mirror of
https://github.com/bbernhard/signal-cli-rest-api.git
synced 2026-05-18 13:24:15 +00:00
Add empty permissions block at workflow level
Caps GITHUB_TOKEN's blast radius. None of these workflows need any
GitHub API write scope — they only push to Docker Hub — so the safest
default is permissions: {}, matching the posture used by AsamK/signal-cli.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Arne Huang
parent
419b18331d
commit
69457e8f81
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
@ -8,6 +8,8 @@ on:
|
|||||||
branches:
|
branches:
|
||||||
- '**' #every branch
|
- '**' #every branch
|
||||||
|
|
||||||
|
permissions: {}
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
setup:
|
setup:
|
||||||
runs-on: ubuntu-24.04
|
runs-on: ubuntu-24.04
|
||||||
|
|||||||
2
.github/workflows/release-dev-version.yml
vendored
2
.github/workflows/release-dev-version.yml
vendored
@ -7,6 +7,8 @@ on:
|
|||||||
description: 'Version'
|
description: 'Version'
|
||||||
required: true
|
required: true
|
||||||
|
|
||||||
|
permissions: {}
|
||||||
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
setup:
|
setup:
|
||||||
|
|||||||
@ -7,6 +7,8 @@ on:
|
|||||||
description: 'Version'
|
description: 'Version'
|
||||||
required: true
|
required: true
|
||||||
|
|
||||||
|
permissions: {}
|
||||||
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
setup:
|
setup:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user