Skip to content

Commit 481e2f6

Browse files
committed
ci: Add OIDC permissions and flake-checker-action
1 parent 57b22cc commit 481e2f6

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

.github/workflows/build.echo-graphql.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,28 +17,40 @@ on:
1717
jobs:
1818
check:
1919
runs-on: ubuntu-latest
20+
permissions:
21+
id-token: "write"
22+
contents: "read"
2023
steps:
2124
- uses: actions/checkout@v4
2225
- uses: DeterminateSystems/nix-installer-action@main
2326
- uses: DeterminateSystems/magic-nix-cache-action@main
27+
- uses: DeterminateSystems/flake-checker-action@main
2428
- run: nix develop -c just echo-graphql::lint
2529
- run: nix develop -c just echo-graphql::fmt
2630
- run: git diff --exit-code
2731

2832
test:
2933
needs: check
3034
runs-on: ubuntu-latest
35+
permissions:
36+
id-token: "write"
37+
contents: "read"
3138
steps:
3239
- uses: actions/checkout@v4
3340
- uses: DeterminateSystems/nix-installer-action@main
3441
- uses: DeterminateSystems/magic-nix-cache-action@main
42+
- uses: DeterminateSystems/flake-checker-action@main
3543
- run: nix develop -c just echo-graphql::test
3644

3745
build:
3846
needs: check
3947
runs-on: ubuntu-latest
48+
permissions:
49+
id-token: "write"
50+
contents: "read"
4051
steps:
4152
- uses: actions/checkout@v4
4253
- uses: DeterminateSystems/nix-installer-action@main
4354
- uses: DeterminateSystems/magic-nix-cache-action@main
55+
- uses: DeterminateSystems/flake-checker-action@main
4456
- run: nix develop -c just echo-graphql::build

0 commit comments

Comments
 (0)