Make the publish action work like Okio's #9202
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: macos-15 | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v5 | ||
| - uses: actions/setup-java@v5 | ||
| with: | ||
| distribution: 'zulu' | ||
| java-version-file: .github/workflows/.java-version | ||
|
|
||
| - run: ./gradlew publish | ||
| env: | ||
| ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_CENTRAL_USERNAME }} | ||
| ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_CENTRAL_PASSWORD }} | ||
| ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SECRET_KEY }} | ||
| ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SECRET_PASSPHRASE }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
To fix the problem, add a permissions block specifying the minimum necessary privileges for the workflow. In most publish workflows, unless you are using actions that write to issues, pull requests, or deployments, you typically only need read access to the repository contents. Place the following block after the name and before any jobs or steps:
permissions:
contents: readIf future workflow changes require more privileges (e.g. writing releases or deployments), adjust accordingly.
Edit the .github/workflows/publish.yml file and insert the permissions block after the name: publish line and before the on: line.
| @@ -1,4 +1,6 @@ | ||
| name: publish | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| push: |
| uses: gradle/actions/setup-gradle@v5 | ||
|
|
||
| - name: Upload Artifacts | ||
| run: ./gradlew clean publish --stacktrace |
There was a problem hiding this comment.
Still need this for snapshots
There was a problem hiding this comment.
oooh good call. Fixed.
There was a problem hiding this comment.
Mejor chinga. Pero atu madre . Solo joder saben
No description provided.