Merge pull request #76 from supabase/chore-review-actions

imor · web-flow · commit e64151fbaaaf · 2025-04-09T17:55:24.000+05:30
ci: explicit permissions in actions
diff --git a/.github/workflows/pgxn-release.yml b/.github/workflows/pgxn-release.yml
@@ -3,6 +3,10 @@ on:
   push:
     # Release on semantic version tag.
     tags: ['v[0-9]+.[0-9]+.[0-9]+']
+
+permissions:
+  contents: read
+
 jobs:
   release:
     name: 🚀 Release on PGXN
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,6 +7,9 @@ on:
     tags:
       - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
 
+permissions:
+  contents: write # Required to upload release assets
+
 jobs:
   release:
     name: Create Release
@@ -110,7 +113,7 @@ jobs:
           cd ../../../../../..
 
           # Create install control file
-          extension_version=${{ github.ref_name }}
+          extension_version="${{ github.ref_name }}"
           # strip the leading v
           deb_version=${extension_version:1}
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,6 +3,9 @@ on:
   pull_request:
   push: { branches: [master] }
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Run tests
