Skip to content

Commit d4631e3

Browse files
step-security-botstep-security-bot
authored
feat: [StepSecurity] Apply security best practices (#118)
1 parent dc206fd commit d4631e3

3 files changed

Lines changed: 13 additions & 5 deletions

File tree

.github/dependabot.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,3 +19,8 @@ updates:
1919
directory: /libs/front/front-api
2020
schedule:
2121
interval: daily
22+
23+
- package-ecosystem: npm
24+
directory: /.docs
25+
schedule:
26+
interval: daily

.github/workflows/docs-deploy.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,9 @@ concurrency:
1212
group: pages
1313
cancel-in-progress: false
1414

15+
permissions:
16+
contents: read
17+
1518
jobs:
1619
deploy-docs:
1720
name: Deploy Documentation to GitHub Pages
@@ -28,13 +31,13 @@ jobs:
2831
node-version: "24"
2932
cache: "yarn" # 🚀 Speed up builds with yarn cache
3033
- name: ⚙️ Setup Pages
31-
uses: actions/configure-pages@v4
34+
uses: actions/configure-pages@1f0c5cde4bc74cd7e1254d0cb4de8d49e9068c7d # v4.0.0
3235
- name: 📂 Install Dependencies
3336
run: cd .docs && yarn install --frozen-lockfile
3437
- name: Build with Fumadocs
3538
run: cd .docs && yarn build
3639
- name: Upload artifact
37-
uses: actions/upload-pages-artifact@v3
40+
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
3841
with:
3942
path: .docs/out
4043

@@ -53,4 +56,4 @@ jobs:
5356
steps:
5457
- name: Deploy to GitHub Pages
5558
id: deployment
56-
uses: actions/deploy-pages@v4
59+
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5

.github/workflows/release-prepare.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -160,7 +160,7 @@ jobs:
160160
run: |
161161
helm plugin install https://github.com/chartmuseum/helm-push || true
162162
- name: ⎈ Package and push Helm Chart
163-
uses: bsord/helm-push@v4.2.0
163+
uses: bsord/helm-push@51f937208fed71540ab5ec5215cf9b3ecae9c7b7 # v4.2.0
164164
with:
165165
useOCIRegistry: true
166166
registry-url: oci://${{ env.REGISTRY }}/${{ env.CHART_BASE_ARTEFACT }}
@@ -192,7 +192,7 @@ jobs:
192192
run: |
193193
helm plugin install https://github.com/chartmuseum/helm-push || true
194194
- name: ⎈ Package and push Helm Chart
195-
uses: bsord/helm-push@v4.2.0
195+
uses: bsord/helm-push@51f937208fed71540ab5ec5215cf9b3ecae9c7b7 # v4.2.0
196196
with:
197197
useOCIRegistry: true
198198
registry-url: oci://${{ env.REGISTRY }}/${{ env.CHART_BASE_ARTEFACT }}

0 commit comments

Comments
 (0)