Commit 96ce380
committed
ci: reduce workflow-level permissions to least privilege
semantic-release uses the GitHub App token for all write operations,
so the workflow's default GITHUB_TOKEN only needs id-token (OIDC
provenance), packages (GitHub Packages publish), and contents read
(for the CI validation workflow to checkout the repository).1 parent 15ecb4c commit 96ce380
1 file changed
+2
-6
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
16 | | - | |
17 | | - | |
18 | | - | |
19 | | - | |
20 | | - | |
21 | | - | |
| 16 | + | |
| 17 | + | |
22 | 18 | | |
23 | 19 | | |
24 | 20 | | |
| |||
0 commit comments