[StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-12-21 12:28:35 +00:00
parent bba3d65368
commit dc5b214932
19 changed files with 375 additions and 65 deletions
--- a/.github/workflows/PR-Demo-cleanup.yml
+++ b/.github/workflows/PR-Demo-cleanup.yml
@@ -18,6 +18,11 @@ jobs:
    if: github.event.action == 'closed'
    
    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
      - name: Set up SSH
        run: |
          mkdir -p ~/.ssh/
@@ -60,7 +65,7 @@ jobs:

      - name: Post cleanup notice to PR
        if: steps.cleanup.outputs.cleanup_performed == 'true'
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            const { GITHUB_REPOSITORY } = process.env;