Skip to content

Commit

Permalink
Github actions: improve security
Browse files Browse the repository at this point in the history
Restrict GITHUB_TOKEN permissions.
Pin actions to a SHA.
  • Loading branch information
beevik committed Jul 16, 2024
1 parent fdd11bd commit 2e28ac4
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions .github/workflows/go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ name: Go

on: [push, pull_request]

permissions:
contents: read

jobs:

build:
Expand All @@ -13,10 +16,16 @@ jobs:
go-version: [ '1.21', '1.22.x' ]

steps:
- uses: actions/checkout@v4
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Setup Go ${{ matrix.go-version }}
uses: actions/setup-go@v5
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ matrix.go-version }}

Expand Down

0 comments on commit 2e28ac4

Please sign in to comment.