Skip to content

Commit b77f4c1

Browse files
step-security-botsagikazarmark
step-security-bot
authored and
sagikazarmark
committed
[StepSecurity] ci: Harden GitHub Actions
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
1 parent cb9b2bf commit b77f4c1

File tree

5 files changed

+11
-11
lines changed

5 files changed

+11
-11
lines changed

.github/workflows/checks.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111

1212
steps:
1313
- name: Check minimum labels
14-
uses: mheap/github-action-required-labels@v5
14+
uses: mheap/github-action-required-labels@4e9ef4ce8c697cf55716ecbf7f13a3d9e0b6ac6a # v5.1.0
1515
with:
1616
mode: minimum
1717
count: 1

.github/workflows/ci.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
2525

2626
- name: Set up Go
27-
uses: actions/setup-go@v4
27+
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
2828
with:
2929
go-version: '1.20'
3030

@@ -51,7 +51,7 @@ jobs:
5151
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
5252

5353
- name: Set up Go
54-
uses: actions/setup-go@v4
54+
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
5555
with:
5656
go-version: ${{ matrix.go }}
5757

@@ -72,12 +72,12 @@ jobs:
7272
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
7373

7474
- name: Set up Go
75-
uses: actions/setup-go@v4
75+
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
7676
with:
7777
go-version: '1.20'
7878

7979
- name: Lint
80-
uses: golangci/golangci-lint-action@v3
80+
uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
8181
with:
8282
version: v1.53.3
8383

.github/workflows/codeql-analysis.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,11 +39,11 @@ jobs:
3939

4040
steps:
4141
- name: Checkout repository
42-
uses: actions/checkout@v3
42+
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
4343

4444
# Initializes the CodeQL tools for scanning.
4545
- name: Initialize CodeQL
46-
uses: github/codeql-action/init@v2
46+
uses: github/codeql-action/init@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
4747
with:
4848
languages: ${{ matrix.language }}
4949
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
5454
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
5555
# If this step fails, then you should remove it and run the build manually (see below)
5656
- name: Autobuild
57-
uses: github/codeql-action/autobuild@v2
57+
uses: github/codeql-action/autobuild@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
5858

5959
# ℹ️ Command-line programs to run using the OS shell.
6060
# 📚 https://git.io/JvXDl
@@ -68,5 +68,5 @@ jobs:
6868
# make release
6969

7070
- name: Perform CodeQL Analysis
71-
uses: github/codeql-action/analyze@v2
71+
uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
7272

.github/workflows/feedback_issue.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ jobs:
66
comment:
77
runs-on: ubuntu-latest
88
steps:
9-
- uses: actions/github-script@v6
9+
- uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
1010
with:
1111
github-token: ${{secrets.GITHUB_TOKEN}}
1212
script: |

.github/workflows/feedback_pull_request.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ jobs:
66
comment:
77
runs-on: ubuntu-latest
88
steps:
9-
- uses: actions/github-script@v6
9+
- uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
1010
with:
1111
github-token: ${{secrets.GITHUB_TOKEN}}
1212
script: |

0 commit comments

Comments
 (0)