Skip to content

ci(external-integration): pin contents: read on the workflow#4419

Queued
arpitjain099 wants to merge 2 commits into
Azure:mainfrom
arpitjain099:ci/add-permissions
Queued

ci(external-integration): pin contents: read on the workflow#4419
arpitjain099 wants to merge 2 commits into
Azure:mainfrom
arpitjain099:ci/add-permissions

Conversation

@arpitjain099
Copy link
Copy Markdown

@arpitjain099 arpitjain099 commented May 13, 2026

Adds a top-level permissions: contents: read block to external-integration.yml, the only workflow in this repo currently relying on the default GITHUB_TOKEN scope.

The workflow only runs on PRs labeled int:azure-specs (or via workflow_dispatch): it builds and packs the Azure TypeSpec packages, then runs the tsp-integration CLI against azure-rest-api-specs. None of those steps post comments, create releases, push refs, or call the GitHub API for writes, so the read-only scope is sufficient.

Matches the top-level permissions pattern already used in ci.yml and the other hardened workflows here. Validated locally with yaml.safe_load.

@arpitjain099
ci(external-integration): pin contents: read
a51a470 
The External Integration workflow checks out the PR head, packs the
TypeSpec Azure packages, and runs tsp-integration against
azure-rest-api-specs. None of those steps need write scopes on the
default GITHUB_TOKEN, so pinning to contents: read matches the
top-level permissions style already used in ci.yml and the other
hardened workflows in this repo.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 14, 2026

⚡ Benchmark Results

⚠️ 29 metric(s) regressed above the +5% threshold:

