Merge pull request #276 from step-security/add-workflows

ci: add workflows

Author: varunsh-coder

.github/workflows/audit-package.yml

@@ -0,0 +1,24 @@
+name: NPM Audit Fix Run
+
+on:
+  workflow_dispatch:
+    inputs:
+      force:
+        description: "Use --force flag for npm audit fix?"
+        required: true
+        type: boolean
+      base_branch:
+        description: "Specify a base branch"
+        required: false
+        default: "main"
+
+jobs:
+  audit-fix:
+    uses: step-security/reusable-workflows/.github/workflows/npm_audit_fix.yml@v1
+    with:
+      force: ${{ inputs.force }}
+      base_branch: ${{ inputs.base_branch }}
+
+permissions:
+  contents: write
+  pull-requests: write

.github/workflows/publish-immutable-actions.yml

@@ -0,0 +1,25 @@
+name: 'Publish Immutable Action Version'
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        with:
+          egress-policy: audit
+
+      - name: Checking out
+        uses: actions/checkout@v4
+      - name: Publish
+        id: publish
+        uses: actions/publish-immutable-action@0.0.4