(solr-docker) branch main updated: chore(ci): fix CI pipeline security issues reported by zizmor (#34)

Tue, 19 May 2026 03:57:55 -0700 

This is an automated email from the ASF dual-hosted git repository.

janhoy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-docker.git


The following commit(s) were added to refs/heads/main by this push:
     new 385be3d  chore(ci): fix CI pipeline security issues reported by zizmor 
(#34)
385be3d is described below

commit 385be3d043b73177daf0ab83435702c5637d43ac
Author: Dhaval Gojiya <[email protected]>
AuthorDate: Tue May 19 16:27:40 2026 +0530

    chore(ci): fix CI pipeline security issues reported by zizmor (#34)
---
 .github/workflows/pr-for-official-repo.yml | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr-for-official-repo.yml 
b/.github/workflows/pr-for-official-repo.yml
index d3e74a5..352d1fd 100644
--- a/.github/workflows/pr-for-official-repo.yml
+++ b/.github/workflows/pr-for-official-repo.yml
@@ -8,6 +8,9 @@ on:
       - 'generate-stackbrew-library.sh'
       - '[0-9]+.[0-9]+*/**'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     # Only run this job for the apache repo, not on any forks
@@ -19,30 +22,37 @@ jobs:
 
     steps:
       # Setup
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 
v6.0.2
         with:
           # This is required for stackbrew to know which commit a dockerfile 
belongs to
           fetch-depth: 0
+          persist-credentials: false
+
       - name: Checkout official-images fork
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 
v6.0.2
         with:
           repository: docker-library/official-images
           path: official-images
+          persist-credentials: false
+
       - name: check headcommit message
         id: commit
         run: |
           message="$(jq '.head_commit.message' $GITHUB_EVENT_PATH | sed -E 
's/^#/ #/g' | sed -E 's/(#[0-9]+)$/\1 /g' | sed -E 
's/([^a-zA-Z])(#[0-9]+[^0-9])/\1apache\/solr-docker\2/g' | tr -d \")"  # get 
the message, substituting the github links
           echo ::set-output name=title::${message%%\\n*}   # get the title
+
       - name: Install BashBrew
         run: |
           mkdir -p "${HOME}/.local/bin"
           wget -nv --output-document="${HOME}/.local/bin/bashbrew" 
https://github.com/docker-library/bashbrew/releases/download/v0.1.12/bashbrew-amd64
           chmod a+x "${HOME}/.local/bin/bashbrew"
           echo "${HOME}/.local/bin" >> $GITHUB_PATH
+
       - name: Generate new Solr manifest
         run: ./generate-stackbrew-library.sh > official-images/library/solr
+
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: 
peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # 
v8.1.1
         with:
           path: official-images
           push-to-fork: docker-solr/official-images

Reply via email to