Skip to content

Commit 5f13b14

Browse files
step-security-botbjohansebas
step-security-bot
and
bjohansebas
authored
[StepSecurity] ci: Harden GitHub Actions (#235)
* [StepSecurity] ci: Harden GitHub Actions Signed-off-by: StepSecurity Bot <[email protected]> * ping supertest in ci Signed-off-by: Sebastian Beltran <[email protected]> --------- Signed-off-by: StepSecurity Bot <[email protected]> Signed-off-by: Sebastian Beltran <[email protected]> Co-authored-by: Sebastian Beltran <[email protected]>
1 parent 76e0945 commit 5f13b14

File tree

1 file changed

+14
-11
lines changed

1 file changed

+14
-11
lines changed

.github/workflows/ci.yml

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,9 @@ jobs:
2424
name: Lint
2525
runs-on: ubuntu-latest
2626
steps:
27-
- uses: actions/checkout@v4
27+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2828
- name: Setup Node.js
29-
uses: actions/setup-node@v4
29+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
3030
with:
3131
node-version: 'lts/*'
3232

@@ -113,31 +113,34 @@ jobs:
113113

114114
- name: Node.js 8.x
115115
node-version: "8"
116-
npm-i: [email protected] [email protected]
116+
npm-i: [email protected] [email protected] [email protected]
117117

118118
- name: Node.js 9.x
119119
node-version: "9"
120-
npm-i: [email protected] [email protected]
120+
npm-i: [email protected] [email protected] [email protected]
121121

122122
- name: Node.js 10.x
123123
node-version: "10"
124-
npm-i: [email protected]
124+
npm-i: [email protected] [email protected]
125125

126126
- name: Node.js 11.x
127127
node-version: "11"
128-
npm-i: [email protected]
128+
npm-i: [email protected] [email protected]
129129

130130
- name: Node.js 12.x
131131
node-version: "12"
132+
npm-i: "[email protected]"
132133

133134
- name: Node.js 13.x
134135
node-version: "13"
136+
npm-i: "[email protected]"
135137

136138
- name: Node.js 14.x
137139
node-version: "14"
138140

139141
- name: Node.js 15.x
140142
node-version: "15"
143+
npm-i: "[email protected]"
141144

142145
- name: Node.js 16.x
143146
node-version: "16"
@@ -164,7 +167,7 @@ jobs:
164167
node-version: "23"
165168

166169
steps:
167-
- uses: actions/checkout@v4
170+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
168171

169172
- name: Install Node.js ${{ matrix.node-version }}
170173
shell: bash -eo pipefail -l {0}
@@ -229,7 +232,7 @@ jobs:
229232
230233
- name: Upload code coverage
231234
if: steps.list_env.outputs.nyc != ''
232-
uses: actions/upload-artifact@v4
235+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
233236
with:
234237
name: coverage-node-${{ matrix.node-version }}
235238
path: ./coverage/lcov.info
@@ -242,14 +245,14 @@ jobs:
242245
contents: read
243246
checks: write
244247
steps:
245-
- uses: actions/checkout@v4
248+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
246249

247250
- name: Install lcov
248251
shell: bash
249252
run: sudo apt-get -y install lcov
250253

251254
- name: Collect coverage reports
252-
uses: actions/download-artifact@v4
255+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
253256
with:
254257
path: ./coverage
255258
pattern: coverage-node-*
@@ -259,7 +262,7 @@ jobs:
259262
run: find ./coverage -name lcov.info -exec printf '-a %q\n' {} \; | xargs lcov -o ./lcov.info
260263

261264
- name: Upload coverage report
262-
uses: coverallsapp/github-action@v2
265+
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6
263266
with:
264267
github-token: ${{ secrets.GITHUB_TOKEN }}
265268
file: ./lcov.info

0 commit comments

Comments
 (0)