mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-06-06 01:21:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

misc(ci): pin dependencies of GitHub actions

Browse source 
This is recommended by the OpenSSF scorecard tool

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2023-01-08 23:11:23 +01:00 committed by David Mehren
parent 4d4c2e90df
commit 8588cbbf21
16 changed files with 81 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/codeql-analysis.yml vendored
View file

@ -34,6 +34,10 @@ on:
schedule:
- cron: '15 4 * * 3'
permissions:
contents: read
security-events: write
jobs:
analyze:
name: Analyze
@ -53,11 +57,11 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
with:
languages: ${{ matrix.language }}
queries: +security-and-quality
@ -69,7 +73,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
@ -83,6 +87,6 @@ jobs:
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
with:
category: "/language:${{ matrix.language }}"