diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2ea1902..19f8635 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,6 +6,9 @@ on: branches: - main +permissions: + contents: read + env: RUSTFLAGS: '-Dwarnings' @@ -86,4 +89,4 @@ jobs: run: cargo binstall -y sea-orm-cli - name: Test - run: cargo test --locked + run: cargo test --locked --release diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 1bfab0d..db6f1f8 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -3,6 +3,10 @@ name: Labels on: workflow_dispatch: +permissions: + contents: read + issues: write + jobs: sync-labels: name: Sync Labels diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 18ba2e6..d9b18b4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,6 +12,9 @@ on: - minor - major +permissions: + contents: write + jobs: release: name: Release diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml index 0615ff5..48d575b 100644 --- a/.github/workflows/website.yml +++ b/.github/workflows/website.yml @@ -5,6 +5,9 @@ on: branches: - main +permissions: + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: false @@ -13,6 +16,7 @@ jobs: book-test: name: Test Book runs-on: ubuntu-latest + steps: - uses: actions/checkout@v5 @@ -35,6 +39,7 @@ jobs: name: Build Book needs: book-test runs-on: ubuntu-latest + steps: - uses: actions/checkout@v5 with: @@ -71,10 +76,12 @@ jobs: needs: book-build if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest + permissions: contents: read pages: write id-token: write + steps: - uses: actions/checkout@v5 with: