From d75b70c4a5d3c5d92782e6e3cf0e4dc6b5a41492 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Thu, 9 May 2024 21:08:13 +0000 Subject: [PATCH] [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot --- .github/dependabot.yml | 11 +++++++++++ .github/workflows/buildstatus.yml | 6 +++--- .github/workflows/crossbuild.yml | 12 ++++++------ 3 files changed, 20 insertions(+), 9 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..26da6619 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + + - package-ecosystem: gomod + directory: / + schedule: + interval: daily diff --git a/.github/workflows/buildstatus.yml b/.github/workflows/buildstatus.yml index f309dad2..959de417 100644 --- a/.github/workflows/buildstatus.yml +++ b/.github/workflows/buildstatus.yml @@ -20,9 +20,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/cache@v4 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: | ~/.cache/go-build @@ -32,7 +32,7 @@ jobs: ${{ runner.os }}-go- - name: Build - uses: crazy-max/ghaction-xgo@v3 + uses: crazy-max/ghaction-xgo@682253ce1d3dd7a78c5120c703c9f3811dbf8cb2 # v3.0.0 with: xgo_version: latest go_version: 1.21 diff --git a/.github/workflows/crossbuild.yml b/.github/workflows/crossbuild.yml index 8cb50f3f..31cb6595 100644 --- a/.github/workflows/crossbuild.yml +++ b/.github/workflows/crossbuild.yml @@ -16,9 +16,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/cache@v3 + uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3 with: path: | ~/.cache/go-build @@ -28,7 +28,7 @@ jobs: ${{ runner.os }}-go- - name: Build ftrove - uses: crazy-max/ghaction-xgo@v3 + uses: crazy-max/ghaction-xgo@682253ce1d3dd7a78c5120c703c9f3811dbf8cb2 # v3.0.0 with: xgo_version: latest go_version: 1.21 @@ -44,7 +44,7 @@ jobs: pkg: ./cmd/ftrove - name: Build admftrove - uses: crazy-max/ghaction-xgo@v3 + uses: crazy-max/ghaction-xgo@682253ce1d3dd7a78c5120c703c9f3811dbf8cb2 # v3.0.0 with: xgo_version: latest go_version: 1.21 @@ -60,7 +60,7 @@ jobs: pkg: ./cmd/admftrove - name: Create Release - uses: actions/create-release@v1.0.0 + uses: actions/create-release@8d93430eddafb926c668181c71f579556f68668c # v1.0.0 id: create_release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -71,7 +71,7 @@ jobs: prerelease: false - name: Upload Release Assets - uses: glentiki/xbin-release-action@v1.0.0 + uses: glentiki/xbin-release-action@736088fa1388541bd9224f2749445ee3bd8890a5 # v1.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: