Enhance GitHub Actions workflows security and permissions (#4445)

Signed-off-by: Carson Yang <yangchuansheng33@gmail.com>
2025-07-23 13:03:50 +00:00 · 2025-04-03 14:01:17 +08:00
parent 5ad383bc6e
commit 7a0747947c
2 changed files with 17 additions and 4 deletions
--- a/.github/workflows/docs-deploy-kubeconfig.yml
+++ b/.github/workflows/docs-deploy-kubeconfig.yml
@@ -10,6 +10,13 @@ on:
 jobs:
  build-fastgpt-docs-images:
    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -50,8 +57,8 @@ jobs:
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GH_PAT }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Login to Aliyun
        uses: docker/login-action@v3