From 5c20587cdf195f7f7b498bdf0e53f83237a33072 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alberto=20Cl=C3=A1udio=20Mandlate?=
 <alberto.mandlate@outlook.com>
Date: Thu, 16 Apr 2026 21:34:06 +0200
Subject: [PATCH 1/3] Potential fix for code scanning alert no. 1: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bab05c4..9c6dc4d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,9 @@ concurrency:
   group: ci-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   build-and-test:
     name: Build & Test

From a7987b26099e42fa547034b804d08f74047f1bda Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 16 Apr 2026 19:57:30 +0000
Subject: [PATCH 2/3] fix(ci): add actions write permission for artifact upload

Agent-Logs-Url: https://github.com/SimansoftMZ/BridgeBank/sessions/515b29be-e413-4608-953f-bb504600e0ac

Co-authored-by: albertomandlate <14326204+albertomandlate@users.noreply.github.com>
---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9c6dc4d..4487da3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,6 +12,7 @@ concurrency:
 
 permissions:
   contents: read
+  actions: write
 
 jobs:
   build-and-test:

From a4669ba514d8a57f46e693313383606c30cc7acd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 16 Apr 2026 20:03:36 +0000
Subject: [PATCH 3/3] fix(ci): scope actions write permission to build-and-test
 job

Agent-Logs-Url: https://github.com/SimansoftMZ/BridgeBank/sessions/70e32fe2-f68c-46bc-9c6b-43dfd95c1d8d

Co-authored-by: albertomandlate <14326204+albertomandlate@users.noreply.github.com>
---
 .github/workflows/ci.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4487da3..962976e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,12 +12,14 @@ concurrency:
 
 permissions:
   contents: read
-  actions: write
 
 jobs:
   build-and-test:
     name: Build & Test
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      actions: write
 
     steps:
       - name: Checkout