Skip to content

Commit

Permalink
harden ci pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
@chrisns
chrisns committed May 22, 2024
1 parent 6de3df5 commit 52e2494
Showing 1 changed file with 18 additions and 3 deletions.
21 changes: 18 additions & 3 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,11 @@ jobs:
name: Build
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
egress-policy: audit

- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
Expand Down Expand Up @@ -46,27 +51,37 @@ jobs:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
egress-policy: audit

- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: site.tar
- name: Untar files
run: tar -xvf site.tar
- name: Setup Pages
uses: actions/configure-pages@v5
uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
with:
path: ./_site
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5

semver:
name: Generate a semantic version number
runs-on: ubuntu-latest
outputs:
semantic_version: ${{ steps.semver.outputs.semantic_version }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
egress-policy: audit

- name: Checkout repo
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
with:
Expand Down

0 comments on commit 52e2494

Please sign in to comment.