step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-09 00:17:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

[StepSecurity] Remediate token permission, and unpinned dependencies security issues in .github/workflows/canary.yml

Browse source
This commit is contained in:
Step Security 2022-08-15 22:53:09 +00:00
commit a6ca77cb04
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.github/workflows/canary.yml vendored
View file

@ -12,6 +12,9 @@ defaults:
run: run:
shell: pwsh shell: pwsh
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs: jobs:
update_tag: update_tag:
name: Update the rc tag to ${{ github.event.inputs.COMMIT_SHA }} commit name: Update the rc tag to ${{ github.event.inputs.COMMIT_SHA }} commit
@ -33,7 +36,7 @@ jobs:
rc: true rc: true
- name: Canary test - name: Canary test
uses: docker://ghcr.io/step-security/integration-test/int:latest uses: docker://ghcr.io/step-security/integration-test/int@sha256:a0e71f0f02a1298be8e34914f4d28df8e43275e63921faa4ee629822b376bd02 # latest
env: env:
PAT: ${{ secrets.PAT }} PAT: ${{ secrets.PAT }}
canary: true canary: true