[StepSecurity] ci: Harden GitHub Actions

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Permify · Mar 7, 2024 · e5fff7f · e5fff7f
1 parent 8bb741a
commit e5fff7f
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml
@@ -8,9 +8,14 @@ jobs:
   sync:
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
       - name: Checkout Repository
-        uses: actions/checkout@master
+        uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master
       - name: Run GitHub File Sync
-        uses: BetaHuhn/repo-file-sync-action@v1
+        uses: BetaHuhn/repo-file-sync-action@3023dac7ce66c18b119e2012348437eadeaea116 # v1.21.0
         with:
           GH_PAT: ${{ secrets.GH_TOKEN }}