Merge d86d1a437e into 85e6279cec

Adjust positioning of user email note and permissions heading (#2044 )
Documentation update - add recommended permissions to Readme (#2043 )
2025-10-31 22:08:09 +08:00 · 2025-02-01 11:08:58 +00:00 · 2025-01-16 15:56:18 -05:00 · 2025-01-16 14:14:48 -05:00 · 2024-01-16 08:51:56 +13:00 · 2022-12-13 11:16:31 +13:00
4 changed files with 16 additions and 4 deletions
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@@ -17,4 +17,4 @@ jobs:
        uses: actions/checkout@v4
      - name: Publish
        id: publish
-        uses: actions/publish-immutable-action@v0.0.4
+        uses: actions/publish-immutable-action@0.0.3
--- a/.github/workflows/update-main-version.yml
+++ b/.github/workflows/update-main-version.yml
@@ -18,6 +18,9 @@ on:
 jobs:
  tag:
    runs-on: ubuntu-latest
+    env:
+      TARGET: ${{ github.event.inputs.target }}
+      MAIN_VERSION: ${{ github.event.inputs.major_version }}
    steps:
    # Note this update workflow can also be used as a rollback tool.
    # For that reason, it's best to pin `actions/checkout` to a known, stable version
@@ -30,6 +33,6 @@ jobs:
        git config user.name "github-actions[bot]"
        git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
    - name: Tag new target
-      run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}
+      run: git tag -f "$MAIN_VERSION" "$TARGET"
    - name: Push new tag
-      run: git push origin ${{ github.event.inputs.major_version }} --force
+      run: git push origin "$MAIN_VERSION" --force
--- a/.github/workflows/update-test-ubuntu-git.yml
+++ b/.github/workflows/update-test-ubuntu-git.yml
@@ -48,7 +48,7 @@ jobs:

      # Use `docker/build-push-action` to build (and optionally publish) the image. 
      - name: Build Docker Image (with optional Push)
-        uses: docker/build-push-action@v6.10.0
+        uses: docker/build-push-action@v6.5.0
        with:
          context: .
          file: images/test-ubuntu-git.Dockerfile
--- a/README.md
+++ b/README.md
@@ -311,8 +311,17 @@ jobs:
          git commit -m "generated"
          git push
 ```
+
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D

+# Recommended permissions
+
+When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
+
+```yaml
+permissions:
+  contents: read
+```

 # License
Author	SHA1	Message	Date
Y. Meyer-Norwood	2935e05d5e	Merge `d86d1a437e` into `85e6279cec`	2025-02-01 11:08:58 +00:00
Josh Gross	85e6279cec	Adjust positioning of user email note and permissions heading (#2044 )	2025-01-16 15:56:18 -05:00
Ben Wells	009b9ae9e4	Documentation update - add recommended permissions to Readme (#2043 ) * Update README.md * Update README.md Co-authored-by: Josh Gross <joshmgross@github.com> --------- Co-authored-by: Josh Gross <joshmgross@github.com>	2025-01-16 14:14:48 -05:00
Y. Meyer-Norwood	d86d1a437e	Merge branch 'main' into patch-1	2024-01-16 08:51:56 +13:00
Y. Meyer-Norwood	fe77b196f4	Prevent Script Injection Attack The user provided inputs here are vulnerable to script injection. This PR uses an intermediary environment variable to treat the input as a string, rather than as part of the command. See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable	2022-12-13 11:16:31 +13:00