Skip to content

Commit 66384d3

Browse files
danbarrdanbarr
authored
Update GitHub Actions security (#28)
* Pin GitHub Actions to SHA * Add permissions to reusable workflows
1 parent 1fc70c5 commit 66384d3

File tree

3 files changed

+6
-1
lines changed

3 files changed

+6
-1
lines changed

.github/workflows/_security-checks.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@ name: Security checks
33
on:
44
workflow_call:
55

6+
permissions:
7+
contents: read
8+
69
jobs:
710
trivy:
811
name: Trivy scan

.github/workflows/_static-checks.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@ name: Static checks
33
on:
44
workflow_call:
55

6+
permissions:
7+
contents: read
8+
69
jobs:
710
lint:
811
name: Lint and format checks

.github/workflows/on-pr.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,4 +14,3 @@ jobs:
1414
static-checks:
1515
name: Static checks
1616
uses: ./.github/workflows/_static-checks.yaml
17-
secrets: inherit

0 commit comments

Comments
 (0)