granular perms / release

"only required permissions for the action specified (which is contents: write)" - https://github.com/ncipollo/release-action?tab=readme-ov-file#notes
2025-03-28 12:54:15 +05:30
parent 0e4fa1ad4c
commit 875a747e24
5 changed files with 16 additions and 1 deletions
--- a/.github/workflows/auth-internal-release.yml
+++ b/.github/workflows/auth-internal-release.yml
@@ -6,6 +6,9 @@ on:
 env:
    FLUTTER_VERSION: "3.24.3"

+permissions:
+    contents: write
+
 jobs:
    build:
        runs-on: ubuntu-latest
--- a/.github/workflows/auth-release.yml
+++ b/.github/workflows/auth-release.yml
@@ -31,6 +31,9 @@ on:
 env:
    FLUTTER_VERSION: "3.24.3"

+permissions:
+    contents: write
+
 jobs:
    build-linux-latest:
        runs-on: ubuntu-latest
--- a/.github/workflows/mobile-internal-release.yml
+++ b/.github/workflows/mobile-internal-release.yml
@@ -6,6 +6,9 @@ on:
 env:
    FLUTTER_VERSION: "3.24.3"

+permissions:
+    contents: write
+
 jobs:
    build:
        runs-on: ubuntu-latest
@@ -54,7 +57,7 @@ jobs:
                  packageName: io.ente.photos
                  releaseFiles: mobile/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
                  track: internal
-            
+
            - name: Notify Discord
              uses: sarisia/actions-status-discord@v1
              with:
--- a/.github/workflows/mobile-release.yml
+++ b/.github/workflows/mobile-release.yml
@@ -11,6 +11,9 @@ on:
 env:
    FLUTTER_VERSION: "3.24.3"

+permissions:
+    contents: write
+
 jobs:
    build:
        runs-on: ubuntu-latest
--- a/desktop/.github/workflows/desktop-release.yml
+++ b/desktop/.github/workflows/desktop-release.yml
@@ -22,6 +22,9 @@ on:
        tags:
            - "v[0-9]+.[0-9]+.[0-9]+"

+permissions:
+    contents: write
+
 jobs:
    release:
        runs-on: ${{ matrix.os }}