ivuorinen/base-configs-browserslist
1
0
Fork 0
mirror of https://github.com/ivuorinen/base-configs-browserslist.git synced 2026-03-08 06:56:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: enforce least-privilege permissions in GitHub Actions workflows

Browse Source 
Set top-level `permissions: {}` on all workflows and move required
permissions to job level. Switch publish.yml from secrets.PAT to
secrets.GITHUB_TOKEN so semantic-release can comment on PRs/issues.
This commit is contained in:
Ismo Vuorinen
2026-02-27 23:03:55 +02:00
parent 757058ee7f
commit 1c861d1adc
6 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/publish.yml vendored
View File

@@ -6,7 +6,7 @@ on:
branches:
- main
permissions: read-all
permissions: {}
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -72,5 +72,5 @@ jobs:
- name: Semantic Release
uses: cycjimmy/semantic-release-action@b12c8f6015dc215fe37bc154d4ad456dd3833c90 # v6.0.0
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}