sjs/immich
1
0
Fork 0
mirror of https://github.com/samsonjs/immich.git synced 2026-03-25 09:15:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
immich/.github/workflows
History
bo0tzz 504930947d
fix: various actions workflow security improvements (#17651) 
* fix: set persist-credentials explicitly for checkout

https://woodruffw.github.io/zizmor/audits/#artipacked

* fix: minimize permissions scope for workflows

https://woodruffw.github.io/zizmor/audits/#excessive-permissions

* fix: remove potential template injections

https://woodruffw.github.io/zizmor/audits/#template-injection

* fix: only pass needed secrets in workflow_call

https://woodruffw.github.io/zizmor/audits/#secrets-inherit

* fix: push perm for single-arch build jobs

I hadn't realised these push to the registry too :x

* chore: fix formatting

* fix: $

* fix: retag job quoting

---------

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
2025-04-18 15:10:27 -05:00
..
build-mobile.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
cache-cleanup.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
cli.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
codeql-analysis.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
docker.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
docs-build.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
docs-deploy.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
docs-destroy.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
fix-format.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
pr-label-validation.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
pr-labeler.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
pr-require-conventional-commit.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
prepare-release.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
preview-label.yaml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
sdk.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
static_analysis.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
test.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00
weblate-lock.yml fix: various actions workflow security improvements (#17651) 2025-04-18 15:10:27 -05:00