Merge branch 'main' into pip-keyring

imjasonh · web-flow · commit ade9a2b4257d · 2025-12-07T15:04:46.000-05:00
diff --git a/.github/workflows/auth.yaml b/.github/workflows/auth.yaml
@@ -0,0 +1,30 @@
+name: Test with auth
+
+on:
+  push:
+    branches:
+      - 'main'
+  pull_request_target:
+    branches:
+      - 'main'
+
+jobs:
+  test:
+    name: Test with auth
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write # Needed for auth
+
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: ./
+        with:
+          identity: ce2d1984a010471142503340d670612d63ffb9f6/d05d31ba65ec54d1
+      - run: chainctl auth status
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -8,6 +8,8 @@ on:
     branches:
       - 'main'
 
+permissions: {}
+
 jobs:
   test:
     name: Basic Test
@@ -23,6 +25,9 @@ jobs:
           - windows-latest
     runs-on: ${{ matrix.os }}
 
+    permissions:
+      contents: read
+
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