Metric Baseline Current Change
loader 🟢 154.4ms 🟢 165.6ms +7.3% 🔴
resolver 🟢 16.4ms 🟢 17.4ms +6.2% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/documentation-required 🟢 0.7ms 🟢 0.7ms +8.7% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/key-visibility-required 🟢 0.1ms 🟢 0.1ms +6.6% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/known-encoding 🟢 0.2ms 🟢 0.2ms +12.6% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/long-running-polling-operation-required 🟢 0.3ms 🟢 0.3ms +5.1% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-closed-literal-union 🟢 0.2ms 🟢 0.2ms +5.8% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-explicit-routes-resource-ops 🟢 0.1ms 🟢 0.1ms +9.4% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-generic-numeric 🟢 0.3ms 🟢 0.4ms +14.0% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-multiple-discriminator 🟢 0.1ms 🟢 0.1ms +17.8% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-nullable 🟢 0.2ms 🟢 0.2ms +11.4% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-response-body 🔴 22.7ms 🔴 23.9ms +5.2% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-rpc-path-params 🟢 0.2ms 🟢 0.2ms +13.2% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-string-discriminator 🟢 0.0ms 🟢 0.0ms +25.5% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-unknown 🟢 0.1ms 🟢 0.2ms +19.3% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-unnamed-union 🟢 0.3ms 🟢 0.3ms +8.6% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/operation-missing-api-version 🟢 0.1ms 🟢 0.1ms +14.1% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/request-body-problem 🟢 0.2ms 🟢 0.2ms +19.2% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/require-versioned 🟢 0.0ms 🟢 0.0ms +12.8% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-custom-resource-no-key 🟢 0.1ms 🟢 0.1ms +8.3% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-no-record 🟢 0.3ms 🟢 0.3ms +5.0% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-action-no-segment 🟢 0.2ms 🟢 0.2ms +5.0% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-duplicate-property 🟢 0.1ms 🟢 0.1ms +7.3% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-interface-requires-decorator 🟢 0.0ms 🟢 0.0ms +10.2% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-operation-response 🟢 4.7ms 🟢 5.0ms +5.9% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/lro-location-header 🟡 14.0ms 🟡 15.1ms +7.9% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/missing-operations-endpoint 🟢 0.0ms 🟢 0.0ms +6.6% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/missing-x-ms-identifiers 🟢 0.3ms 🟢 0.3ms +6.9% 🔴
 ↳ emit/@typespec/openapi3/write 🟢 13.6ms 🟢 14.7ms +7.7% 🔴
Full details – comparing 0e69ae5 vs baseline 1425f8e
Metric Baseline Current Change
total 🔴 780.3ms 🔴 794.7ms +1.8%
loader 🟢 154.4ms 🟢 165.6ms +7.3% 🔴
resolver 🟢 16.4ms 🟢 17.4ms +6.2% 🔴
checker 🟢 189.1ms 🟢 187.9ms -0.6%
validation 🟢 40.7ms 🟢 40.8ms +0.3%
 ↳ validation/@azure-tools/typespec-azure-core 🟢 6.1ms 🟢 6.3ms +2.3%
 ↳ validation/@typespec/http 🟢 5.6ms 🟢 5.5ms -2.7%
 ↳ validation/@typespec/rest 🟢 0.5ms 🟢 0.6ms +2.8%
 ↳ validation/@typespec/versioning 🔴 26.3ms 🔴 26.5ms +0.9%
 ↳ validation/compiler 🟢 1.4ms 🟢 1.4ms +2.4%
linter 🟢 130.3ms 🟢 133.8ms +2.7%
 ↳ linter/@azure-tools/typespec-azure-core/auth-required 🟢 0.0ms 🟢 0.0ms +1.5%
 ↳ linter/@azure-tools/typespec-azure-core/bad-record-type 🟢 0.2ms 🟢 0.2ms +1.4%
 ↳ linter/@azure-tools/typespec-azure-core/byos 🟢 5.5ms 🟢 5.6ms +2.2%
 ↳ linter/@azure-tools/typespec-azure-core/casing-style 🟢 0.5ms 🟢 0.6ms +3.8%
 ↳ linter/@azure-tools/typespec-azure-core/composition-over-inheritance 🟢 0.1ms 🟢 0.1ms -0.2%
 ↳ linter/@azure-tools/typespec-azure-core/documentation-required 🟢 0.7ms 🟢 0.7ms +8.7% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/friendly-name 🟢 0.7ms 🟢 0.6ms -18.5% 🟢
 ↳ linter/@azure-tools/typespec-azure-core/key-visibility-required 🟢 0.1ms 🟢 0.1ms +6.6% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/known-encoding 🟢 0.2ms 🟢 0.2ms +12.6% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/long-running-polling-operation-required 🟢 0.3ms 🟢 0.3ms +5.1% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-case-mismatch 🟢 0.2ms 🟢 0.2ms +3.6%
 ↳ linter/@azure-tools/typespec-azure-core/no-closed-literal-union 🟢 0.2ms 🟢 0.2ms +5.8% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-enum 🟢 0.0ms 🟢 0.0ms +0.9%
 ↳ linter/@azure-tools/typespec-azure-core/no-error-status-codes 🟢 0.1ms 🟢 0.1ms -2.1%
 ↳ linter/@azure-tools/typespec-azure-core/no-explicit-routes-resource-ops 🟢 0.1ms 🟢 0.1ms +9.4% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-format 🟢 0.4ms 🟢 0.4ms +4.1%
 ↳ linter/@azure-tools/typespec-azure-core/no-generic-numeric 🟢 0.3ms 🟢 0.4ms +14.0% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-header-explode 🟡 19.6ms 🟡 19.6ms -0.3%
 ↳ linter/@azure-tools/typespec-azure-core/no-legacy-usage 🟢 1.0ms 🟢 1.0ms +2.0%
 ↳ linter/@azure-tools/typespec-azure-core/no-multiple-discriminator 🟢 0.1ms 🟢 0.1ms +17.8% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-nullable 🟢 0.2ms 🟢 0.2ms +11.4% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-offsetdatetime 🟢 1.1ms 🟢 1.2ms +2.3%
 ↳ linter/@azure-tools/typespec-azure-core/no-openapi 🟢 1.6ms 🟢 1.7ms +2.5%
 ↳ linter/@azure-tools/typespec-azure-core/no-private-usage 🟢 1.6ms 🟢 1.7ms +0.7%
 ↳ linter/@azure-tools/typespec-azure-core/no-query-explode 🟡 19.6ms 🟡 19.8ms +0.9%
 ↳ linter/@azure-tools/typespec-azure-core/no-response-body 🔴 22.7ms 🔴 23.9ms +5.2% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-rest-library-interfaces 🟢 0.0ms 🟢 0.0ms -0.4%
 ↳ linter/@azure-tools/typespec-azure-core/no-route-parameter-name-mismatch 🟢 5.2ms 🟢 5.3ms +2.2%
