From dc6db0430255453a2f7f43b91d39eea130f1b44b Mon Sep 17 00:00:00 2001 From: Sysix Date: Mon, 16 Dec 2024 17:37:16 +0100 Subject: [PATCH] ci: add zizmor for github action security --- .github/workflows/build.yml | 5 ++++- .github/workflows/format.yml | 5 ++++- .github/workflows/generate.yml | 5 ++++- .github/workflows/lint.yml | 5 ++++- .github/workflows/test.yml | 5 ++++- .github/workflows/type-check.yml | 5 ++++- 6 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2c269d1..c831dc3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,10 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + persist-credentials: false - uses: ./.github/actions/pnpm diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index d0a598b..e4f40e2 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -12,7 +12,10 @@ jobs: format: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + persist-credentials: false - name: Run Format (prettier) run: npx prettier . --check diff --git a/.github/workflows/generate.yml b/.github/workflows/generate.yml index bf52ff2..ca10366 100644 --- a/.github/workflows/generate.yml +++ b/.github/workflows/generate.yml @@ -21,7 +21,10 @@ jobs: generate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + persist-credentials: false - uses: ./.github/actions/pnpm diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 18d19a5..6590c8a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,10 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + persist-credentials: false - uses: ./.github/actions/pnpm diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f5a628b..f5ec7e8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,7 +12,10 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + persist-credentials: false - uses: ./.github/actions/pnpm diff --git a/.github/workflows/type-check.yml b/.github/workflows/type-check.yml index 41829b2..622d309 100644 --- a/.github/workflows/type-check.yml +++ b/.github/workflows/type-check.yml @@ -12,7 +12,10 @@ jobs: type-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + persist-credentials: false - uses: ./.github/actions/pnpm