From 9b88908dd6ed440ab93c4adab9a49c09cf45e2d4 Mon Sep 17 00:00:00 2001 From: John Mertic Date: Wed, 15 Apr 2026 06:45:33 -0400 Subject: [PATCH 1/2] Add pull-requests permission to build workflow Signed-off-by: John Mertic --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 15d22c1..d172337 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,7 +16,8 @@ jobs: name: Build Landscape runs-on: ubuntu-latest permissions: - contents: write # Required to commit and push the built landscape data + contents: write + pull-requests: write steps: - name: Harden Runner uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 From 9b0a85f8d8240d9509a0a96b38931e8fe3449b58 Mon Sep 17 00:00:00 2001 From: John Mertic Date: Wed, 15 Apr 2026 07:37:56 -0400 Subject: [PATCH 2/2] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: John Mertic --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d172337..301091e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,8 +16,8 @@ jobs: name: Build Landscape runs-on: ubuntu-latest permissions: - contents: write - pull-requests: write + contents: write # Required to commit and push generated landscape updates back to the repository. + pull-requests: write # Required if the landscape tooling creates or updates pull requests for those generated changes. steps: - name: Harden Runner uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0