Skip to content

Commit cf75f61

Browse files
Merge pull request #533 from microsoft/psl-pipeline-security-fix
ci: fix pipeline vulnerabilities
2 parents 094761c + 2c1dd07 commit cf75f61

2 files changed

Lines changed: 8 additions & 18 deletions

File tree

.github/workflows/CI.yml

Lines changed: 5 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,9 @@ on:
1515
- 'tests/**'
1616
schedule:
1717
- cron: "0 10,22 * * *" # Runs at 10:00 AM and 10:00 PM GMT
18-
18+
permissions:
19+
contents: read
20+
actions: read
1921
env:
2022
GPT_CAPACITY: 150
2123
TEXT_EMBEDDING_CAPACITY: 200
@@ -35,12 +37,6 @@ jobs:
3537
- name: Checkout Code
3638
uses: actions/checkout@v5 # Checks out your repository
3739

38-
- name: Install Azure CLI
39-
shell: bash
40-
run: |
41-
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
42-
az --version # Verify installation
43-
4440
- name: Install Kubernetes CLI (kubectl)
4541
shell: bash
4642
run: |
@@ -144,10 +140,8 @@ jobs:
144140
- name: Install Bicep CLI
145141
run: az bicep install
146142

147-
- name: Install Azure Developer CLI
148-
run: |
149-
curl -fsSL https://aka.ms/install-azd.sh | bash
150-
shell: bash
143+
- name: Install azd
144+
uses: Azure/setup-azd@v2
151145

152146
- name: Set Deployment Region
153147
run: |
@@ -406,12 +400,6 @@ jobs:
406400
VALID_REGION: ${{ needs.deploy.outputs.VALID_REGION }}
407401

408402
steps:
409-
- name: Install Azure CLI
410-
shell: bash
411-
run: |
412-
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
413-
az --version # Verify installation
414-
415403
- name: Login to Azure
416404
shell: bash
417405
run: |

.github/workflows/test-automation.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,9 @@ on:
1515
env:
1616
url: ${{ inputs.DKM_URL }}
1717
accelerator_name: "DKM"
18-
18+
permissions:
19+
contents: read
20+
actions: read
1921
jobs:
2022
test:
2123
runs-on: ubuntu-latest

0 commit comments

Comments
 (0)