admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

fix: only scope permissions to build job

Browse Source
This commit is contained in:
Sean Molenaar 2024-10-13 15:49:59 +02:00 committed by GitHub
parent 8eae9ee730
commit 78573231af
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/pkg-installer.yml vendored
View File

@ -11,10 +11,6 @@ on:
release: release:
types: types:
- published - published
permissions:
contents: read # for code access
attestations: write # for actions/attest-build-provenance
id-token: write # for actions/attest-build-provenance
env: env:
PKG_APPLE_DEVELOPER_TEAM_ID: ${{ secrets.PKG_APPLE_DEVELOPER_TEAM_ID }} PKG_APPLE_DEVELOPER_TEAM_ID: ${{ secrets.PKG_APPLE_DEVELOPER_TEAM_ID }}
HOMEBREW_NO_ANALYTICS_THIS_RUN: 1 HOMEBREW_NO_ANALYTICS_THIS_RUN: 1
@ -35,6 +31,10 @@ jobs:
TEMPORARY_KEYCHAIN_FILE: 'homebrew_installer_signing.keychain-db' TEMPORARY_KEYCHAIN_FILE: 'homebrew_installer_signing.keychain-db'
# Set to the oldest supported version of macOS # Set to the oldest supported version of macOS
HOMEBREW_MACOS_OLDEST_SUPPORTED: '13.0' HOMEBREW_MACOS_OLDEST_SUPPORTED: '13.0'
permissions:
contents: read # for code access
attestations: write # for actions/attest-build-provenance
id-token: write # for actions/attest-build-provenance
steps: steps:
- name: Remove existing API cache (to force update) - name: Remove existing API cache (to force update)
run: rm -rvf ~/Library/Caches/Homebrew/api run: rm -rvf ~/Library/Caches/Homebrew/api