mirror of
https://github.com/inventree/InvenTree.git
synced 2025-06-18 13:05:42 +00:00
[CI] Add zimor to check github action security (#8639)
* Add zimor to checks
* fix format
* use same version of checkout everywhere
* do only persist credentials if needed
* remove duplicate clones
* fix pin syntax
* fix pins
* fix template injection
* another injection fix
* Revert "remove duplicate clones"
This reverts commit 9a00ae2bbb.
* Add GH token for further rules
This commit is contained in:
Matthias Mair
GitHub
4
.github/workflows/update.yml.disabled
vendored
4
.github/workflows/update.yml.disabled
vendored
@ -9,7 +9,9 @@ jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2
|
||||
with:
|
||||
persist-credentials: false
|
||||
- name: Setup
|
||||
run: pip install --require-hashes -r requirements-dev.txt
|
||||
- name: Update requirements.txt
|
||||
|
||||
Reference in New Issue
Block a user