mirror of
https://github.com/ivuorinen/dotfiles.git
synced 2026-02-07 21:50:41 +00:00
Ismo Vuorinen
89aeb29c04
Replace read-all/write-all with minimum required permission scopes across all GitHub Actions workflows to follow the principle of least privilege (SonarCloud rule githubactions:S8234).
36 lines
867 B
YAML
36 lines
867 B
YAML
---
|
|
# $schema: "https://json.schemastore.org/github-workflow.json"
|
|
name: Debug Changelog # Workflow name displayed on GitHub
|
|
|
|
on:
|
|
workflow_dispatch: # Trigger manually
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
debug-changelog:
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Create changelog text
|
|
id: changelog
|
|
uses: loopwerk/tag-changelog@941366edb8920e2071eae0449031830984b9f26e # v1.3.0
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
config_file: .github/tag-changelog-config.js
|
|
|
|
- name: 'Echo results'
|
|
id: output-changelog
|
|
run: |
|
|
echo "${{ steps.changelog.outputs.changes }}"
|