GitHub Actions security hardening
Use commit SHAs for third-party actions to ensure that the same versions are always being downloaded.
This commit is contained in:
parent
cd4b23cad4
commit
936d765115
4
.github/workflows/main.yml
vendored
4
.github/workflows/main.yml
vendored
|
|
@ -12,10 +12,10 @@ jobs:
|
||||||
build-and-push-images:
|
build-and-push-images:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||||
|
|
||||||
- name: Login to the Docker registry
|
- name: Login to the Docker registry
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 # v1.10.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue