Skip to content

Harden workflows

Harden workflows #1

Workflow file for this run

name: Linting
on:
push:
branches:
- master
pull_request:
workflow_dispatch:
permissions:
contents: read
env:
NPM_CONFIG_FUND: '0'
NPM_CONFIG_AUDIT: '0'
SUPPRESS_SUPPORT: '1'
NO_UPDATE_NOTIFIER: 'true'
jobs:
lint:
name: ESLint Check
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
nodejs.org:443
registry.npmjs.org:443
- name: Run code style check
uses: myrotvorets/composite-actions/node-run-script@master
with:
script: lint
typecheck:
name: TypeScript Check
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
nodejs.org:443
registry.npmjs.org:443
- name: Run type check
uses: myrotvorets/composite-actions/node-run-script@master
with:
script: typecheck