Skip to content
This repository has been archived by the owner on Nov 14, 2024. It is now read-only.

Commit

Permalink
[StepSecurity] Apply security best practices (#41)
Browse files Browse the repository at this point in the history
  • Loading branch information
@step-security-bot
step-security-bot authored Sep 11, 2024
1 parent 517f09d commit 742945d
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 12 deletions.
6 changes: 6 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,15 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: 'Install Ninja'
run: choco install ninja

- uses: ilammy/msvc-dev-cmd@v1
- uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
with:
languages: c-cpp
build-mode: manual
Expand All @@ -56,6 +56,6 @@ jobs:
run: cmake --build out\build\x64-Debug

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
with:
category: "/language:c-cpp"
4 changes: 2 additions & 2 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,12 +69,12 @@ jobs:
arch: amd64_arm64

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: 'Install Ninja'
run: choco install ninja

- uses: ilammy/msvc-dev-cmd@v1
- uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
with:
arch: ${{ matrix.arch }}

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/msbuild.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,10 @@ jobs:
platform: [Win32, x64]

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v2
uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2.0.0

- name: Build
working-directory: ${{ github.workspace }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/msvc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,9 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- uses: ilammy/msvc-dev-cmd@v1
- uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
with:
arch: amd64

Expand All @@ -43,7 +43,7 @@ jobs:
run: cmake -B out -DCMAKE_DISABLE_PRECOMPILE_HEADERS=ON

- name: Initialize MSVC Code Analysis
uses: microsoft/[email protected]
uses: microsoft/msvc-code-analysis-action@24c285ab36952c9e9182f4b78dfafbac38a7e5ee # v0.1.1
id: run-analysis
with:
cmakeBuildDirectory: ./out
Expand All @@ -52,6 +52,6 @@ jobs:

# Upload SARIF file to GitHub Code Scanning Alerts
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
with:
sarif_file: ${{ steps.run-analysis.outputs.sarif }}

0 comments on commit 742945d

Please sign in to comment.