15                15     0.00%           0                 0         -
platform/linux/cache.rs                               53                53     0.00%           4                 4     0.00%          38                38     0.00%           0                 0         -
platform/linux/gpu.rs                                143               143     0.00%          14                14     0.00%         105               105     0.00%           0                 0         -
platform/linux/memory.rs                              43                43     0.00%           6                 6     0.00%          41                41     0.00%           0                 0         -
platform/linux/mod.rs                                 34                34     0.00%          11                11     0.00%          70                70     0.00%           0                 0         -
platform/linux/network.rs                              4                 4     0.00%           1                 1     0.00%           4                 4     0.00%           0                 0         -
services/archive_service.rs                         1127               154    86.34%          90                15    83.33%         654               134    79.51%           0                 0         -
services/background_image_service.rs                 165                96    41.82%          16                10    37.50%          93                59    36.56%           0                 0         -
services/cpu_service.rs                               32                32     0.00%           4                 4     0.00%          15                15     0.00%           0                 0         -
services/gpu_service.rs                               37                37     0.00%          10                10     0.00%          31                31     0.00%           0                 0         -
services/hardware_service.rs                          67                67     0.00%           5                 5     0.00%          43                43     0.00%           0                 0         -
services/language_service.rs                         101                 0   100.00%          18                 0   100.00%          57                 0   100.00%           0                 0         -
services/memory_service.rs                            22                22     0.00%           4                 4     0.00%          15                15     0.00%           0                 0         -
services/monitoring_service.rs                       891               143    83.95%          62                16    74.19%         508                93    81.69%           0                 0         -
services/motherboard_service.rs                       10                10     0.00%           3                 3     0.00%           7                 7     0.00%           0                 0         -
services/network_service.rs                            9                 9     0.00%           1                 1     0.00%           7                 7     0.00%           0                 0         -
services/process_service.rs                           86                86     0.00%           5                 5     0.00%          50                50     0.00%           0                 0         -
services/settings_service.rs                         338               158    53.25%          34                16    52.94%         288               148    48.61%           0                 0         -
services/system_service.rs                            22                22     0.00%           2                 2     0.00%          12                12     0.00%           0                 0         -
services/ui_service.rs                                45                45     0.00%           8                 8     0.00%          36                36     0.00%           0                 0         -
utils/color.rs                                        66                 1    98.48%           4                 0   100.00%          26                 0   100.00%           0                 0         -
utils/file.rs                                        224                 5    97.77%          14                 0   100.00%         144                 4    97.22%           0                 0         -
utils/formatter.rs                                   195                 8    95.90%          16                 0   100.00%         160                12    92.50%           0                 0         -
utils/ip.rs                                           65                 0   100.00%           5                 0   100.00%          33                 0   100.00%           0                 0         -
utils/logger.rs                                       71                71     0.00%           1                 1     0.00%          38                38     0.00%           0                 0         -
utils/rounding.rs                                     68                 0   100.00%           7                 0   100.00%          41                 0   100.00%           0                 0         -
utils/tauri.rs                                       138                 0   100.00%          17                 0   100.00%          82                 0   100.00%           0                 0         -
workers/hardware_archive.rs                           52                52     0.00%           6                 6     0.00%          36                36     0.00%           0                 0         -
workers/mod.rs                                        24                24     0.00%           2                 2     0.00%          16                16     0.00%           0                 0         -
workers/system_monitor.rs                            151               151     0.00%          11                11     0.00%         106               106     0.00%           0                 0         -
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL                                               8111              3155    61.10%         765               366    52.16%        5741              2324    59.52%           0                 0         -

@shm11C3 shm11C3 merged commit 04533f4 into develop Apr 2, 2026
6 checks passed
@shm11C3 shm11C3 deleted the chore/update-ci-permission branch April 2, 2026 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shm11C3