ivuorinen/base-configs-markdownlint
1
0
Fork 0
mirror of https://github.com/ivuorinen/base-configs-markdownlint.git synced 2026-03-03 05:54:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(ci): use GITHUB_TOKEN for semantic-release and harden workflow permissions

Browse Source 
Replace secrets.PAT with secrets.GITHUB_TOKEN in publish.yml so
semantic-release can comment on PRs/issues using the built-in token
scoped by job-level permissions.

Set top-level permissions to empty object across all workflows to
follow the principle of least privilege, relying on job-level
permissions blocks instead.
This commit is contained in:
Ismo Vuorinen
2026-02-27 22:50:05 +02:00
parent bed0d1ea5e
commit 9e10b3e2b2
5 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/codeql.yml vendored
View File

@@ -21,6 +21,8 @@ on:
schedule:
- cron: "22 8 * * 0"
permissions: {}
jobs:
analyze:
name: Analyze (${{ matrix.language }})