Skip to content

chore: bump pygithub from 2.4.0 to 2.5.0 #73

chore: bump pygithub from 2.4.0 to 2.5.0

chore: bump pygithub from 2.4.0 to 2.5.0 #73

name: Security Hardening
# Define triggers for the workflow; it ignores pushes to branches prefixed with 'dependabot/'
# and responds to pull requests targeting any branch in the repository.
on:
push:
branches-ignore:
- 'dependabot/**'
paths-ignore:
- '**/*.md'
pull_request:
branches:
- '**'
paths-ignore:
- '**/*.md'
# Manage concurrency to ensure that only one instance of this workflow runs at a time per branch/ref,
# cancelling any in-progress instances when a new one starts.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Declare default permissions as read-only to enhance security.
permissions: read-all
jobs:
security-hardening:
name: Harden Security
runs-on: ubuntu-latest
steps:
- name: Checkout code
# Use a specific SHA to checkout the code, ensuring the action is secure and hasn't been tampered with.
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Ensure SHA pinned actions
# Utilize a community GitHub Action to verify all used actions are pinned to a SHA for enhanced security.
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ed00f72a3ca5b6eff8ad4d3ffdcacedb67a21db1 # v3.0.15