Merge pull request #661 from crazy-max/zizmor-fixes
Some checks failed
ci / context (git) (push) Has been cancelled
ci / context (workflow) (push) Has been cancelled
ci / multi-images (push) Has been cancelled
ci / tag-schedule () (push) Has been cancelled
ci / tag-schedule (cron-{{date 'YYYYMMDD'}}) (push) Has been cancelled
ci / tag-schedule (schedule) (push) Has been cancelled
ci / tag-schedule ({{date 'YYYYMMDD-HHmmss'}}) (push) Has been cancelled
ci / tag-match (\d.\d, 0) (push) Has been cancelled
ci / tag-match (\d.\d.\d, 0) (push) Has been cancelled
ci / tag-match (v(.*), 1) (push) Has been cancelled
ci / tag-semver (auto) (push) Has been cancelled
ci / tag-semver (false) (push) Has been cancelled
ci / tag-semver (true) (push) Has been cancelled
ci / flavor (push) Has been cancelled
ci / images (push) Has been cancelled
ci / custom-labels-annotations (push) Has been cancelled
ci / global-exps (push) Has been cancelled
ci / json (push) Has been cancelled
ci / docker-push (push) Has been cancelled
ci / bake (push) Has been cancelled
ci / sep-tags ( ) (push) Has been cancelled
ci / sep-tags (,) (push) Has been cancelled
ci / output-env (push) Has been cancelled
ci / no-output-env (push) Has been cancelled
ci / bake-annotations (push) Has been cancelled
ci / no-images (push) Has been cancelled
ci / bake-path-context (push) Has been cancelled
ci / sha-short () (push) Has been cancelled
ci / sha-short (16) (push) Has been cancelled
ci / dump (push) Has been cancelled
codeql / analyze (push) Has been cancelled
test / test (push) Has been cancelled
validate / prepare (push) Has been cancelled
validate / validate (push) Has been cancelled
zizmor / zizmor (push) Has been cancelled

ci: restrict update-dist GitHub App token scope
This commit is contained in:
CrazyMax 2026-05-21 14:57:49 +02:00 committed by GitHub
commit 1b2e78b2f1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -26,6 +26,8 @@ jobs:
app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }} app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }} private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
owner: docker owner: docker
repositories: metadata-action
permission-contents: write
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2