This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-kamelets.git
The following commit(s) were added to refs/heads/main by this push:
new 110860af Github Actions Security Best practices: Pin Actions to Full
lenght Commit SHA - Validate action (#2157)
110860af is described below
commit 110860af998ba564a3c3e6a2da554c47086ea8c2
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Aug 20 14:33:03 2024 +0200
Github Actions Security Best practices: Pin Actions to Full lenght Commit
SHA - Validate action (#2157)
---
.github/workflows/validate.yaml | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
index f03f8650..a9d5382a 100644
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@@ -40,14 +40,17 @@ concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
+permissions:
+ contents: read
+
jobs:
validate:
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@v4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install Go
- uses: actions/setup-go@v5
+ uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.20.x
- name: Run Validator
