Security hardening: lock community action versions
As there's no lockfile for GitHub Actions, specify the commit SHAs to use for community actions so that changes can be reviewed before using a new version of a particular action.
This commit is contained in:
parent
d5d9bdf7bf
commit
b3c925a0cf
3 changed files with 16 additions and 16 deletions
6
.github/workflows/deploy.yml
vendored
6
.github/workflows/deploy.yml
vendored
|
|
@ -20,17 +20,17 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout the code
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@a81bbbf
|
||||
|
||||
- name: Add the deployment SSH key
|
||||
uses: shimataro/ssh-key-action@v2
|
||||
uses: shimataro/ssh-key-action@6f350ca
|
||||
with:
|
||||
key: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
name: id_rsa
|
||||
known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
|
||||
|
||||
- name: Cache dependencies
|
||||
uses: actions/cache@v1
|
||||
uses: actions/cache@d974700
|
||||
with:
|
||||
path: tools/ansible/.roles
|
||||
key: dependencies-composer-${{ hashFiles('tools/ansible/requirements.yml') }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue