20022076525
84%
master: 84%

Ran 08 Dec 2025 08:50AM UTC

Jobs 1

Files 17

Run time 1min

Badge

Embed ▾

Committed 08 Dec 2025 08:48AM UTC coverage: 83.62% (-0.06%) from 83.682%

Build # 20022076525

Build Type

push

github

Committed by

paskal

Commit Message

ci: add explicit permissions blocks for security hardening

Add minimal required permissions to CI and Docker workflows following
GitHub's security best practice of least privilege principle.

Changes:
- ci.yml: Add workflow-level `permissions: contents: read`
- docker.yml: Add job-level permissions for build and merge jobs
  - contents: read (for checkout)
  - packages: write (for pushing to ghcr.io)

This explicitly restricts the GITHUB_TOKEN to only the permissions
needed, rather than relying on repository defaults which may be
overly permissive.

Reference: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Run Details

2675 of 3199 relevant lines covered (83.62%)

83.13 hits per line

Uncovered Existing Lines

Lines	Coverage	∆	File
2	87.16	-0.38%	app/server/auth.go

Jobs

ID	Job ID	Ran	Files	Coverage
1	20022076525.1	08 Dec 2025 08:50AM UTC	17	83.62	GitHub Action Run

paskal / stash / 20022076525
84%
master: 84%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Existing Lines

Jobs

Source Files on build 20022076525

paskal / stash / 20022076525 84% master: 84%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Existing Lines

Jobs

Source Files on build 20022076525

paskal / stash / 20022076525
84%
master: 84%

README BADGES
x