Skip to content

Commit c4bd5f9

Browse files
UlisesGasconUlisesGascon
committed
ci: pin dependencies and explicit permissions in the pipeline
1 parent 5930d37 commit c4bd5f9

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

.github/workflows/ci.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ on:
1111
branches:
1212
- '*'
1313

14+
permissions:
15+
contents: read
16+
1417
jobs:
1518
build:
1619

@@ -23,8 +26,8 @@ jobs:
2326
node-version: [18.x, 20.x]
2427

2528
steps:
26-
- uses: actions/checkout@v2
27-
- uses: actions/[email protected]
29+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
30+
- uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e # v2.1.4
2831
with:
2932
node-version: ${{ matrix.node-version }}
3033
- run: npm ci

0 commit comments

Comments
 (0)