chore: bump otto-de/purge-deprecated-workflow-runs from 2.0.4 to 2.1.0 #82
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security Hardening | |
| # Define triggers for the workflow; it ignores pushes to branches prefixed with 'dependabot/' | |
| # and responds to pull requests targeting any branch in the repository. | |
| on: | |
| push: | |
| branches-ignore: | |
| - 'dependabot/**' | |
| paths-ignore: | |
| - '**/*.md' | |
| pull_request: | |
| branches: | |
| - '**' | |
| paths-ignore: | |
| - '**/*.md' | |
| # Manage concurrency to ensure that only one instance of this workflow runs at a time per branch/ref, | |
| # cancelling any in-progress instances when a new one starts. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Declare default permissions as read-only to enhance security. | |
| permissions: read-all | |
| jobs: | |
| security-hardening: | |
| name: Harden Security | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| # Use a specific SHA to checkout the code, ensuring the action is secure and hasn't been tampered with. | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Ensure SHA pinned actions | |
| # Utilize a community GitHub Action to verify all used actions are pinned to a SHA for enhanced security. | |
| uses: zgosalvez/github-actions-ensure-sha-pinned-actions@5d6ac37a4cef8b8df67f482a8e384987766f0213 # v3.0.17 |