Skip to content

Commit d3fc8ef

Browse files
committed
ci: improve security of release.yml
1 parent 40e4a24 commit d3fc8ef

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

.github/workflows/release.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ on:
66
# x.y.z version format
77
- "[0-9]+.[0-9]+.[0-9]+*"
88

9+
permissions:
10+
contents: write
11+
912
env:
1013
CARGO_TERM_COLOR: always
1114

@@ -15,6 +18,8 @@ jobs:
1518
runs-on: ubuntu-24.04
1619
steps:
1720
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
21+
with:
22+
persist-credentials: false
1823

1924
- name: Get the release version from the tag
2025
run: |
@@ -68,6 +73,8 @@ jobs:
6873
use-cross: false
6974
steps:
7075
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
76+
with:
77+
persist-credentials: false
7178

7279
- name: Get the release version from the tag
7380
shell: bash

0 commit comments

Comments
 (0)