Skip to content

Commit

Permalink
ci(cd): use granular job permissions over top-level
Browse files Browse the repository at this point in the history
  • Loading branch information
Fdawgs committed Jan 8, 2024
1 parent 820db1d commit e33f437
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions .github/workflows/cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,13 @@ on:
# Allows this workflow to be run manually from the Actions tab
workflow_dispatch:

permissions:
contents: write
id-token: write
packages: write
pull-requests: write

jobs:
release:
name: Create/Update Release Pull Request
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
outputs:
release_created: ${{ steps.release.outputs.release_created }}
steps:
Expand All @@ -37,6 +34,9 @@ jobs:
needs: release
if: needs.release.outputs.release_created == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Check out repo
uses: actions/checkout@v4
Expand All @@ -62,6 +62,9 @@ jobs:
needs: release
if: needs.release.outputs.release_created == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Check out repo
uses: actions/checkout@v4
Expand Down

0 comments on commit e33f437

Please sign in to comment.