Conversation
|
This PR is linked to a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket: AEA-0000 |
There was a problem hiding this comment.
Pull request overview
Updates the scheduled GitHub Actions workflow responsible for syncing shared Copilot instructions.
Changes:
- Bumps the pinned
NHSDigital/eps-copilot-instructionsaction SHA. - Removes the workflow-level
permissions: {}block.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -5,8 +5,6 @@ on: | |||
| schedule: | |||
| - cron: '0 6 * * 1' | |||
|
|
|||
There was a problem hiding this comment.
This workflow no longer defines workflow-level permissions: {}. In this repo, other workflows set permissions: {} at the top level (e.g. .github/workflows/ci.yml:5, pull_request.yml:6, release.yml:6) and then grant only the required permissions per-job. Keeping the workflow-level permissions explicitly locked down helps avoid accidentally inheriting broader default GITHUB_TOKEN permissions if additional jobs/steps are added later; consider restoring the top-level permissions: {} (or an explicitly minimal set) and relying on the existing job-level permissions overrides.
| permissions: {} |
Summary
Details