Skip to content
CI

Update dependencies #1084

Sign in to view logs

Update dependencies

Update dependencies #1084

Workflow file for this run

.github/workflows/main.yml at 9a1773c
# This is a simple GitHub Actions CI workflow.
name: CI
# Limit permissions. See:
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions
# https://github.com/actions/first-interaction/issues/10#issuecomment-1041402989
# Since we set "permissions", anything unset has access "none".
permissions:
contents: read
checks: write
# Controls when the action will run. Triggers the workflow on push or pull
# request events but only for the main branch (formerly the master branch)
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Use harden-runner https://github.com/step-security/harden-runner
# presented at OpenSSF Best Practices WG 2022-03-15
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
# Checks-out your repository under $GITHUB_WORKSPACE,
# so your job can access it.
# As required by OpenSSF Scorecard,
# we pin this to a specific hash value to prevent use of an unknown
# (and possibly subverted) version.
# Update by consulting: https://github.com/actions/checkout/releases
# We include the hash after '@', and comment "pin @SIMPLE-NAME"; this is
# the naming convention of https://github.com/mheap/pin-github-action
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # pin @v4.1
# Runs a single command using the runners shell
- name: Run a one-line script
run: echo Hello, world!