Copilot commented on code in PR #12830: URL: https://github.com/apache/cloudstack/pull/12830#discussion_r2944663349
########## .github/workflows/merge-conflict-checker.yml: ########## @@ -23,6 +23,7 @@ on: permissions: # added using https://github.com/step-security/secure-workflows contents: read + pull-requests: write Review Comment: `pull-requests: write` is now granted at the workflow level, but the only job already requests this permission via `jobs.triage.permissions`. Keeping it at the workflow level broadens the token scope for all jobs and also for `push` runs, which is more permissive than necessary. Consider removing the workflow-level `pull-requests: write` and keeping the permission scoped to the `triage` job only (or, if you prefer to manage permissions only at workflow scope, remove the job-level `permissions` block to avoid duplication/confusion). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
