mirrors/krata
1
0
Fork 0
mirror of https://github.com/edera-dev/krata.git synced 2025-08-03 13:11:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(security): pin docker images and improve actions permissions (#253)

Browse Source
This commit is contained in:
Alex Zenla
2024-07-16 15:25:29 -07:00
committed by GitHub
parent b57d95c610
commit 9e91ffe065
11 changed files with 31 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/nightly.yml vendored
View File

@ -5,8 +5,6 @@ on:
- cron: "0 10 * * *"
permissions:
contents: read
packages: write
id-token: write
jobs:
server:
runs-on: ubuntu-latest
@ -26,7 +24,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- uses: dtolnay/rust-toolchain@d388a4836fcdbde0e50e395dc79a2670ccdef13f # stable
- uses: dtolnay/rust-toolchain@d0e72ca3bfdc51937a4f81431ccbed269ef9f2a2 # stable
with:
targets: "${{ matrix.arch }}-unknown-linux-gnu,${{ matrix.arch }}-unknown-linux-musl"
- run: ./hack/ci/install-linux-deps.sh
@ -84,9 +82,9 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- uses: dtolnay/rust-toolchain@d388a4836fcdbde0e50e395dc79a2670ccdef13f # stable
- uses: dtolnay/rust-toolchain@d0e72ca3bfdc51937a4f81431ccbed269ef9f2a2 # stable
if: ${{ matrix.platform.os != 'darwin' }}
- uses: dtolnay/rust-toolchain@d388a4836fcdbde0e50e395dc79a2670ccdef13f # stable
- uses: dtolnay/rust-toolchain@d0e72ca3bfdc51937a4f81431ccbed269ef9f2a2 # stable
with:
targets: "${{ matrix.platform.arch }}-apple-darwin"
if: ${{ matrix.platform.os == 'darwin' }}
@ -115,6 +113,8 @@ jobs:
- kratanet
- krata-guest-init
name: "oci build ${{ matrix.component }}"
permissions:
packages: write
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: