diff options
author | StepSecurity Bot <bot@stepsecurity.io> | 2023-02-27 10:06:50 +0000 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2023-02-27 19:09:36 +0900 |
commit | 2cbe1f3ebc15e5adf5ea68b9371a16a2d26724b3 (patch) | |
tree | a723047ee4e8a14c4bf4b3d92a43c330f332bc73 /.github/workflows | |
parent | 10a80d9dc44146f910fb01240a818aa5809e6516 (diff) | |
download | ruby-2cbe1f3ebc15e5adf5ea68b9371a16a2d26724b3.tar.gz |
[StepSecurity] ci: Harden GitHub Actions
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 4 | ||||
-rw-r--r-- | .github/workflows/dependabot_automerge.yml | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b7ddb928dc..2087052cc7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -82,7 +82,7 @@ jobs: output: sarif-results - name: filter-sarif - uses: advanced-security/filter-sarif@v1 + uses: advanced-security/filter-sarif@eac3ea6a5e1270952681bf7287598a6cd1a4d49d # v1.0 with: patterns: | +**/*.rb @@ -98,6 +98,6 @@ jobs: if: ${{ matrix.language == 'ruby' }} - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5 with: sarif_file: sarif-results/${{ matrix.language }}.sarif diff --git a/.github/workflows/dependabot_automerge.yml b/.github/workflows/dependabot_automerge.yml index 1247f32538..4754b3c9fe 100644 --- a/.github/workflows/dependabot_automerge.yml +++ b/.github/workflows/dependabot_automerge.yml @@ -9,10 +9,10 @@ jobs: if: ${{ github.actor == 'dependabot[bot]' }} steps: - name: Dependabot metadata - uses: dependabot/fetch-metadata@v1 + uses: dependabot/fetch-metadata@4de7a6c08ce727a42e0adbbdc345f761a01240ce # v1.3.6 id: metadata - name: Wait for status checks - uses: lewagon/wait-on-check-action@v1.3.1 + uses: lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812 # v1.3.1 with: repo-token: ${{ secrets.MATZBOT_GITHUB_TOKEN }} ref: ${{ github.event.pull_request.head.sha || github.sha }} |