Etienne Stalmans
|
c9cc6cd835
|
chore: cleanup gh actions (#46454)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Chore, CI hardening
## Additional context
Hardens all GitHub actions to recommendations of
[zizmor](https://docs.zizmor.sh/audits/)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Disabled persistence of checkout credentials across many CI workflows
to reduce credential exposure.
* Upgraded GitHub App token tooling and tightened generated token
permissions for automation.
* Added cooldown/rate-limiting to dependency update automation to reduce
update churn.
* Adjusted workflow-level permissions, required secret inputs for
workflow callers, and refactored some job step logic.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46454?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ali Waseem <waseema393@gmail.com>
|
2026-05-28 17:31:04 +02:00 |
|
