Skip to content

Commit 5f23b4c

Browse files
crazy-maxcrazy-max
committed
fix zizmor findings
1 parent d2ab1e7 commit 5f23b4c

4 files changed

Lines changed: 15 additions & 16 deletions

File tree

.github/dependabot.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,17 @@ updates:
44
directory: "/"
55
schedule:
66
interval: "daily"
7+
cooldown:
8+
default-days: 2
79
labels:
810
- "kind/dependencies"
911
- "bot"
1012
- package-ecosystem: "npm"
1113
directory: "/"
1214
schedule:
1315
interval: "daily"
16+
cooldown:
17+
default-days: 2
1418
versioning-strategy: "increase"
1519
allow:
1620
- dependency-type: "production"

.github/workflows/ci.yml

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ concurrency:
44
group: ${{ github.workflow }}-${{ github.ref }}
55
cancel-in-progress: true
66

7-
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
87
permissions:
98
contents: read
109

@@ -24,7 +23,7 @@ jobs:
2423
steps:
2524
-
2625
name: Checkout
27-
uses: actions/checkout@v6
26+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2827
-
2928
name: Env before
3029
run: |
@@ -42,7 +41,7 @@ jobs:
4241
steps:
4342
-
4443
name: Checkout
45-
uses: actions/checkout@v6
44+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4645
-
4746
name: Expose GitHub Runtime
4847
uses: ./
@@ -52,13 +51,13 @@ jobs:
5251
env|sort
5352
-
5453
name: Checkout go-actions-cache
55-
uses: actions/checkout@v6
54+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5655
with:
5756
repository: tonistiigi/go-actions-cache
5857
path: go-actions-cache
5958
-
6059
name: Setup go
61-
uses: actions/setup-go@v6
60+
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
6261
-
6362
name: Test
6463
run: |

.github/workflows/labels.yml

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ concurrency:
44
group: ${{ github.workflow }}-${{ github.ref }}
55
cancel-in-progress: true
66

7-
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
87
permissions:
98
contents: read
109

@@ -24,16 +23,14 @@ jobs:
2423
labeler:
2524
runs-on: ubuntu-latest
2625
permissions:
27-
# same as global permissions
28-
contents: read
29-
# required to update labels
30-
issues: write
26+
contents: read # same as global permissions
27+
issues: write # required to update labels
3128
steps:
3229
-
3330
name: Checkout
34-
uses: actions/checkout@v6
31+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3532
-
3633
name: Run Labeler
37-
uses: crazy-max/ghaction-github-labeler@v5
34+
uses: crazy-max/ghaction-github-labeler@24d110aa46a59976b8a7f35518cb7f14f434c916 # v5.3.0
3835
with:
3936
dry-run: ${{ github.event_name == 'pull_request' }}

.github/workflows/validate.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ concurrency:
44
group: ${{ github.workflow }}-${{ github.ref }}
55
cancel-in-progress: true
66

7-
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
87
permissions:
98
contents: read
109

@@ -23,11 +22,11 @@ jobs:
2322
steps:
2423
-
2524
name: Checkout
26-
uses: actions/checkout@v6
25+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2726
-
2827
name: List targets
2928
id: generate
30-
uses: docker/bake-action/subaction/list-targets@v6
29+
uses: docker/bake-action/subaction/list-targets@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6.10.0
3130
with:
3231
target: validate
3332

@@ -42,6 +41,6 @@ jobs:
4241
steps:
4342
-
4443
name: Validate
45-
uses: docker/bake-action@v6
44+
uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6.10.0
4645
with:
4746
targets: ${{ matrix.target }}

0 commit comments

Comments
 (0)