(camel-kamelets) branch main updated: Github Actions Security Best practices: Pin Actions to Full lenght Commit SHA - Main push regen action (#2156)

Tue, 20 Aug 2024 05:30:50 -0700 

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-kamelets.git


The following commit(s) were added to refs/heads/main by this push:
     new 93bb0560 Github Actions Security Best practices: Pin Actions to Full 
lenght Commit SHA - Main push regen action (#2156)
93bb0560 is described below

commit 93bb0560513019e648e938adbc6de44f4d4aceb6
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Aug 20 14:30:12 2024 +0200

    Github Actions Security Best practices: Pin Actions to Full lenght Commit 
SHA - Main push regen action (#2156)
---
 .github/workflows/main-push-regen.yaml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/main-push-regen.yaml 
b/.github/workflows/main-push-regen.yaml
index 8030f04d..e29b8991 100644
--- a/.github/workflows/main-push-regen.yaml
+++ b/.github/workflows/main-push-regen.yaml
@@ -27,21 +27,27 @@ concurrency:
   group: ${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
 
+permissions:  # added using https://github.com/step-security/secure-repo
+  contents: read
+
 jobs:
   build:
+    permissions:
+      contents: write  # for peter-evans/create-pull-request to create branch
+      pull-requests: write  # for peter-evans/create-pull-request to create a 
PR
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 
v4.1.7
         with:
           persist-credentials: false
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # 
v4.2.2
         with:
           distribution: 'temurin'
           java-version: 17
           cache: 'maven'
       - name: Install Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # 
v5.0.2
         with:
           go-version: 1.20.x
       - name: Build catalog 1st Run
@@ -55,7 +61,7 @@ jobs:
           cd script/generator
           go run . ../../kamelets/ ../../docs/modules/ROOT/
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: 
peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # 
v6.1.0
         with:
           base: main
           token: ${{ secrets.GITHUB_TOKEN }}

Reply via email to