chore: add explicit permissions to GitHub Actions workflows (#3807)

Fixes code scanning alerts #1, #2, #3, #4
(actions/missing-workflow-permissions).

- retry-workflow.yml rerun job: actions: write (to rerun workflows)
- upload-to-r2.yml upload-to-r2 job: contents: read (to download releases)
- upload-to-r2.yml retry-on-failure job: actions: write (to trigger retry)
- release.yml upload-to-r2 job: contents: read, actions: write

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Huang Xin
2026-04-09 13:33:25 +08:00
committed by GitHub
parent e43e533aca
commit d7fd06ca82
3 changed files with 9 additions and 0 deletions
+3
View File
@@ -391,6 +391,9 @@ jobs:
upload-to-r2:
needs: [get-release, build-tauri]
permissions:
contents: read
actions: write
uses: ./.github/workflows/upload-to-r2.yml
with:
tag: ${{ needs.get-release.outputs.release_tag }}
+2
View File
@@ -8,6 +8,8 @@ on:
jobs:
rerun:
runs-on: ubuntu-latest
permissions:
actions: write
steps:
- name: rerun ${{ inputs.run_id }}
env:
+4
View File
@@ -17,6 +17,8 @@ on:
jobs:
upload-to-r2:
runs-on: ubuntu-latest
permissions:
contents: read
timeout-minutes: 3
strategy:
fail-fast: false
@@ -70,6 +72,8 @@ jobs:
if: failure() && fromJSON(github.run_attempt) < 3
needs: [upload-to-r2]
runs-on: ubuntu-latest
permissions:
actions: write
steps:
- env:
GH_REPO: ${{ github.repository }}