From 87a3b0ac488b3671789f039755cb55c492a0ac0b Mon Sep 17 00:00:00 2001 From: Dan Federman Date: Sun, 17 Aug 2025 20:06:40 -0700 Subject: [PATCH 1/5] Set permissions on checkout --- .github/workflows/ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 76b72335..d4552eb3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,6 +28,8 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo + permissions: + contents: read uses: actions/checkout@v4 - name: Bundle Install run: bundle install @@ -44,6 +46,8 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo + permissions: + contents: read uses: actions/checkout@v4 - name: Bundle Install run: bundle install @@ -57,6 +61,8 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo + permissions: + contents: read uses: actions/checkout@v4 - name: Bundle Install run: bundle install @@ -81,6 +87,8 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo + permissions: + contents: read uses: actions/checkout@v4 - name: Bundle Install run: bundle install @@ -93,6 +101,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo + permissions: + contents: read uses: actions/checkout@v4 - name: Link Checker uses: AlexanderDokuchaev/md-dead-link-check@v1.0.1 From cdd853695e51ec4ef74d870e436c6e4906afb41c Mon Sep 17 00:00:00 2001 From: Dan Federman Date: Sun, 17 Aug 2025 20:08:16 -0700 Subject: [PATCH 2/5] Explicit sha --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d4552eb3..af4b3fdc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,4 +105,4 @@ jobs: contents: read uses: actions/checkout@v4 - name: Link Checker - uses: AlexanderDokuchaev/md-dead-link-check@v1.0.1 + uses: AlexanderDokuchaev/md-dead-link-check@d5a37e0b14e5918605d22b34562532762ccb2e47 # v1.2.0 From cedec13ec937f8e5a9fe42bfca9f721df606b853 Mon Sep 17 00:00:00 2001 From: Dan Federman Date: Sun, 17 Aug 2025 20:10:46 -0700 Subject: [PATCH 3/5] correct permissions structure --- .github/workflows/ci.yml | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index af4b3fdc..51dac8b0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,8 +28,9 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo - permissions: - contents: read + with: + permissions: + contents: read uses: actions/checkout@v4 - name: Bundle Install run: bundle install @@ -46,8 +47,9 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo - permissions: - contents: read + with: + permissions: + contents: read uses: actions/checkout@v4 - name: Bundle Install run: bundle install @@ -61,8 +63,9 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo - permissions: - contents: read + with: + permissions: + contents: read uses: actions/checkout@v4 - name: Bundle Install run: bundle install @@ -87,8 +90,9 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo - permissions: - contents: read + with: + permissions: + contents: read uses: actions/checkout@v4 - name: Bundle Install run: bundle install @@ -101,8 +105,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - permissions: - contents: read + with: + permissions: + contents: read uses: actions/checkout@v4 - name: Link Checker uses: AlexanderDokuchaev/md-dead-link-check@d5a37e0b14e5918605d22b34562532762ccb2e47 # v1.2.0 From 16de971190a3d9f916ffcd0f6f3ec1ca13e37479 Mon Sep 17 00:00:00 2001 From: Dan Federman Date: Sun, 17 Aug 2025 20:11:54 -0700 Subject: [PATCH 4/5] checkout v5 --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 51dac8b0..f8d33849 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,10 +28,10 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo + uses: actions/checkout@v5 with: permissions: contents: read - uses: actions/checkout@v4 - name: Bundle Install run: bundle install - name: Select Xcode Version @@ -47,10 +47,10 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo + uses: actions/checkout@v5 with: permissions: contents: read - uses: actions/checkout@v4 - name: Bundle Install run: bundle install - name: Select Xcode Version @@ -63,10 +63,10 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo + uses: actions/checkout@v5 with: permissions: contents: read - uses: actions/checkout@v4 - name: Bundle Install run: bundle install - name: Select Xcode Version @@ -90,10 +90,10 @@ jobs: timeout-minutes: 30 steps: - name: Checkout Repo + uses: actions/checkout@v5 with: permissions: contents: read - uses: actions/checkout@v4 - name: Bundle Install run: bundle install - name: Select Xcode Version @@ -105,9 +105,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo + uses: actions/checkout@v5 with: permissions: contents: read - uses: actions/checkout@v4 - name: Link Checker uses: AlexanderDokuchaev/md-dead-link-check@d5a37e0b14e5918605d22b34562532762ccb2e47 # v1.2.0 From 402ed6de729cf45047ad0a22344bec0319ffa286 Mon Sep 17 00:00:00 2001 From: Dan Federman Date: Sun, 17 Aug 2025 20:17:53 -0700 Subject: [PATCH 5/5] move permissions --- .github/workflows/ci.yml | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f8d33849..0750bef7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,12 +26,11 @@ jobs: ] fail-fast: false timeout-minutes: 30 + permissions: + contents: read steps: - name: Checkout Repo uses: actions/checkout@v5 - with: - permissions: - contents: read - name: Bundle Install run: bundle install - name: Select Xcode Version @@ -45,12 +44,11 @@ jobs: name: Pod Lint runs-on: macOS-15 timeout-minutes: 30 + permissions: + contents: read steps: - name: Checkout Repo uses: actions/checkout@v5 - with: - permissions: - contents: read - name: Bundle Install run: bundle install - name: Select Xcode Version @@ -61,12 +59,11 @@ jobs: name: Carthage runs-on: macOS-15 timeout-minutes: 30 + permissions: + contents: read steps: - name: Checkout Repo uses: actions/checkout@v5 - with: - permissions: - contents: read - name: Bundle Install run: bundle install - name: Select Xcode Version @@ -88,12 +85,11 @@ jobs: ] fail-fast: false timeout-minutes: 30 + permissions: + contents: read steps: - name: Checkout Repo uses: actions/checkout@v5 - with: - permissions: - contents: read - name: Bundle Install run: bundle install - name: Select Xcode Version @@ -103,11 +99,10 @@ jobs: readme-validation: name: Check Markdown links runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout Repo uses: actions/checkout@v5 - with: - permissions: - contents: read - name: Link Checker uses: AlexanderDokuchaev/md-dead-link-check@d5a37e0b14e5918605d22b34562532762ccb2e47 # v1.2.0