Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 96ecae7

Browse files
UlisesGasconNathanWalker
andauthored
Enhance Workflows Security (#5880)
* chore: remove CodeQL workflow in favor of the advance one References: - https://github.com/NativeScript/nativescript-cli/actions/workflows/codeql-advanced.yml - https://github.com/NativeScript/nativescript-cli/actions/workflows/codeql.yml * feat: define workflow permissions * feat: pin dependencies in workflows --------- Co-authored-by: Nathan Walker <walkerrunpdx@gmail.com>
1 parent b903cf9 commit 96ecae7

File tree

4 files changed

+9
-68
lines changed

4 files changed

+9
-68
lines changed

‎.github/workflows/codeql-advanced.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ on:
1919
schedule:
2020
- cron: '21 2 * * 1'
2121

22+
permissions:
23+
contents: read
24+
2225
jobs:
2326
analyze:
2427
name: Analyze (${{ matrix.language }})
@@ -57,7 +60,7 @@ jobs:
5760
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
5861
steps:
5962
- name: Checkout repository
60-
uses: actions/checkout@v5
63+
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
6164

6265
# Add any setup steps before running the `github/codeql-action/init` action.
6366
# This includes steps like installing compilers or runtimes (`actions/setup-node`
@@ -67,7 +70,7 @@ jobs:
6770

6871
# Initializes the CodeQL tools for scanning.
6972
- name: Initialize CodeQL
70-
uses: github/codeql-action/init@v3
73+
uses: github/codeql-action/init@d3678e237b9c32a6c9bffb3315c335f976f3549f # v3.30.2
7174
with:
7275
languages: ${{ matrix.language }}
7376
build-mode: ${{ matrix.build-mode }}
@@ -95,6 +98,6 @@ jobs:
9598
exit 1
9699
97100
- name: Perform CodeQL Analysis
98-
uses: github/codeql-action/analyze@v3
101+
uses: github/codeql-action/analyze@d3678e237b9c32a6c9bffb3315c335f976f3549f # v3.30.2
99102
with:
100103
category: "/language:${{matrix.language}}"

‎.github/workflows/codeql.yml

Lines changed: 0 additions & 62 deletions
This file was deleted.

‎.github/workflows/npm_release_cli.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,9 @@ jobs:
2424
with:
2525
egress-policy: audit
2626

27-
- uses: actions/checkout@v5
27+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
2828

29-
- uses: actions/setup-node@v5
29+
- uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1
3030
with:
3131
node-version: 22.14.0
3232

‎.github/workflows/npm_release_doctor.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
with:
2929
egress-policy: audit
3030

31-
- uses: actions/checkout@v5
31+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
3232

3333
- name: Setup
3434
run: npm install

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /