File tree Expand file tree Collapse file tree 3 files changed +17
-0
lines changed Expand file tree Collapse file tree 3 files changed +17
-0
lines changed Original file line number Diff line number Diff line change 5
5
pull_request :
6
6
branches : ['**']
7
7
8
+ # Set minimal permissions by default
9
+ permissions :
10
+ contents : read
11
+
8
12
concurrency :
9
13
group : ${{ github.workflow }}-${{ github.ref }}
10
14
cancel-in-progress : ${{ !contains(github.ref, 'main')}}
Original file line number Diff line number Diff line change 8
8
branches : ['**']
9
9
paths : ['examples/**']
10
10
11
+ # Set minimal permissions by default
12
+ permissions :
13
+ contents : read
14
+
11
15
jobs :
12
16
test-example :
13
17
strategy :
Original file line number Diff line number Diff line change 8
8
branches : ['**']
9
9
paths : ['website/**']
10
10
11
+ # Set minimal permissions by default
12
+ permissions :
13
+ contents : read
14
+
11
15
concurrency :
12
16
group : ${{ github.workflow }}-${{ github.ref }}
13
17
cancel-in-progress : ${{ !contains(github.ref, 'main')}}
28
32
29
33
deploy :
30
34
name : Deploy to GitHub Pages
35
+ # Only run on push to main (trusted event) - secrets are safe here
31
36
if : github.ref == 'refs/heads/main'
32
37
runs-on : ubuntu-latest
38
+ permissions :
39
+ contents : read
40
+ pages : write
41
+ id-token : write
33
42
steps :
34
43
- name : Checkout
35
44
uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
You can’t perform that action at this time.
0 commit comments