fix: move contents:write to job-level in release workflow by cuioss-oliver · Pull Request #152 · cuioss/cui-java-tools

cuioss-oliver · 2026-02-04T17:40:07Z

Summary

Move contents: write from top-level to job-level in release.yml
Follows OpenSSF Scorecard recommendation for least-privilege token permissions
Resolves TokenPermissionsID alert on release.yml

Safe because the reusable release workflow uses a GitHub App token for all write operations.

Move the contents: write permission from top-level to job-level per OpenSSF Scorecard recommendation for least-privilege token permissions. Co-Authored-By: Claude Opus 4.5 <[email protected]>

fix: move contents:write to job-level in release workflow

bd033ba

Move the contents: write permission from top-level to job-level per OpenSSF Scorecard recommendation for least-privilege token permissions. Co-Authored-By: Claude Opus 4.5 <[email protected]>

cuioss-oliver merged commit ba6ee3d into main Feb 4, 2026
7 checks passed

cuioss-oliver deleted the fix/release-caller-permissions branch February 4, 2026 17:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: move contents:write to job-level in release workflow#152

fix: move contents:write to job-level in release workflow#152
cuioss-oliver merged 1 commit intomainfrom
fix/release-caller-permissions

cuioss-oliver commented Feb 4, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

cuioss-oliver commented Feb 4, 2026

Summary

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant