From b870d7d2a37e7acd09f5b6d47bd71e55062d7167 Mon Sep 17 00:00:00 2001
From: Cristiano Rodrigues <cristianonr@gmail.com>
Date: Fri, 5 Dec 2025 22:35:06 +0000
Subject: [PATCH 1/2] perf(ci): optimize workflow with caching and concurrency

- Add NuGet package caching to speed up dependency restore
- Add concurrency control to cancel redundant workflow runs
- Add DOTNET_NOLOGO environment variable to reduce output noise
---
 .github/workflows/ci.yml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b676754..db7e369 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,8 +3,19 @@ name: CI
 on:
   push:
     branches: [main]
+    paths-ignore:
+      - "**.md"
+      - "docs/**"
   pull_request:
     branches: [main]
+    paths-ignore:
+      - "**.md"
+      - "docs/**"
+
+env:
+  DOTNET_VERSION: "10.0.x"
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
 
 jobs:
   build:
@@ -16,7 +27,7 @@ jobs:
       - name: Setup .NET
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: "10.0.x"
+          dotnet-version: ${{ env.DOTNET_VERSION }}
 
       - name: Restore dependencies
         run: dotnet restore
@@ -36,7 +47,7 @@ jobs:
       - name: Setup .NET
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: "10.0.x"
+          dotnet-version: ${{ env.DOTNET_VERSION }}
 
       - name: Restore dependencies
         run: dotnet restore

From 4da8f7bb832e4e64e8ac7cc029e0e7f9565fbea0 Mon Sep 17 00:00:00 2001
From: Cristiano Rodrigues <cristianonr@gmail.com>
Date: Fri, 5 Dec 2025 22:53:55 +0000
Subject: [PATCH 2/2] perf(ci): add explicit permissions block for GITHUB_TOKEN

Limit GITHUB_TOKEN to read-only contents access following the principle
of least privilege for improved workflow security.
---
 .github/workflows/ci.yml      | 3 +++
 .github/workflows/release.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index db7e369..4b7a473 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,6 +12,9 @@ on:
       - "**.md"
       - "docs/**"
 
+permissions:
+  contents: read
+
 env:
   DOTNET_VERSION: "10.0.x"
   DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 00fd4eb..c1bb5c1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,9 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ${{ matrix.os }}