use StepSecurity Secure Workflows for builds #49

2026-05-18 07:50:13 +02:00 · 2022-07-24 21:14:28 +01:00
parent 7cdc061845
commit 8e03759e2f
2 changed files with 32 additions and 8 deletions
@@ -6,16 +6,25 @@ on:
  pull_request:
    branches: [ master ]

+permissions:
+  contents: read
+
 jobs:
  build:
    runs-on: ubuntu-latest
    name: CI Build
    steps:
+    
+    - name: Harden Runner
+      uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
    - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf

    - name: Setup .Net
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@608ee757cfcce72c2e91e99aca128e0cae67de87
      with:
        dotnet-version: 6.0.x