Skip to content

Commit 29ae3e8

Browse files
stepsecurity-app[bot]stepsecurity-app[bot]
authored
[StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <[email protected]>
1 parent ee48d78 commit 29ae3e8

File tree

2 files changed

+28
-5
lines changed

2 files changed

+28
-5
lines changed

.github/workflows/release.yml

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,22 @@ jobs:
55
github:
66
runs-on: ubuntu-latest
77
steps:
8-
- uses: jasonkarns/create-release@master
8+
- name: Harden the runner (Audit all outbound calls)
9+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
10+
with:
11+
egress-policy: audit
12+
13+
- uses: jasonkarns/create-release@9249b73e127bea00eb6f2caa7244657983df0557 # master
914

1015
homebrew:
1116
runs-on: ubuntu-latest
1217
steps:
13-
- uses: mislav/bump-homebrew-formula-action@v1
18+
- name: Harden the runner (Audit all outbound calls)
19+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
20+
with:
21+
egress-policy: audit
22+
23+
- uses: mislav/bump-homebrew-formula-action@21991dc8f899341b552c9842957677139a340980 # v1.16
1424
with:
1525
formula-name: nodenv-aliases
1626
homebrew-tap: nodenv/nodenv
@@ -20,8 +30,13 @@ jobs:
2030
npm:
2131
runs-on: ubuntu-latest
2232
steps:
23-
- uses: actions/checkout@v2
24-
- uses: actions/setup-node@v1
33+
- name: Harden the runner (Audit all outbound calls)
34+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
35+
with:
36+
egress-policy: audit
37+
38+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
39+
- uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1.4.6
2540
with:
2641
scope: nodenv
2742
registry-url: https://registry.npmjs.org

.github/workflows/test.yml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,18 @@
11
name: Test
22
on: [push, pull_request]
33

4+
permissions:
5+
contents: read
6+
47
jobs:
58
test:
69
runs-on: ${{ matrix.os }}-latest
710
strategy: { matrix: { os: [ ubuntu, macOS ] } }
811
steps:
9-
- uses: actions/checkout@v2
12+
- name: Harden the runner (Audit all outbound calls)
13+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
14+
with:
15+
egress-policy: audit
16+
17+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
1018
- run: npm cit

0 commit comments

Comments
 (0)