Skip to content

Commit

Permalink
Limit GITHUB_TOKEN permissions
Browse files Browse the repository at this point in the history 
Signed-off-by: Jed Salazar <[email protected]>
  • Loading branch information
@jedsalazar
jedsalazar committed Mar 18, 2024
1 parent 81f9603 commit a8ceeb5
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
7 changes: 6 additions & 1 deletion .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,18 @@ jobs:
runs-on: ubuntu-latest

steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '1.20'
check-latest: true

- uses: chainguard-dev/actions/goimports@main
- uses: chainguard-dev/actions/goimports@538d1927b846546b620784754c33e2a1db86e217 # main
- run: |
go build ./...
go test ./... -race
11 changes: 11 additions & 0 deletions .github/workflows/golangci-lint.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,22 @@ name: "golangci-lint"
on:
pull_request:

permissions:
contents: read

jobs:
golangci:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
name: lint
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
Expand Down

0 comments on commit a8ceeb5

Please sign in to comment.