[StepSecurity] Apply security best practices (#32)
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
This commit is contained in:
StepSecurity Bot
GitHub
Родитель
9eeacce2f9
Коммит
a642d169dc
|
|
@ -0,0 +1,6 @@
|
|||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: github-actions
|
||||
directory: /
|
||||
schedule:
|
||||
interval: daily
|
||||
|
|
@ -33,15 +33,15 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
|
||||
- name: 'Install Ninja'
|
||||
run: choco install ninja
|
||||
|
||||
- uses: ilammy/msvc-dev-cmd@v1
|
||||
- uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v3
|
||||
uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
|
||||
with:
|
||||
languages: c-cpp
|
||||
build-mode: manual
|
||||
|
|
@ -55,6 +55,6 @@ jobs:
|
|||
run: cmake --build out\build\x64-Debug
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v3
|
||||
uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
|
||||
with:
|
||||
category: "/language:c-cpp"
|
||||
|
|
|
|||
|
|
@ -68,12 +68,12 @@ jobs:
|
|||
arch: amd64_arm64
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
|
||||
- name: 'Install Ninja'
|
||||
run: choco install ninja
|
||||
|
||||
- uses: ilammy/msvc-dev-cmd@v1
|
||||
- uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
|
||||
with:
|
||||
arch: ${{ matrix.arch }}
|
||||
|
||||
|
|
|
|||
|
|
@ -31,14 +31,14 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
|
||||
- name: Configure CMake
|
||||
working-directory: ${{ github.workspace }}
|
||||
run: cmake -B out
|
||||
|
||||
- name: Initialize MSVC Code Analysis
|
||||
uses: microsoft/msvc-code-analysis-action@v0.1.1
|
||||
uses: microsoft/msvc-code-analysis-action@24c285ab36952c9e9182f4b78dfafbac38a7e5ee # v0.1.1
|
||||
id: run-analysis
|
||||
with:
|
||||
cmakeBuildDirectory: ./out
|
||||
|
|
@ -47,6 +47,6 @@ jobs:
|
|||
|
||||
# Upload SARIF file to GitHub Code Scanning Alerts
|
||||
- name: Upload SARIF to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
|
||||
with:
|
||||
sarif_file: ${{ steps.run-analysis.outputs.sarif }}
|
||||
|
|
|
|||
|
|
@ -41,12 +41,12 @@ jobs:
|
|||
arch: amd64_arm64
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
|
||||
- name: 'Install Ninja'
|
||||
run: choco install ninja
|
||||
|
||||
- uses: ilammy/msvc-dev-cmd@v1
|
||||
- uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
|
||||
with:
|
||||
arch: ${{ matrix.arch }}
|
||||
|
||||
|
|
@ -77,7 +77,7 @@ jobs:
|
|||
echo "::error Unknown architecture/build-type triplet mapping"
|
||||
}
|
||||
|
||||
- uses: lukka/run-vcpkg@v11
|
||||
- uses: lukka/run-vcpkg@7d259227a1fb6471a0253dd5ab7419835228f7d7 # v11
|
||||
with:
|
||||
runVcpkgInstall: true
|
||||
vcpkgJsonGlob: '**/build/vcpkg.json'
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче