Specified default permissions for move-closed-issues.yaml

[egcuriel]

Fixes #8584

What changes did you make?

• Added a top-level permissions: block to the .github/workflows/move-closed-issues.yaml file
• Set the default contents permission to read

Why did you make the changes (we will use this info to test)?

• To align the workflow with GitHub security recommendations by explicitly defining minimum required permissions
• To minimize unnecessary privileges by restricting default repository access

CodeQL Alerts

After the PR has been submitted and the resulting GitHub actions/checks have been completed, developers should check the PR for CodeQL alert annotations.

Check the PR's comments. If present on your PR, the CodeQL alert looks similar as shown

Please let us know that you have checked for CodeQL alerts. Please do not dismiss alerts.

• I have checked this PR for CodeQL alerts and none were found.
• I found CodeQL alert(s), and (select one):
  • I have resolved the CodeQL alert(s) as noted
  • I believe the CodeQL alert(s) is a false positive (Merge Team will evaluate)
  • I have followed the Instructions below, but I am still stuck (Merge Team will evaluate)

Instructions for resolving CodeQL alerts

If CodeQL alert/annotations appear, refer to How to Resolve CodeQL alerts.

In general, CodeQL alerts should be resolved prior to PR reviews and merging

Screenshots of Proposed Changes To The Website (if any, please do not include screenshots of code changes)

• No visual changes

Test Log

• https://gist.github.com/egcuriel/edf606ea59d592e1bbca42756076fa70

[github-actions]

Want to review this pull request? Take a look at this documentation for a step by step guide!

---

From your project repository, check out a new branch and test the changes.

git checkout -b egcuriel-8584-specify-default-permissions gh-pages
git pull https://github.com/egcuriel/website.git 8584-specify-default-permissions

[sushma110396]

ETA: 06/10 EOD
Availability: Weekdays after 6PM PST

[sushma110396]

Verified the change locally. Simulated the workflow using act.

What works well:
Branch name is correct
Code change is correct
The testing details provided clearly show the job ran successfully and verifies the fix.
The issue has been linked
Codeql alerts have been checked off

PR looks good to me. Approved!

Suggestions
Just a small reminder to update the status of the issue to in progress from prioritized backlog.

[egcuriel]

Verified the change locally. Simulated the workflow using act.

What works well: Branch name is correct Code change is correct The testing details provided clearly show the job ran successfully and verifies the fix. The issue has been linked Codeql alerts have been checked off

PR looks good to me. Approved!

Suggestions Just a small reminder to update the status of the issue to in progress from prioritized backlog.

Hi @sushma110396!
Ah yes! Thank you for reminding me

[castillios]

Review ETA : Monday 6/15 EOD
Availability: Monday 6/15 afternoons and evenings, 6/17-6/19 before 7PM

[castillios]

Hi @egcuriel,

I tested the workflow locally by using act and it looks good to me!

Sorry it took so long, I'm used to testing GHA on my fork rather than on the CLI so I initially ran into some permission errors (an issue on my front with testing setup, not yours!), so it was otherwise a good learning experience.

As for everything else, the branch name looks good and is linked correctly, CodeQL alerts and issue action items have been checked off, and testing logs have been included. The project status on the issue needs to be updated, but this was already mentioned in an earlier review!

Thanks for your work, PR has been approved :)