linux/ohmyzsh
1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2026-01-23 02:35:38 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

[StepSecurity] ci: Harden GitHub Actions

Browse source 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
This commit is contained in:
StepSecurity Bot 2025-09-19 15:26:57 +00:00
commit b8eb76a946
No known key found for this signature in database
GPG key ID: 567913FD34425A27
4 changed files with 32 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.github/workflows/installer.yml vendored
View file

@ -25,8 +25,13 @@ jobs:
- ubuntu-latest
- macos-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: audit
- name: Set up git repository
uses: actions/checkout@v5
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install zsh
if: runner.os == 'Linux'
run: sudo apt-get update; sudo apt-get install zsh
@ -41,8 +46,13 @@ jobs:
needs:
- test
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install Vercel CLI
run: npm install -g vercel
- name: Setup project and deploy