Skip to content

Commit bef0523

Browse files
utpillautpilla
authored
ci: Harden GitHub Actions (#2914)
1 parent 72fc1b6 commit bef0523

File tree

6 files changed

+13
-13
lines changed

6 files changed

+13
-13
lines changed

.github/workflows/benchmark.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535
BRANCH_NAME: ${{ github.event_name == 'pull_request' && github.base_ref || github.event.before }}
3636
steps:
3737
- name: Harden the runner (Audit all outbound calls)
38-
uses: step-security/harden-runner@v2
38+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
3939
with:
4040
egress-policy: audit
4141

.github/workflows/ci.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
continue-on-error: ${{ matrix.rust == 'beta' }}
3232
steps:
3333
- name: Harden the runner (Audit all outbound calls)
34-
uses: step-security/harden-runner@v2
34+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
3535
with:
3636
egress-policy: audit
3737

@@ -60,7 +60,7 @@ jobs:
6060
runs-on: ubuntu-latest
6161
steps:
6262
- name: Harden the runner (Audit all outbound calls)
63-
uses: step-security/harden-runner@v2
63+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
6464
with:
6565
egress-policy: audit
6666

@@ -88,7 +88,7 @@ jobs:
8888
runs-on: ubuntu-latest # TODO: Check if this could be covered for Windows. The step used currently fails on Windows.
8989
steps:
9090
- name: Harden the runner (Audit all outbound calls)
91-
uses: step-security/harden-runner@v2
91+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
9292
with:
9393
egress-policy: audit
9494

@@ -111,7 +111,7 @@ jobs:
111111
continue-on-error: true
112112
steps:
113113
- name: Harden the runner (Audit all outbound calls)
114-
uses: step-security/harden-runner@v2
114+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
115115
with:
116116
egress-policy: audit
117117

@@ -131,7 +131,7 @@ jobs:
131131
continue-on-error: true # Prevent sudden announcement of a new advisory from failing ci
132132
steps:
133133
- name: Harden the runner (Audit all outbound calls)
134-
uses: step-security/harden-runner@v2
134+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
135135
with:
136136
egress-policy: audit
137137

@@ -144,7 +144,7 @@ jobs:
144144
runs-on: ubuntu-latest
145145
steps:
146146
- name: Harden the runner (Audit all outbound calls)
147-
uses: step-security/harden-runner@v2
147+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
148148
with:
149149
egress-policy: audit
150150

@@ -167,7 +167,7 @@ jobs:
167167
if: ${{ ! contains(github.event.pull_request.labels.*.name, 'dependencies') }}
168168
steps:
169169
- name: Harden the runner (Audit all outbound calls)
170-
uses: step-security/harden-runner@v2
170+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
171171
with:
172172
egress-policy: audit
173173

@@ -199,7 +199,7 @@ jobs:
199199
runs-on: ubuntu-latest
200200
steps:
201201
- name: Harden the runner (Audit all outbound calls)
202-
uses: step-security/harden-runner@v2
202+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
203203
with:
204204
egress-policy: audit
205205

.github/workflows/integration_tests.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
timeout-minutes: 10
1414
steps:
1515
- name: Harden the runner (Audit all outbound calls)
16-
uses: step-security/harden-runner@v2
16+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
1717
with:
1818
egress-policy: audit
1919

.github/workflows/markdown-link-check.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- name: Harden the runner (Audit all outbound calls)
18-
uses: step-security/harden-runner@v2
18+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
1919
with:
2020
egress-policy: audit
2121

.github/workflows/pr_naming.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
runs-on: ubuntu-latest
1212
steps:
1313
- name: Harden the runner (Audit all outbound calls)
14-
uses: step-security/harden-runner@v2
14+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
1515
with:
1616
egress-policy: audit
1717

.github/workflows/semver.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
if: ${{ github.event.label.name == 'semver-check' || contains(github.event.pull_request.labels.*.name, 'semver-check') }}
1313
steps:
1414
- name: Harden the runner (Audit all outbound calls)
15-
uses: step-security/harden-runner@v2
15+
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
1616
with:
1717
egress-policy: audit
1818

0 commit comments

Comments
 (0)