File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1414 - opened
1515 - reopened
1616
17+ permissions :
18+ contents : read
19+
1720jobs :
1821
1922 add-to-board :
Original file line number Diff line number Diff line change 1717 contents : read
1818 packages : write
1919 steps :
20- - uses : actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
20+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
21+ with :
22+ persist-credentials : false
2123
2224 - name : Setup Python
2325 uses : actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
3133
3234 - name : Login to GitHub Container Registry
3335 run : |
34- echo ${{ secrets.GITHUB_TOKEN }} | oras login ghcr.io --username ${{ github.actor } } --password-stdin
36+ echo ${{ secrets.GITHUB_TOKEN }} | oras login ghcr.io --username ${GITHUB_ACTOR } --password-stdin
3537
3638 - name : Update and publish SBOMs
3739 run : make update-and-publish-sboms
Original file line number Diff line number Diff line change 1+ name : " Validate GitHub Actions"
2+
3+ on :
4+ pull_request :
5+ paths :
6+ - ' .github/workflows/**'
7+ - ' .github/actions/**'
8+ push :
9+ branches :
10+ - main
11+ paths :
12+ - ' .github/workflows/**'
13+ - ' .github/actions/**'
14+
15+ permissions :
16+ contents : read
17+
18+ jobs :
19+ zizmor :
20+ name : " Lint"
21+ runs-on : ubuntu-latest
22+ permissions :
23+ contents : read
24+ steps :
25+ - uses : actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
26+ with :
27+ persist-credentials : false
28+
29+ - name : " Run zizmor"
30+ uses : zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0
31+ with :
32+ config : .github/zizmor.yml
33+ # Disable SARIF upload so the step is a simple pass/fail gate
34+ advanced-security : false
35+ inputs : .github
Original file line number Diff line number Diff line change 66 - main
77 pull_request :
88
9+ permissions :
10+ contents : read
11+
912env :
1013 PYTHON_VERSION : " 3.13"
1114
1417 name : " Checks"
1518 runs-on : ubuntu-22.04-4core-16gb
1619 steps :
17- - uses : actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
20+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
21+ with :
22+ persist-credentials : false
1823
1924 - name : Setup Python
2025 uses : actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
Original file line number Diff line number Diff line change 1+ rules :
2+ unpinned-uses :
3+ config :
4+ policies :
5+ # anchore/workflows is an internal repository; using @main is acceptable
6+ anchore/* : any
You can’t perform that action at this time.
0 commit comments