1
84%
master: 84%

Ran 08 Dec 2025 08:52AM UTC

Files 17

Run time 0s

Badge

Embed ▾

Committed 08 Dec 2025 08:50AM UTC coverage: 83.745% (+0.06%) from 83.682%

Job # 20022117045.1

Build Type

push

github

Committed by

paskal

Commit Message

ci: add explicit permissions blocks for security hardening

Add minimal required permissions to all workflows following GitHub's
security best practice of least privilege principle.

Changes:
- ci.yml: Add workflow-level `permissions: contents: read`
- docker.yml: Add job-level permissions for build and merge jobs
  - contents: read (for checkout)
  - packages: write (for pushing to ghcr.io)
- release.yml: Add workflow-level `permissions: contents: write`
  (required for goreleaser to create releases and upload assets)

This explicitly restricts the GITHUB_TOKEN to only the permissions
needed, rather than relying on repository defaults which may be
overly permissive.

Reference: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Run Details

2679 of 3199 relevant lines covered (83.74%)

83.13 hits per line

paskal / stash / 20022117045 / 1
84%
master: 84%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 20022117045.1

paskal / stash / 20022117045 / 1 84% master: 84%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 20022117045.1

paskal / stash / 20022117045 / 1
84%
master: 84%

README BADGES
x