Merge 1b0793cc05 into 85e6279cec

Adjust positioning of user email note and permissions heading (#2044 )
Documentation update - add recommended permissions to Readme (#2043 )
2025-09-08 14:42:19 +08:00 · 2025-01-18 21:01:15 +09:00 · 2025-01-16 15:56:18 -05:00 · 2025-01-16 14:14:48 -05:00 · 2024-12-02 16:59:45 +00:00
3 changed files with 11 additions and 2 deletions
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@@ -17,4 +17,4 @@ jobs:
        uses: actions/checkout@v4
      - name: Publish
        id: publish
-        uses: actions/publish-immutable-action@0.0.3
+        uses: actions/publish-immutable-action@v0.0.4
--- a/.github/workflows/update-test-ubuntu-git.yml
+++ b/.github/workflows/update-test-ubuntu-git.yml
@@ -48,7 +48,7 @@ jobs:

      # Use `docker/build-push-action` to build (and optionally publish) the image. 
      - name: Build Docker Image (with optional Push)
-        uses: docker/build-push-action@v6.5.0
+        uses: docker/build-push-action@v6.10.0
        with:
          context: .
          file: images/test-ubuntu-git.Dockerfile
--- a/README.md
+++ b/README.md
@@ -311,8 +311,17 @@ jobs:
          git commit -m "generated"
          git push
 ```
+
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D

+# Recommended permissions
+
+When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
+
+```yaml
+permissions:
+  contents: read
+```

 # License
Author	SHA1	Message	Date
dependabot[bot]	5c118935c1	Merge `1b0793cc05` into `85e6279cec`	2025-01-18 21:01:15 +09:00
Josh Gross	85e6279cec	Adjust positioning of user email note and permissions heading (#2044 ) Some checks failed CodeQL / Analyze (javascript) (push) Has been cancelled Details Build and Test / build (push) Has been cancelled Details Build and Test / test (macos-latest) (push) Has been cancelled Details Build and Test / test (ubuntu-latest) (push) Has been cancelled Details Build and Test / test (windows-latest) (push) Has been cancelled Details Build and Test / test-proxy (push) Has been cancelled Details Build and Test / test-bypass-proxy (push) Has been cancelled Details Build and Test / test-git-container (push) Has been cancelled Details Build and Test / test-output (push) Has been cancelled Details	2025-01-16 15:56:18 -05:00
Ben Wells	009b9ae9e4	Documentation update - add recommended permissions to Readme (#2043 ) * Update README.md * Update README.md Co-authored-by: Josh Gross <joshmgross@github.com> --------- Co-authored-by: Josh Gross <joshmgross@github.com>	2025-01-16 14:14:48 -05:00
dependabot[bot]	1b0793cc05	Bump the minor-actions-dependencies group across 1 directory with 2 updates Bumps the minor-actions-dependencies group with 2 updates in the / directory: [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `actions/publish-immutable-action` from 0.0.3 to 0.0.4 - [Release notes](https://github.com/actions/publish-immutable-action/releases) - [Commits](https://github.com/actions/publish-immutable-action/compare/0.0.3...v0.0.4) Updates `docker/build-push-action` from 6.5.0 to 6.10.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.5.0...v6.10.0) --- updated-dependencies: - dependency-name: actions/publish-immutable-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-actions-dependencies - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-actions-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-12-02 16:59:45 +00:00