 ↳ linter/@azure-tools/typespec-azure-core/no-rpc-path-params 🟢 0.2ms 🟢 0.2ms +13.2% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-string-discriminator 🟢 0.0ms 🟢 0.0ms +25.5% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-unknown 🟢 0.1ms 🟢 0.2ms +19.3% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/no-unnamed-union 🟢 0.3ms 🟢 0.3ms +8.6% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/operation-missing-api-version 🟢 0.1ms 🟢 0.1ms +14.1% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/request-body-problem 🟢 0.2ms 🟢 0.2ms +19.2% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/require-versioned 🟢 0.0ms 🟢 0.0ms +12.8% 🔴
 ↳ linter/@azure-tools/typespec-azure-core/response-schema-problem 🔴 21.7ms 🔴 22.5ms +3.9%
 ↳ linter/@azure-tools/typespec-azure-core/rpc-operation-request-body 🟢 0.3ms 🟢 0.3ms -2.9%
 ↳ linter/@azure-tools/typespec-azure-core/spread-discriminated-model 🟢 0.2ms 🟢 0.2ms +1.4%
 ↳ linter/@azure-tools/typespec-azure-core/use-standard-names 🟢 5.1ms 🟢 5.1ms +0.6%
 ↳ linter/@azure-tools/typespec-azure-core/use-standard-operations 🟢 0.1ms 🟢 0.1ms -0.1%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-common-types-version 🟢 4.2ms 🟢 4.3ms +3.5%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-custom-resource-no-key 🟢 0.1ms 🟢 0.1ms +8.3% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-custom-resource-usage-discourage 🟢 0.1ms 🟢 0.1ms -3.2%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-delete-operation-response-codes 🟢 5.5ms 🟢 5.5ms +1.2%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-no-path-casing-conflicts 🟢 4.7ms 🟢 4.9ms +4.0%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-no-record 🟢 0.3ms 🟢 0.3ms +5.0% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-post-operation-response-codes 🟢 0.5ms 🟢 0.5ms -0.4%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-put-operation-response-codes 🟢 0.0ms 🟢 0.0ms -8.2% 🟢
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-action-no-segment 🟢 0.2ms 🟢 0.2ms +5.0% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-duplicate-property 🟢 0.1ms 🟢 0.1ms +7.3% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-interface-requires-decorator 🟢 0.0ms 🟢 0.0ms +10.2% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-invalid-action-verb 🟢 0.1ms 🟢 0.1ms +3.5%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-invalid-envelope-property 🟢 0.1ms 🟢 0.1ms -0.0%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-invalid-version-format 🟢 0.0ms 🟢 0.0ms +2.4%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-key-invalid-chars 🟢 0.2ms 🟢 0.2ms -1.6%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-name-pattern 🟢 0.0ms 🟢 0.0ms -13.8% 🟢
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-operation 🟢 0.1ms 🟢 0.2ms +3.3%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-operation-response 🟢 4.7ms 🟢 5.0ms +5.9% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-patch 🟢 0.3ms 🟢 0.3ms +4.3%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-path-segment-invalid-chars 🟢 0.2ms 🟢 0.2ms -2.3%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state 🟢 0.1ms 🟢 0.1ms -0.8%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/beyond-nesting-levels 🟢 0.1ms 🟢 0.1ms +3.3%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/empty-updateable-properties 🟢 0.1ms 🟢 0.1ms -5.9% 🟢
 ↳ linter/@azure-tools/typespec-azure-resource-manager/improper-subscription-list-operation 🟢 0.0ms 🟢 0.0ms -12.3% 🟢
 ↳ linter/@azure-tools/typespec-azure-resource-manager/lro-location-header 🟡 14.0ms 🟡 15.1ms +7.9% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/missing-operations-endpoint 🟢 0.0ms 🟢 0.0ms +6.6% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/missing-x-ms-identifiers 🟢 0.3ms 🟢 0.3ms +6.9% 🔴
 ↳ linter/@azure-tools/typespec-azure-resource-manager/no-empty-model 🟢 0.1ms 🟢 0.1ms +0.1%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/no-resource-delete-operation 🟢 0.2ms 🟢 0.2ms +4.2%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/no-response-body 🔴 22.1ms 🔴 21.9ms -0.6%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/patch-envelope 🟢 0.1ms 🟢 0.1ms +3.9%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/resource-name 🟢 0.1ms 🟢 0.1ms +0.9%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/secret-prop 🟢 2.1ms 🟢 2.1ms +3.7%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/unsupported-type 🟢 0.4ms 🟢 0.4ms +4.3%
 ↳ linter/@azure-tools/typespec-azure-resource-manager/version-progression 🟢 0.0ms 🟢 0.0ms -8.1% 🟢
 ↳ linter/@azure-tools/typespec-client-generator-core/property-name-conflict 🟢 1.0ms 🟢 1.0ms +2.0%
 ↳ linter/@azure-tools/typespec-client-generator-core/require-client-suffix 🟢 0.2ms 🟢 0.2ms +1.2%
emit 🟡 245.6ms 🟡 244.0ms -0.7%
 ↳ emit/@azure-tools/typespec-autorest 🟢 154.1ms 🟢 153.0ms -0.7%
 ↳ emit/@typespec/openapi3 🟢 135.4ms 🟢 136.6ms +0.9%
 ↳ emit/@typespec/openapi3/compute 🟢 121.6ms 🟢 121.9ms +0.2%
 ↳ emit/@typespec/openapi3/write 🟢 13.6ms 🟢 14.7ms +7.7% 🔴

Averaged across 3 specs (azure-arm-resource-manager, azure-core-dataplane, azure-full).
Threshold: changes > ±5% are highlighted.
🟢 Fast · 🟡 Moderate (stages >200ms, rules >10ms) · 🔴 Slow (stages >400ms, rules >20ms)

@timotheeguerin timotheeguerin added this pull request to the merge queue May 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markcowl markcowl markcowl approved these changes

@mikeharder mikeharder mikeharder approved these changes

@bterlson bterlson Awaiting requested review from bterlson bterlson is a code owner

@timotheeguerin timotheeguerin Awaiting requested review from timotheeguerin timotheeguerin is a code owner

Assignees

No one assigned

Labels

eng

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arpitjain099 @markcowl @mikeharder