Skip to content

Commit 924be45

Browse files
korniltsevkorniltsev
authored
zizmor (#39)
1 parent e6f25c0 commit 924be45

File tree

3 files changed

+21
-6
lines changed

3 files changed

+21
-6
lines changed

.github/workflows/ci.yaml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ on:
66
pull_request:
77
branches: [main]
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
ci:
1114
runs-on: ubuntu-latest
@@ -16,8 +19,10 @@ jobs:
1619
steps:
1720
- name: Checkout
1821
uses: actions/checkout@v2
22+
with:
23+
persist-credentials: 'false'
1924
- name: asdf_install
20-
uses: asdf-vm/actions/install@v3.0.2
25+
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3.0.2
2126
- run: make install-dev-tools
2227
# Make asdf aware of globally installed binaries
2328
- run: asdf reshim
@@ -34,6 +39,8 @@ jobs:
3439
steps:
3540
- name: Checkout
3641
uses: actions/checkout@v2
42+
with:
43+
persist-credentials: 'false'
3744
- name: asdf_install
38-
uses: asdf-vm/actions/install@v3.0.2
45+
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3.0.2
3946
- run: make shellcheck

.github/workflows/release-please.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,15 @@ on:
33
branches:
44
- main
55

6+
permissions:
7+
contents: read
8+
69
name: release-please
710
jobs:
811
release-please:
912
runs-on: ubuntu-latest
1013
steps:
11-
- uses: google-github-actions/release-please-action@v3
14+
- uses: googleapis/release-please-action@a02a34c4d625f9be7cb89156071d8567266a2445 # v4.2.0
1215
with:
1316
release-type: go
1417
package-name: pyroscope-lambda-extension

.github/workflows/release.yaml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,13 +14,18 @@ on:
1414
# tag_name:
1515
# type: string
1616

17+
permissions:
18+
contents: read
19+
1720
jobs:
1821
publish:
1922
runs-on: ubuntu-latest
2023
steps:
2124
- uses: actions/checkout@v3
25+
with:
26+
persist-credentials: 'false'
2227
- name: asdf_install
23-
uses: asdf-vm/actions/install@v3.0.2
28+
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3.0.2
2429
- run: make clean
2530
- run: make build-amd
2631
- run: make build-arm
@@ -34,15 +39,15 @@ jobs:
3439
# use tag_name if available (ie manual invokation)
3540
- if: ${{ inputs.tag_name == '' }}
3641
id: update_release_auto
37-
uses: tubone24/update_release@v1.3.1
42+
uses: tubone24/update_release@c04c17054b939144ec8a7cba969d74992f812d66 # v1.3.1
3843
env:
3944
GITHUB_TOKEN: ${{ github.token }}
4045
with:
4146
body_path: release.tmp.md
4247
is_append_body: true
4348
- if: ${{ inputs.tag_name != '' }}
4449
id: update_release_manual
45-
uses: tubone24/update_release@v1.3.1
50+
uses: tubone24/update_release@c04c17054b939144ec8a7cba969d74992f812d66 # v1.3.1
4651
env:
4752
GITHUB_TOKEN: ${{ github.token }}
4853
TAG_NAME: ${{ inputs.tag_name }}

0 commit comments

Comments
 (0)