Token-Permissions & Pinned-Dependencies (#2586)

# Description Please provide a summary of the changes, including relevant motivation and context. Closes #(issue_number) ## Checklist - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have performed a self-review of my own code - [ ] I have attached images of the change if it is UI based - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] If my code has heavily changed functionality I have updated relevant docs on [Stirling-PDFs doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) - [ ] My changes generate no new warnings - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only)
2025-01-02 19:22:14 +01:00
parent ef174a1e8a
commit 875f5a85ef
14 changed files with 35 additions and 17 deletions
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@@ -9,14 +9,13 @@ on:

 permissions:
  contents: read
-  packages: write
-  id-token: write

 jobs:
  push:
    runs-on: ubuntu-latest
    permissions:
      packages: write
+      id-token: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
@@ -42,7 +41,7 @@ jobs:

      - name: Install cosign
        if: github.ref == 'refs/heads/master'
-        uses: sigstore/cosign-installer@v3.7.0
+        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
        with:
          cosign-release: 'v2.4.1'