Skip to content

Fix private repository checkout by adding job-level permissions#104

Merged
fschuch merged 3 commits into
mainfrom
copilot/fix-ci-errors-github-actions
Feb 4, 2026
Merged

Fix private repository checkout by adding job-level permissions#104
fschuch merged 3 commits into
mainfrom
copilot/fix-ci-errors-github-actions

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Feb 4, 2026
edited
Loading

Private repositories fail CI because workflows declare permissions: {} at the top level, preventing actions/checkout from authenticating.

Changes

Added permissions: contents: read to jobs requiring repository checkout:

ci.yaml

  • qa job
  • test job
  • build job

check-links.yaml

  • check-links job

docs.yaml and update-pre-commits.yaml already had appropriate job-level permissions.

Example

jobs:
  qa:
    runs-on: ubuntu-latest
    permissions:
      contents: read  # Added
    steps:
      - uses: actions/checkout@v6.0.2
        with:
          persist-credentials: false

When top-level permissions are explicitly denied, job-level grants enable checkout actions to authenticate against private repositories without requiring explicit token parameters.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@fschuch
Add GITHUB_TOKEN to all checkout steps for private repo support
67b604f 
Co-authored-by: fschuch <37457501+fschuch@users.noreply.github.com>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Feb 4, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot AI changed the title [WIP] Fix CI errors for GitHub actions in private projects Add GITHUB_TOKEN to checkout steps for private repository support Feb 4, 2026
Copilot AI requested a review from fschuch February 4, 2026 18:42
@fschuch
Use job-level permissions instead of explicit tokens for private repos
93cbad4 
Co-authored-by: fschuch <37457501+fschuch@users.noreply.github.com>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Feb 4, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot AI changed the title Add GITHUB_TOKEN to checkout steps for private repository support Fix private repository checkout by adding job-level permissions Feb 4, 2026
@fschuch fschuch added the fixed label Feb 4, 2026
@fschuch fschuch marked this pull request as ready for review February 4, 2026 18:52
@fschuch fschuch merged commit 4e9c025 into main Feb 4, 2026
40 of 42 checks passed
@fschuch fschuch deleted the copilot/fix-ci-errors-github-actions branch February 4, 2026 18:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@fschuch fschuch fschuch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@fschuch fschuch

Copilot code review Copilot

Labels

fixed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fschuch