mirror of
https://github.com/step-security/harden-runner.git
synced 2026-06-08 03:17:11 +00:00
[StepSecurity] Remediate token permission, and unpinned dependencies security issues in .github/workflows/release.yml
This commit is contained in:
Step Security
parent
f5669ff9f5
commit
a7fde9d1ba
1 changed files with 5 additions and 2 deletions
7
.github/workflows/release.yml
vendored
7
.github/workflows/release.yml
vendored
|
|
@ -12,6 +12,9 @@ defaults:
|
|||
run:
|
||||
shell: pwsh
|
||||
|
||||
permissions: # added using https://github.com/step-security/secure-workflows
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
update_tag:
|
||||
name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
|
||||
|
|
@ -28,7 +31,7 @@ jobs:
|
|||
api.github.com:443
|
||||
github.com:443
|
||||
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf
|
||||
- name: Update the rc tag
|
||||
uses: step-security/publish-action@b438f840875fdcb7d1de4fc3d1d30e86cf6acb5d
|
||||
with:
|
||||
|
|
@ -36,7 +39,7 @@ jobs:
|
|||
rc: true
|
||||
|
||||
- name: Canary test
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
||||
uses: docker://ghcr.io/step-security/integration-test/int@sha256:a0e71f0f02a1298be8e34914f4d28df8e43275e63921faa4ee629822b376bd02 # latest
|
||||
env:
|
||||
PAT: ${{ secrets.PAT }}
|
||||
canary: true
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue