[StepSecurity] ci: Harden GitHub Actions (#88)
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
This commit is contained in:
StepSecurity Bot
GitHub
Родитель
1e1d28938c
Коммит
907fde2cb2
|
|
@ -9,6 +9,9 @@ on:
|
|||
branches: [main]
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build_temurin:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
@ -17,7 +20,7 @@ jobs:
|
|||
baseimage: ["mariner", "distroless"]
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Build the image
|
||||
run: |
|
||||
docker build -t mcr.microsoft.com/openjdk/jdk:8-${{ matrix.baseimage }} -f ./docker/${{ matrix.baseimage }}/Dockerfile.temurin-8-jdk ./docker/${{ matrix.baseimage }}/
|
||||
|
|
@ -34,7 +37,7 @@ jobs:
|
|||
baseimage: ["mariner", "ubuntu", "distroless"]
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Build the image
|
||||
run: |
|
||||
docker build -t mcr.microsoft.com/openjdk/jdk:${{ matrix.jdkversion }}-${{ matrix.baseimage }} -f ./docker/${{ matrix.baseimage }}/Dockerfile.msopenjdk-${{ matrix.jdkversion }}-jdk ./docker/${{ matrix.baseimage }}/
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ name: Check Expected Versions
|
|||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
validate_temurin:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
@ -13,7 +16,7 @@ jobs:
|
|||
jdkvendor: [ "temurin" ]
|
||||
jdkversion: [ { major: "8", expected: "1.8.0_382" } ]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
||||
- name: Build image locally
|
||||
run: |
|
||||
|
|
@ -32,7 +35,7 @@ jobs:
|
|||
jdkvendor: [ "msopenjdk" ]
|
||||
jdkversion: [ { major: "11", expected: "11.0.22" }, { major: "17", expected: "17.0.10" }, { major: "21", expected: "21.0.2" } ]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
||||
- name: Build image locally
|
||||
run: |
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ name: Validate Published Images
|
|||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
|
||||
validate_temurin:
|
||||
|
|
@ -14,7 +17,7 @@ jobs:
|
|||
jdkvendor: [ "temurin" ]
|
||||
jdkversion: [ { major: "8", expected: "1.8.0_382" } ]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
||||
- name: Validate container images
|
||||
run: |
|
||||
|
|
@ -29,7 +32,7 @@ jobs:
|
|||
jdkvendor: [ "msopenjdk" ]
|
||||
jdkversion: [ { major: "11", expected: "11.0.22" }, { major: "17", expected: "17.0.10" }, { major: "21", expected: "21.0.2" } ]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
||||
- name: Validate container images
|
||||
run: |
|
||||
|
|
@ -44,7 +47,7 @@ jobs:
|
|||
jdkvendor: [ "msopenjdk" ]
|
||||
jdkversion: [ { major: "11", expected: "11.0.22" }, { major: "17", expected: "17.0.10" }, { major: "21", expected: "21.0.2" } ]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
||||
- name: Validate container images
|
||||
run: |
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче