ivuorinen/base-configs-stylelint
1
0
Fork 0
mirror of https://github.com/ivuorinen/base-configs-stylelint.git synced 2026-03-02 07:54:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(ci): harden workflow permissions and use GITHUB_TOKEN for releases (#109)

Browse Source 
Replace overly broad top-level permissions (read-all) with empty
defaults and declare minimal job-level permissions. Switch publish
workflow from secrets.PAT to secrets.GITHUB_TOKEN so semantic-release
can comment on PRs and issues.
This commit is contained in:
Ismo Vuorinen
2026-02-28 10:08:15 +02:00
committed by GitHub
parent 49e85b8097
commit 9992182f9e
5 changed files with 8 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/publish.yml vendored
View File

@@ -6,7 +6,7 @@ on:
branches:
- main
permissions: read-all
permissions: {}
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -20,8 +20,6 @@ jobs:
statuses: write
contents: read
packages: read
issues: write
pull-requests: write
steps:
- name: Run PR Lint
@@ -72,5 +70,5 @@ jobs:
- name: Semantic Release
uses: cycjimmy/semantic-release-action@b12c8f6015dc215fe37bc154d4ad456dd3833c90 # v6.0.0
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}