mirror of
https://github.com/ivuorinen/base-configs-stylelint.git
synced 2026-03-02 02:54:25 +00:00
fix(ci): harden workflow permissions and use GITHUB_TOKEN for releases (#109)
Replace overly broad top-level permissions (read-all) with empty defaults and declare minimal job-level permissions. Switch publish workflow from secrets.PAT to secrets.GITHUB_TOKEN so semantic-release can comment on PRs and issues.
This commit is contained in:
GitHub
6
.github/workflows/stale.yml
vendored
6
.github/workflows/stale.yml
vendored
@@ -8,10 +8,7 @@ on:
|
||||
workflow_call:
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
packages: read
|
||||
statuses: read
|
||||
permissions: {}
|
||||
|
||||
jobs:
|
||||
stale:
|
||||
@@ -19,7 +16,6 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
permissions:
|
||||
contents: write # only for delete-branch option
|
||||
issues: write
|
||||
pull-requests: write
|
||||
steps:
|
||||
|
||||
Reference in New Issue
Block a user