v1.4.0 #134
bluesentinelsec
announced in
Announcements
v1.4.0
#134
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
This PR updates all GitHub Actions workflows to use the latest v1.4.0 release while implementing performance improvements and security best practices.
Changes Made
⚡ Performance Optimization
• Updated Dockerfile to use public.ecr.aws/aws-cli/aws-cli:latest base image instead of building from amazonlinux
• Eliminates need to install Python3 and AWS CLI during build, reducing action installation time by 10-20 seconds
🔒 Security Hardening
• Added explicit permissions blocks to all workflows following principle of least privilege
• Granted only necessary permissions (contents: read, id-token: write, actions: write where needed)
📦 Version Updates
• Updated all workflow references from v1.3.0 to v1.4.0
Files Modified
• 14 workflow files updated with permissions and version bumps
• Dockerfile optimized for faster builds
Benefits
• Faster CI/CD: Reduced action startup time by 10-20 seconds per workflow run
• Enhanced Security: Explicit permission declarations prevent privilege escalation
🙏 Acknowledgments
Special thanks to @joshuagrisham for his contribution from #128.
This discussion was created from the release v1.4.0.
Beta Was this translation helpful? Give feedback.
All reactions