github-actions[bot] commented on code in PR #63573:
URL: https://github.com/apache/doris/pull/63573#discussion_r3360811998
##########
.github/workflows/clang-format.yml:
##########
@@ -25,6 +25,10 @@ on:
workflow_dispatch:
issue_comment:
types: [ created ]
+
+permissions:
+ contents: read
Review Comment:
`dorny/paths-filter` determines changed files for
`pull_request`/`pull_request_target` events by reading PR file metadata with
the workflow token. Once this workflow-level block is added, every unspecified
permission becomes `none`, so the `Paths filter` step no longer has
`pull-requests: read` and PR clang-format checks can fail before deciding
whether BE/Cloud files changed. Please keep least privilege but grant PR read
access here as well.
```suggestion
contents: read
pull-requests: read
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
