ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-02-07 13:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(ci): pin versions, tighten permissions

Browse Source
This commit is contained in:
Ismo Vuorinen
2025-02-02 14:20:05 +02:00
parent ab2a86b6e2
commit 19f792e5d1
12 changed files with 86 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/security-trends.yml vendored
View File

@@ -8,6 +8,10 @@ on:
types:
- completed
permissions:
contents: read
actions: read
jobs:
analyze-trends:
runs-on: ubuntu-latest
@@ -16,20 +20,20 @@ jobs:
issues: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: main
fetch-depth: 0
- name: Download latest results
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: security-reports-${{ github.event.workflow_run.id }}
path: latest-results
- name: Analyze Trends
id: analyze
uses: actions/github-script@v7
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const fs = require('fs');
@@ -82,7 +86,7 @@ jobs:
if: |
github.event.workflow_run.conclusion == 'success' &&
steps.verify.outputs.exists == 'true'
uses: actions/github-script@v7
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
try {