From 6f5060d732504d46301e618ac3a12f930848ff61 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Thu, 14 May 2026 21:02:17 +0900 Subject: [PATCH] ci: declare empty permissions on hf-xet prerelease testing workflow (#843) The `hf-xet prerelease testing` workflow currently doesn't declare a `permissions:` block, so the workflow `GITHUB_TOKEN` falls back to the repository default. Every step in `trigger_rc_testing` authenticates via `TOKEN_HUGGINGFACE_HUB_AUTO_BY_XET` (a PAT scoped for the hf-hub auto-update flow): - the `actions/checkout` step pulls `huggingface/${{ matrix.target-repo }}` with `token: ${{ secrets.TOKEN_HUGGINGFACE_HUB_AUTO_BY_XET }}` - `git push` reuses the credentials persisted by checkout So the workflow's own `GITHUB_TOKEN` is unused. `permissions: {}` (workflow scope) pins that. Pattern matches the workflow-level permissions blocks already used in this repo. With it set: - the workflow token can't be widened by a future change to the repo default - the SLSA / OpenSSF Scorecard `Token-Permissions` check passes for this file - a hypothetical compromise of any third-party action reachable from this workflow (cf. `tj-actions/changed-files` CVE-2025-30066) has nothing to do with the workflow token Signed-off-by: Arpit Jain --- .github/workflows/pre-release-testing.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pre-release-testing.yml b/.github/workflows/pre-release-testing.yml index f9e72ea6..3817ac15 100644 --- a/.github/workflows/pre-release-testing.yml +++ b/.github/workflows/pre-release-testing.yml @@ -10,6 +10,9 @@ on: tag: description: "Tag to test (e.g., v1.0.3-rc2)" required: true + +permissions: {} + jobs: trigger_rc_testing: runs-on: ubuntu-latest