use StepSecurity Secure Workflows for project management #49

2026-05-19 00:10:14 +02:00 · 2022-07-24 21:22:31 +01:00
parent 8e03759e2f
commit 875e6d6260
4 changed files with 53 additions and 8 deletions
@@ -7,11 +7,22 @@ on:
  pull_request:
    types: [opened]

+permissions:
+  contents: read
+
 jobs:
  assignAuthor:
+    permissions:
+      pull-requests: write  # for samspills/assign-pr-to-author
    runs-on: ubuntu-latest
    steps:
+
+    - name: Harden Runner
+      uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
    - name: Auto Assign PR
-      uses: samspills/assign-pr-to-author@v1.0.1
+      uses: samspills/assign-pr-to-author@223a87a821f7e7447cfb5221bc53ceeb633341c2
      with:
        repo-token: '${{ secrets.GITHUB_TOKEN }}'