Skip to content

Commit 9229ee2

Browse files
antonmedvantonmedv
committed
Update GitHub Actions workflows to use specific action versions and configure permissions
1 parent c4b401e commit 9229ee2

File tree

5 files changed

+32
-12
lines changed

5 files changed

+32
-12
lines changed

.github/workflows/build.yaml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,20 @@ on:
66
- master
77
- 'releases/*'
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
build:
1114
runs-on: ubuntu-latest
1215
steps:
13-
- uses: actions/checkout@v6
14-
- uses: actions/setup-node@v6
16+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+
with:
18+
persist-credentials: false
19+
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
1520
with:
1621
node-version: '22'
17-
cache: 'npm'
22+
package-manager-cache: false
1823
- run: npm ci
1924
- run: npm run build
2025
- name: Check dist/ is up to date

.github/workflows/prettier.yaml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,19 @@ on:
66
- master
77
- 'releases/*'
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
prettier:
1114
runs-on: ubuntu-latest
1215
steps:
13-
- uses: actions/checkout@v6
14-
- uses: actions/setup-node@v6
16+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+
with:
18+
persist-credentials: false
19+
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
1520
with:
1621
node-version: '22'
17-
cache: 'npm'
22+
package-manager-cache: false
1823
- run: npm ci
1924
- run: npm run format:check

.github/workflows/test.yaml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,16 @@ on:
66
- master
77
- 'releases/*'
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
test:
1114
runs-on: ubuntu-latest
1215
steps:
13-
- uses: actions/checkout@v6
16+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+
with:
18+
persist-credentials: false
1419
- uses: ./
1520
with:
1621
dep: list

.github/workflows/typecheck.yaml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,19 @@ on:
66
- master
77
- 'releases/*'
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
typecheck:
1114
runs-on: ubuntu-latest
1215
steps:
13-
- uses: actions/checkout@v6
14-
- uses: actions/setup-node@v6
16+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+
with:
18+
persist-credentials: false
19+
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
1520
with:
1621
node-version: '22'
17-
cache: 'npm'
22+
package-manager-cache: false
1823
- run: npm ci
1924
- run: npm run typecheck

.github/workflows/zizmor.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
contents: read
1414
security-events: write
1515
steps:
16-
- uses: actions/checkout@v6
16+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1717
with:
1818
persist-credentials: false
19-
- uses: zizmorcore/zizmor-action@v0
19+
- uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2

0 commit comments

Comments
 (0)