[StepSecurity] Apply security best practices
resolve: #103
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..253bcb7
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+ - package-ecosystem: github-actions
+ directory: /
+ schedule:
+ interval: daily
diff --git a/.github/workflows/updateRelease.yml b/.github/workflows/updateRelease.yml
index 5aabe7b..820ee19 100644
--- a/.github/workflows/updateRelease.yml
+++ b/.github/workflows/updateRelease.yml
@@ -3,6 +3,9 @@
milestone:
types: [created]
+permissions:
+ contents: read
+
jobs:
prepare:
runs-on: ubuntu-latest
@@ -11,7 +14,7 @@
pull-requests: write
contents: write
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: master
- name: Create new release folder
@@ -20,7 +23,7 @@
cd scripts
./applyTemplate.sh ${{ github.event.milestone.title }} $name
- name: Create Pull Request for Release ${{ github.event.milestone.title }}
- uses: peter-evans/create-pull-request@v4
+ uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
with:
commit-message: Prepare Release ${{ github.event.milestone.title }}
branch: prepare_R${{ github.event.milestone.title }}
