This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 82d83c02f4c Github Actions Security Best practices: Pin Actions to
Full lenght Commit SHA - PR Build Main Worfklow (#15205)
82d83c02f4c is described below
commit 82d83c02f4c8cf78772e85aae1c4cdd7ca468f7b
Author: Andrea Cosentino <[email protected]>
AuthorDate: Mon Aug 19 14:41:40 2024 +0200
Github Actions Security Best practices: Pin Actions to Full lenght Commit
SHA - PR Build Main Worfklow (#15205)
---
.github/workflows/pr-build-main.yml | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/pr-build-main.yml
b/.github/workflows/pr-build-main.yml
index 6e2a64898d0..ea461629d2a 100644
--- a/.github/workflows/pr-build-main.yml
+++ b/.github/workflows/pr-build-main.yml
@@ -30,6 +30,9 @@ on:
- Jenkinsfile.*
- NOTICE.txt
+permissions:
+ contents: read
+
jobs:
build:
if: github.repository == 'apache/camel'
@@ -46,7 +49,7 @@ jobs:
experimental: true
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #
v4.1.7
with:
persist-credentials: false
- id: install-packages
@@ -54,7 +57,7 @@ jobs:
- id: install-mvnd
uses: ./.github/actions/install-mvnd
- name: Set up JDK ${{ matrix.java }}
- uses: actions/setup-java@v4
+ uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 #
v4.2.2
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
@@ -62,7 +65,7 @@ jobs:
- name: maven build
run: ./etc/scripts/regen.sh
- name: archive logs
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
# v4.3.6
if: always()
with:
name: build-${{ matrix.java }}.log
