Context
PR #208 added workflow-level `permissions: contents: read` and per-job `timeout-minutes` to `ci.yml`. The other two workflows still need the same treatment:
- `release.yml` — currently inherits the default broad token; no timeout. A hung Tauri build during release could burn 6 hours of action minutes.
- `update-downloads.yml` — has `permissions: contents: write` set explicitly (good); just needs `timeout-minutes` (suggest 15).
Action
For `release.yml`:
- Add a workflow-level `permissions:` block. Most jobs need `contents: write` (for the release upload). Verify each step.
- Add `timeout-minutes: 60` per matrix job (Tauri builds across 4 platforms can be slow).
For `update-downloads.yml`:
- Add `timeout-minutes: 15`.
Also worth: pin `tauri-apps/tauri-action@v0` to a commit SHA (tracked separately).
Context
PR #208 added workflow-level `permissions: contents: read` and per-job `timeout-minutes` to `ci.yml`. The other two workflows still need the same treatment:
Action
For `release.yml`:
For `update-downloads.yml`:
Also worth: pin `tauri-apps/tauri-action@v0` to a commit SHA (tracked separately).