ci: declare workflow-level contents: read on 6 workflows

[arpitjain099]

Pins the default GITHUB_TOKEN to contents: read on 6 workflows in .github/workflows/ that don't call a GitHub API beyond the initial checkout.

Why

CVE-2025-30066 (March 2025 tj-actions/changed-files supply-chain compromise) exfiltrated GITHUB_TOKEN from workflow logs. Pinning per workflow caps runtime authority irrespective of the repo or org default, gives drift protection if the default ever widens, and is credited per-file by the OpenSSF Scorecard Token-Permissions check.

YAML validated locally with yaml.safe_load on each touched file.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[greptile-apps]

Greptile Summary

This PR adds a workflow-level permissions: contents: read block to six GitHub Actions workflows that only require repository checkout, following OpenSSF Scorecard Token-Permissions guidance and hardening against supply-chain attacks like CVE-2025-30066.

• Six workflows receive an explicit permissions: contents: read declaration: ci-main.yml, ci-pull-request.yml, docker-build-arm.yml, integration-test-library-mode.yml, retriever-unit-tests.yml, and scheduled-nightly.yml.
• All six workflows were verified to only use GITHUB_TOKEN for actions/checkout, while artifact operations in child workflows use ACTIONS_RUNTIME_TOKEN (not GITHUB_TOKEN), so the narrowed scope does not break any job.

Confidence Score: 5/5

Safe to merge — the change is additive-only, adding least-privilege permission declarations that do not alter any job's runtime behavior.

Every workflow was verified against its full job graph: checkout uses only contents: read, artifact operations use ACTIONS_RUNTIME_TOKEN (unaffected by the permissions block), Docker pushes target an external NGC registry rather than GitHub Packages, and PyPI publishing authenticates via Artifactory secrets. No job silently depended on a broader default permission that this change removes.

No files require special attention. The most complex workflow, scheduled-nightly.yml, was verified end-to-end: its reusable publish chain uses ACTIONS_RUNTIME_TOKEN for artifact transfer and Artifactory credentials for package upload, so contents: read is fully sufficient.

Important Files Changed

Filename	Overview
.github/workflows/ci-main.yml	Adds workflow-level permissions: contents: read; only calls reusable workflows for pre-commit and Docker build/test, no GITHUB_TOKEN writes needed.
.github/workflows/ci-pull-request.yml	Adds workflow-level permissions: contents: read; PR number is read from event payload (not API), no status or PR-write permissions required.
.github/workflows/docker-build-arm.yml	Adds workflow-level permissions: contents: read; artifact upload uses ACTIONS_RUNTIME_TOKEN, not GITHUB_TOKEN, so the scope is correct.
.github/workflows/integration-test-library-mode.yml	Adds workflow-level permissions: contents: read; only does checkout and runs pytest against hosted NIMs — no GitHub API writes.
.github/workflows/retriever-unit-tests.yml	Adds workflow-level permissions: contents: read; checkout plus pytest only — correct scope.
.github/workflows/scheduled-nightly.yml	Adds workflow-level permissions: contents: read; Docker push targets external NGC registry (no packages: write needed), PyPI publish uses Artifactory credentials (not GITHUB_TOKEN), artifact transfers use ACTIONS_RUNTIME_TOKEN.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    subgraph Workflow Permissions After This PR
        A["ci-main.yml\npermissions: contents: read"] --> B["reusable-pre-commit.yml"]
        A --> C["reusable-docker-build-and-test.yml\n(artifact via ACTIONS_RUNTIME_TOKEN)"]
        D["ci-pull-request.yml\npermissions: contents: read"] --> B
        D --> C
        D --> E["inline jobs\n(checkout + pytest only)"]
        F["docker-build-arm.yml\npermissions: contents: read"] --> G["checkout + docker buildx\n(artifact upload via ACTIONS_RUNTIME_TOKEN)"]
        H["integration-test-library-mode.yml\npermissions: contents: read"] --> I["checkout + pytest\n(external NIM APIs)"]
        J["retriever-unit-tests.yml\npermissions: contents: read"] --> K["checkout + pytest"]
        L["scheduled-nightly.yml\npermissions: contents: read"] --> M["docker buildx push\n(NGC — no GITHUB_TOKEN)"]
        L --> N["reusable-pypi-build.yml"]
        N --> O["reusable-pypi-publish.yml\n(artifact via ACTIONS_RUNTIME_TOKEN;\nArtifactory via secrets)"]
    end
    style A fill:#d4edda
    style D fill:#d4edda
    style F fill:#d4edda
    style H fill:#d4edda
    style J fill:#d4edda
    style L fill:#d4edda

Loading

_{Reviews (3): Last reviewed commit: "ci: declare workflow-level contents: rea..." | Re-trigger Greptile}