From 9c67537a07f02bf200e122c1d025133e25eb39c3 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Wed, 31 May 2023 06:16:50 +0000 Subject: [PATCH] [StepSecurity] Apply security best practices resolve: #92 Signed-off-by: StepSecurity Bot --- .github/dependabot.yml | 6 ++++++ .github/workflows/cpp.yml | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..253bcb7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily diff --git a/.github/workflows/cpp.yml b/.github/workflows/cpp.yml index f63f4ed..37ae34d 100644 --- a/.github/workflows/cpp.yml +++ b/.github/workflows/cpp.yml @@ -15,13 +15,13 @@ jobs: steps: # Checks out a copy of your repository on the ubuntu-latest machine - - uses: AdoptOpenJDK/install-jdk@v1 + - uses: AdoptOpenJDK/install-jdk@2f15d3f82051aa50984186fc1184467d0d9f87d0 # v1.1.1 with: version: '11' targets: 'JAVA_HOME' impl: 'openj9' - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: create build directory run: cd ./perf-tool && mkdir build - name: cmake build