Conversation
There was a problem hiding this comment.
Pull request overview
Updates the repository’s release automation to better support a reusable release GitHub Actions workflow, and makes a small theme variable adjustment in the CSS.
Changes:
- Add workflow-level
concurrencycontrol to serialize release runs. - Expand
GITHUB_TOKENpermissions for the release workflow to enable write operations. - Simplify a theme CSS variable definition for
--bmc-color.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
src/index.css |
Tweaks theme variable definition for --bmc-color. |
.github/workflows/release.yml |
Adds concurrency settings and explicit token permissions for the reusable release workflow invocation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| --theme-text-muted: #657b83; | ||
| --theme-text-bright: #073642; | ||
| --bmc-color: #cb4b16; /* Same as theme-orange for high contrast on light bg */ | ||
| --bmc-color: #cb4b16; |
There was a problem hiding this comment.
--bmc-color duplicates the value of --theme-orange in this theme. To avoid drift if --theme-orange is updated later, set --bmc-color to reference the theme variable (e.g., via var(--theme-orange)) instead of repeating the hex value.
| --bmc-color: #cb4b16; | |
| --bmc-color: var(--theme-orange); |
| permissions: | ||
| contents: write | ||
| pull-requests: write |
There was a problem hiding this comment.
This workflow grants contents: write and pull-requests: write to a reusable workflow sourced from another repository (and referenced via a floating @main ref). With secrets: inherit, this materially increases supply-chain blast radius if the upstream workflow changes. Consider pinning the reusable workflow to an immutable ref (tag/SHA) and scoping token permissions (and passed secrets) to the minimum actually required for the release job.
No description provided.