(camel-kamelets) branch main updated: Github Actions Security Best practices: Pin Actions to Full lenght Commit SHA - CI Build Action (#2154)

Tue, 20 Aug 2024 05:19:38 -0700 

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-kamelets.git


The following commit(s) were added to refs/heads/main by this push:
     new 8ddf79af Github Actions Security Best practices: Pin Actions to Full 
lenght Commit SHA - CI Build Action (#2154)
8ddf79af is described below

commit 8ddf79af4f425dd2880c1a467eb2827c90e462ed
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Aug 20 14:19:28 2024 +0200

    Github Actions Security Best practices: Pin Actions to Full lenght Commit 
SHA - CI Build Action (#2154)
---
 .github/workflows/ci-build.yml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index b09b49a9..730033b8 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -44,15 +44,18 @@ on:
       - 'NOTICE'
       - 'Jenkinsfile'
   workflow_dispatch:
+permissions:  # added using https://github.com/step-security/secure-repo
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       with:
         persist-credentials: false
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # 
v4.2.2
       with:
         distribution: 'temurin'
         java-version: 17
@@ -63,7 +66,7 @@ jobs:
       shell: bash
       run: tar -czf maven-repo-${{ github.run_id }}-${{ github.run_number 
}}.tgz -C ~ .m2/repository
     - name: Persist Maven Repo
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # 
v4.3.6
       with:
         name: maven-repo-${{ github.run_id }}-${{ github.run_number }}
         path: maven-repo-${{ github.run_id }}-${{ github.run_number }}.tgz
@@ -75,11 +78,11 @@ jobs:
       NEXUS_DEPLOY_USERNAME: ${{ secrets.NEXUS_USER }}
       NEXUS_DEPLOY_PASSWORD: ${{ secrets.NEXUS_PW }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       with:
         persist-credentials: false
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # 
v4.2.2
       with:
         distribution: 'temurin'
         java-version: 17

Reply via email to