security: add workflow-level permissions lock and disable bundler cache

Copilot · jkowalleck · Copilot · commit fd75af461c2e · 2025-11-05T13:53:55.000Z
Co-authored-by: jkowalleck &lt;2765863+jkowalleck@users.noreply.github.com&gt;
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,10 +1,14 @@
 name: Release
 
+run-name: Release ${{ github.ref_name }}
+
 on:
   push:
     tags:
       - 'v*'
 
+permissions: {}
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -18,7 +22,10 @@ jobs:
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: '3.3'
-        bundler-cache: true
+        bundler-cache: false
+    
+    - name: Install dependencies
+      run: bundle install --jobs 4 --retry 3
     
     - name: Extract version from tag
       id: version
@@ -92,7 +99,10 @@ jobs:
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: '3.3'
-        bundler-cache: true
+        bundler-cache: false
+    
+    - name: Install dependencies
+      run: bundle install --jobs 4 --retry 3
     
     - name: Check for RubyGems API key
       run: |
