kb01/zmk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci(build): improve security posture

Browse source 
* Limit unnecessary permissions.

* Avoid storing credentials.
This commit is contained in:
honorless 2024-03-25 14:26:35 -04:00 committed by Pete Johanson
parent 0bea7832e9
commit 7c9477be6e
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.github/workflows/build.yml vendored
View file

@ -12,6 +12,8 @@ on:
schedule: schedule:
- cron: "22 4 * * *" - cron: "22 4 * * *"
permissions: {}
jobs: jobs:
build: build:
if: ${{ always() }} if: ${{ always() }}
@ -25,6 +27,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Cache west modules - name: Cache west modules
uses: actions/cache@v4 uses: actions/cache@v4
env: env:
@ -179,6 +183,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js - name: Use Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
@ -335,6 +341,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js - name: Use Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
@ -415,6 +423,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- uses: tj-actions/changed-files@v44 - uses: tj-actions/changed-files@v44
id: changed-files id: changed-files
with: with: