mirror of
https://github.com/subsurface/subsurface.git
synced 2025-02-19 22:16:15 +00:00
Reduce attack vector in artifact-links.yml
Pin action to git hash, https://blog.rafaelgss.dev/why-you-should-pin-actions-by-commit-hash Restrict permissions for the GITHUB_TOKEN, https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Signed-off-by: probonopd <probonopd@users.noreply.github.com>
This commit is contained in:
probonopd
Michael Keller
parent
aadca7eeae
commit
3c8ce37299
1 changed files with 6 additions and 1 deletions
7
.github/workflows/artifact-links.yml
vendored
7
.github/workflows/artifact-links.yml
vendored
|
|
@ -10,10 +10,15 @@ jobs:
|
|||
name: Add artifact links to PR and issues
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
actions: read
|
||||
|
||||
steps:
|
||||
- name: Add artifact links to PR and issues
|
||||
if: github.event.workflow_run.event == 'pull_request'
|
||||
uses: tonyhallett/artifacts-url-comments@v1.1.0
|
||||
uses: tonyhallett/artifacts-url-comments@0965ff1a7ae03c5c1644d3c30f956effea4e05ef # v1.1.0
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue