Improve workflows when used with private repo (#10)

capnspacehook · web-flow · commit b8424b56ba7f · 2022-12-03T09:22:25.000-05:00
* make workflows more compatible with private repos

* fix dockerfile not building
diff --git a/.github/workflows/lint-go.yml b/.github/workflows/lint-go.yml
@@ -61,6 +61,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     permissions:
+      contents: read
       pull-requests: read
     steps:
       - name: Checkout code
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -50,6 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     permissions:
+      contents: read
       id-token: write
       packages: write
     steps:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -71,5 +71,6 @@ jobs:
       - name: Ensure Docker image builds
         uses: docker/build-push-action@v3
         with:
+          load: true
           push: false
           tags: ghcr.io/${{ github.repository }}:build-test
diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,9 @@ COPY . /build
 WORKDIR /build
 
 # add git so VCS info will be stamped in binary
-RUN apk add --no-cache git=2.36.3-r0
+# ignore warning that a specific version of git isn't pinned
+# hadolint ignore=DL3018
+RUN apk add --no-cache git
 
 # build as PIE to take advantage of exploit mitigations
 ARG CGO_ENABLED=0
