From dc537a9e8abc27d27538d1f0ebb17b8b784db39e Mon Sep 17 00:00:00 2001 From: schapron Date: Tue, 19 Dec 2023 17:45:12 +0100 Subject: [PATCH] enh(chore): github actions hardening --- .github/dependabot.yml | 9 +++++++++ .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/war.yml | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..ff9fb1d344 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: '/' + schedule: + interval: weekly + open-pull-requests-limit: 10 + labels: + - 'pr: dependencies' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2d28a22b88..d05610ff01 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/war.yml b/.github/workflows/war.yml index 7ded41164a..0bccf835e7 100644 --- a/.github/workflows/war.yml +++ b/.github/workflows/war.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up JDK 1.8 uses: actions/setup-java@v1 with: