From ca4eb660ff95f71ee471c0a14c09eeb86309ad25 Mon Sep 17 00:00:00 2001
From: RedBeret <13550471+RedBeret@users.noreply.github.com>
Date: Tue, 28 Apr 2026 19:31:01 -0700
Subject: [PATCH] Harden CI publish checks

---
 .github/workflows/smoke-test.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml
index 789e0c0..e5f6505 100644
--- a/.github/workflows/smoke-test.yml
+++ b/.github/workflows/smoke-test.yml
@@ -4,6 +4,13 @@ on:
   push:
   pull_request:
 
+permissions:
+  contents: read
+
+concurrency:
+  group: smoke-test-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   smoke-test:
     runs-on: ubuntu-latest
@@ -11,9 +18,12 @@ jobs:
     steps:
       - name: Check out repository
         uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+          persist-credentials: false
 
       - name: Install dependencies
         run: sudo apt-get update && sudo apt-get install -y jq openssl
 
-      - name: Run smoke tests
-        run: bash scripts/smoke-test.sh
+      - name: Run publish checks
+        run: bash scripts/publish-check.sh