mirror of
https://github.com/langchain-ai/langchain-milvus.git
synced 2026-07-01 19:54:58 -04:00
8a05638338
## Summary - Add top-level `permissions: contents: read` to 6 workflows that were missing explicit permission declarations (defaulting to overly broad token scopes) - Narrow the `permissions: write-all` on the `test-pypi-publish` job in `_release.yml` to `id-token: write`, which is all trusted PyPI publishing requires - `_codespell.yml` already had correct permissions and was left unchanged ## Test plan - [ ] Verify CI passes on this PR (lint, test, compile-integration-test workflows all only need read access) - [ ] Verify release workflow still works on next release (job-level `id-token: write` and `contents: write` are preserved where needed) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>