mirror of
https://github.com/kkebo/DNSecure.git
synced 2026-03-11 08:54:36 +00:00
ci: pin GitHub Actions dependencies to commit SHA
This is a defense against supply chain attacks. Moreover, GitHub [recommends SHA pinning](https://github.blog/changelog/2025-08-15-github-actions-policy-now-supports-blocking-and-sha-pinning-actions/) these days. Even with this change, dependabot should continue to function.
This commit is contained in:
parent
92090b4fcd
commit
f587bdf722
1 changed files with 2 additions and 2 deletions
4
.github/workflows/ci.yml
vendored
4
.github/workflows/ci.yml
vendored
|
|
@ -9,11 +9,11 @@ jobs:
|
|||
runs-on: ubuntu-24.04-arm
|
||||
container: swift:6.2
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
- run: swift format lint -rsp .
|
||||
yamllint:
|
||||
runs-on: ubuntu-24.04-arm
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
- run: yamllint --version
|
||||
- run: yamllint --strict --config-file .yamllint.yml .
|
||||
|
|
|
|||
Loading…
Reference in a new issue