[StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-12-21 12:28:35 +00:00
parent bba3d65368
commit dc5b214932
19 changed files with 375 additions and 65 deletions
--- a/.github/workflows/sync_files.yml
+++ b/.github/workflows/sync_files.yml
@@ -17,9 +17,14 @@ jobs:
  sync-readme:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
        with:
          python-version: "3.x"
      - name: Install dependencies
@@ -36,7 +41,7 @@ jobs:
          git diff --staged --quiet || git commit -m ":memo: Sync README
          > Made via sync_files.yml" || echo "no changes"
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: Update files