Skip to content

chore(deps): update zgosalvez/github-actions-ensure-sha-pinned-actions action to v3.0.18 #357

chore(deps): update zgosalvez/github-actions-ensure-sha-pinned-actions action to v3.0.18

chore(deps): update zgosalvez/github-actions-ensure-sha-pinned-actions action to v3.0.18 #357

Workflow file for this run

---
name: Actions security
on: # yamllint disable-line rule:truthy
pull_request:
types: [opened, synchronize]
paths: [.github/workflows/**]
jobs:
# Actions security tries to keep your GitHub actions secure by following these simple rules:
# - Check if no issues are found on your GitHub Actions
# - Ensure that all GitHub Actions and reusable workflow are pinned using directly a commit SHA
actions_security:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Github Actions lint
run: |
curl -O https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json
echo "::add-matcher::.github/actionlint-matcher.json"
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
./actionlint -color
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@64418826697dcd77c93a8e4a1f7601a1942e57b5 # v3.0.18