From c5a9e097b5ba39c9066faa16d339eee11d87cd5c Mon Sep 17 00:00:00 2001 From: Phil Hagerty Date: Tue, 10 Mar 2026 15:42:35 +0000 Subject: [PATCH] Update and pin versions --- .github/workflows/build.yml | 10 ++++++++-- .github/workflows/codeql.yml | 10 ++++++---- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a5b12b6..7ffcdfb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,5 +1,9 @@ name: Netacea CloudFront Worker Build on: push +permissions: + contents: read + actions: none + id-token: none jobs: lint: name: Lint @@ -8,9 +12,11 @@ jobs: matrix: node-version: [18, 20, 22] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: ${{ matrix.node-version }} - run: npm install diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8e941b0..3226ad1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,11 +38,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@0c0c5dc2f136b98cb0537075ccfa21f94cd9a63e with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +58,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@0c0c5dc2f136b98cb0537075ccfa21f94cd9a63e # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -69,6 +71,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@0c0c5dc2f136b98cb0537075ccfa21f94cd9a63e with: category: "/language:${{matrix.language}}"