Skip to content

Commit 16d7f11

Browse files
RI-KaiRI-Kai
committed
worked on zizmor findings
1 parent f771d78 commit 16d7f11

File tree

3 files changed

+16
-12
lines changed

3 files changed

+16
-12
lines changed

.github/dependabot.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ updates:
33
- package-ecosystem: "gomod"
44
directory: "/"
55
schedule:
6-
interval: "weekly"
6+
interval: "monthly"
77

88
- package-ecosystem: "github-actions"
99
directory: "/"
1010
schedule:
11-
interval: "weekly"
11+
interval: "monthly"

.github/workflows/release.yml

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,14 +14,16 @@ jobs:
1414

1515
steps:
1616
- name: Checkout code
17-
uses: actions/checkout@v4
17+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
1818
with:
1919
fetch-depth: 0 # Fetch all history for git describe
20+
persist-credentials: false
2021

2122
- name: Set up Go
22-
uses: actions/setup-go@v5
23+
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
2324
with:
2425
go-version: '1.21'
26+
cache: false
2527

2628
- name: Extract version from tag
2729
id: version
@@ -43,10 +45,10 @@ jobs:
4345
4446
BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
4547
echo "Build time: ${BUILD_TIME}"
46-
echo "Version: ${{ steps.version.outputs.version }}"
48+
echo "Version: ${VERSION}"
4749
4850
GOARCH=amd64 GOOS=linux CGO_ENABLED=0 go build \
49-
-ldflags "-s -w -X 'main.version=${{ steps.version.outputs.version }}' -X 'main.buildTime=${BUILD_TIME}'" \
51+
-ldflags "-s -w -X 'main.version=${VERSION}' -X 'main.buildTime=${BUILD_TIME}'" \
5052
-o vultrack-agent-amd64 \
5153
./cmd/vultrack-agent
5254
@@ -60,17 +62,19 @@ jobs:
6062
sudo apt-get update
6163
sudo apt-get install -y dpkg-dev
6264
63-
VERSION=${{ steps.version.outputs.version }} ARCH=amd64 ./build.sh deb
65+
./build.sh deb
6466
6567
- name: Generate SHA256 checksums
68+
env:
69+
VERSION: ${{ steps.version.outputs.version }}
6670
run: |
6771
mkdir -p release-files
6872
cp vultrack-agent-amd64 release-files/
69-
cp dist/vultrack-agent_${{ steps.version.outputs.version }}_amd64.deb release-files/
73+
cp dist/vultrack-agent_${VERSION}_amd64.deb release-files/
7074
7175
cd release-files
7276
sha256sum vultrack-agent-amd64 \
73-
vultrack-agent_${{ steps.version.outputs.version }}_amd64.deb \
77+
vultrack-agent_${VERSION}_amd64.deb \
7478
> SHA256SUMS
7579
7680
echo "Release files with checksums:"
@@ -79,7 +83,7 @@ jobs:
7983
cat SHA256SUMS
8084
8185
- name: Create Release
82-
uses: softprops/action-gh-release@v1
86+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
8387
with:
8488
files: release-files/*
8589
tag_name: ${{ github.ref_name }}

.github/workflows/zizmor.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515

1616
steps:
1717
- name: Checkout code
18-
uses: actions/checkout@v4
18+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
1919
with:
2020
persist-credentials: false
2121

@@ -28,6 +28,6 @@ jobs:
2828
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2929

3030
- name: Upload SARIF results
31-
uses: github/codeql-action/upload-sarif@v4
31+
uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
3232
with:
3333
sarif_file: results.sarif

0 commit comments

Comments
 (0)