Commit 1417470
Fix release tag push and pin actions by SHA (#335)
The release workflow's tag push was rejected by the tag ruleset because
actions/checkout persisted GITHUB_TOKEN credentials, which took precedence
over the dd-octo-sts token in the explicit push URL. Drop the persisted
credentials and downgrade contents permission to read.
Also pin actions/download-artifact and actions/setup-node by commit SHA.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 34c2138 commit 1417470
1 file changed
Lines changed: 7 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
25 | 25 | | |
26 | 26 | | |
27 | 27 | | |
28 | | - | |
| 28 | + | |
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
34 | 34 | | |
35 | 35 | | |
36 | | - | |
37 | | - | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
38 | 40 | | |
39 | 41 | | |
40 | 42 | | |
| |||
58 | 60 | | |
59 | 61 | | |
60 | 62 | | |
61 | | - | |
62 | | - | |
| 63 | + | |
| 64 | + | |
63 | 65 | | |
64 | 66 | | |
65 | 67 | | |
| |||
0 commit comments