Hardening codeql workflow

nephio-project / nephio

Nephio is a Kubernetes-based automation platform for deploying and managing highly distributed, interconnected workloads such as 5G Network Functions, and the underlying infrastructure on which those workloads depend.

Apache License 2.0

93 stars 52 forks source link

Hardening codeql workflow #776

Open radoslawc opened 4 days ago

radoslawc commented 4 days ago

This PR will harden CodeQL workflow by pinning actions to digests, restricting token rights and executing runner hardener.

liamfallon commented 3 days ago

/approve

liamfallon commented 33 minutes ago

/approve /lgtm

nephio-prow[bot] commented 33 minutes ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liamfallon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/nephio-project/nephio/blob/main/OWNERS)~~ [liamfallon] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment