Skip to content

Backport installer workflow permissions hardening to v4.1.0#7881

Open
Edd88-pixel wants to merge 1 commit into
coder:v4.1.0from
Edd88-pixel:backport/7865-installer-hardening-v4.1.0
Open

Backport installer workflow permissions hardening to v4.1.0#7881
Edd88-pixel wants to merge 1 commit into
coder:v4.1.0from
Edd88-pixel:backport/7865-installer-hardening-v4.1.0

Conversation

@Edd88-pixel

Copy link
Copy Markdown

Backports the minimal GitHub Actions hardening from main to v4.1.0 for .github/workflows/installer.yml only.

Related issue: #7865
Reference workflow: https://github.com/coder/code-server/blob/v4.1.0/.github/workflows/installer.yml

Validation:

  • git diff --check
  • actionlint on .github/workflows/installer.yml
  • zizmor on .github/workflows/installer.yml

Notes:

  • The change is limited to permissions: contents: read at workflow level.
  • The commit is signed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant