Skip to content

Commit 4f7d7d1

Browse files
MervinPraisonMervinPraison
authored
Merge pull request #656 from MervinPraison/develop
Update Claude Code action to restrict package permissions and remove …
2 parents 85c4bac + 866920c commit 4f7d7d1

File tree

2 files changed

+40
-13
lines changed

2 files changed

+40
-13
lines changed

.github/workflows/build-image.yml

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
name: Build Claude Code Image
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
version:
7+
description: 'Image version tag'
8+
required: true
9+
default: 'latest'
10+
11+
jobs:
12+
build:
13+
runs-on: ubuntu-latest
14+
permissions:
15+
contents: read
16+
packages: write
17+
steps:
18+
- name: Checkout repository
19+
uses: actions/checkout@v4
20+
21+
- name: Set up Docker Buildx
22+
uses: docker/setup-buildx-action@v3
23+
24+
- name: Login to GitHub Container Registry
25+
uses: docker/login-action@v3
26+
with:
27+
registry: ghcr.io
28+
username: ${{ github.actor }}
29+
password: ${{ secrets.GITHUB_TOKEN }}
30+
31+
- name: Build and push Docker image
32+
uses: docker/build-push-action@v5
33+
with:
34+
context: ./.github/actions/claude-code-action
35+
push: true
36+
tags: ghcr.io/mervinpraison/praisonai-claudecode:${{ inputs.version }}
37+
cache-from: type=gha
38+
cache-to: type=gha,mode=max
39+
provenance: false

.github/workflows/claude.yml

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -23,32 +23,20 @@ jobs:
2323
pull-requests: read
2424
issues: read
2525
id-token: write
26-
packages: write
26+
packages: read
2727
steps:
2828
- name: Checkout repository
2929
uses: actions/checkout@v4
3030
with:
3131
fetch-depth: 1
3232

33-
- name: Set up Docker Buildx
34-
uses: docker/setup-buildx-action@v3
35-
3633
- name: Login to GitHub Container Registry
3734
uses: docker/login-action@v3
3835
with:
3936
registry: ghcr.io
4037
username: ${{ github.actor }}
4138
password: ${{ secrets.GITHUB_TOKEN }}
4239

43-
- name: Build and push Docker image
44-
uses: docker/build-push-action@v5
45-
with:
46-
context: ./.github/actions/claude-code-action
47-
push: true
48-
tags: ghcr.io/mervinpraison/praisonai-claudecode:latest
49-
cache-from: type=gha
50-
cache-to: type=gha,mode=max
51-
5240
- name: Run Claude Code
5341
id: claude
5442
uses: ./.github/actions/claude-code-action

0 commit comments

Comments
 (0)