Skip to content

Commit

Permalink
ci: improve GitHub Actions security
Browse files Browse the repository at this point in the history
Based on recommendations from zizmor
  • Loading branch information
ashishb committed Jan 5, 2025
1 parent 1e5a65d commit 13e629b
Show file tree
Hide file tree
Showing 7 changed files with 25 additions and 4 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/lint-markdown.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Set up Ruby
# See https://github.com/ruby/setup-ruby#versioning
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/lint-yaml.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,13 @@ jobs:
lintYaml:
runs-on: ubuntu-latest
timeout-minutes: 15

steps:
- name: Checkout repository
- name: Checkout code
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Check YAML files with linter
uses: ibiqlik/action-yamllint@v3
with:
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows/test_macos_1.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,11 @@ jobs:
timeout-minutes: 15

steps:
- uses: actions/checkout@v4
- name: Checkout code
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install coreutils
run: |
set -eo pipefail
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/test_macos_2.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Run Setup new Mac machine script
run: |
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/test_macos_3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Run _macos script
run: |
set -eo pipefail
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows/test_macos_4.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,11 @@ jobs:
timeout-minutes: 15

steps:
- uses: actions/checkout@v4
- name: Checkout code
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install new vim
run: |
set -eo pipefail
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/test_ubuntu.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ jobs:

steps:
- uses: actions/checkout@v4
with:
persist-credentials: false

- name: Run setup_dotfiles.sh
run: |
set -e
Expand Down

0 comments on commit 13e629b

Please sign in to comment.