This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch commit-sha-workflow-pr-validate
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
commit 22f2e59320a1ff0ee082b9218f32efabb0306e55
Author: Andrea Cosentino <anco...@gmail.com>
AuthorDate: Tue Sep 3 07:52:00 2024 +0200
Github Actions Security Best practices: Pin Actions to Full lenght Commit
SHA - PR Validate workflow
---
.github/workflows/pr-validate.yml | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/pr-validate.yml
b/.github/workflows/pr-validate.yml
index f2a9f832d6..c2bd602f9a 100644
--- a/.github/workflows/pr-validate.yml
+++ b/.github/workflows/pr-validate.yml
@@ -52,6 +52,9 @@ env:
MAVEN_OPTS: -Xmx3500m
CQ_MAVEN_ARGS: -V -ntp -e -Daether.connector.http.connectionMaxTtl=120
+permissions: # added using https://github.com/step-security/secure-repo
+ contents: read
+
jobs:
check-format:
if: github.repository == 'apache/camel-quarkus'
@@ -65,9 +68,9 @@ jobs:
if: github.base_ref == 'quarkus-main'
run: |
echo "BRANCH_OPTIONS=-Poss-snapshots" >> $GITHUB_ENV
- - uses: actions/checkout@v4
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up JDK 17
- uses: actions/setup-java@v4
+ uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 #
v4.2.2
with:
distribution: 'temurin'
java-version: '17'
