|
20 | 20 | runs-on: ${{ matrix.os }}-latest |
21 | 21 | strategy: { matrix: { os: [ubuntu, macOS] } } |
22 | 22 | steps: |
23 | | - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 |
| 23 | + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 |
24 | 24 | with: { egress-policy: audit } |
25 | 25 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
26 | 26 | - run: npm cit |
|
30 | 30 | permissions: { contents: read, packages: read, statuses: write } |
31 | 31 | runs-on: ubuntu-latest |
32 | 32 | steps: |
33 | | - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 |
| 33 | + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 |
34 | 34 | with: { egress-policy: audit } |
35 | 35 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
36 | 36 | with: { fetch-depth: 0 } |
|
45 | 45 | if: startsWith('pull_request', github.event_name) |
46 | 46 | runs-on: ubuntu-latest |
47 | 47 | steps: |
48 | | - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 |
| 48 | + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 |
49 | 49 | with: { egress-policy: audit } |
50 | 50 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
51 | 51 | - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 |
|
55 | 55 | permissions: { id-token: write, security-events: write } |
56 | 56 | runs-on: ubuntu-latest |
57 | 57 | steps: |
58 | | - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 |
| 58 | + - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 |
59 | 59 | with: { egress-policy: audit } |
60 | 60 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
61 | 61 | - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 |
|
0 commit comments