🎵 Music notation engraving library for MEI with MusicXML and Humdrum support and various toolkits (JavaScript, Python)
GNU Lesser General Public License v3.0
643
stars
176
forks
source link
Security hardening for GH actions workflows #3671
Open
musicEnfanthen opened 1 month ago
To harden the security of the GitHub action workflow runners, there are multiple steps to consider:
[ ] pin actions to a full length commit SHA (https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
[ ] restrict token permissions to minimum needed (https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#restricting-permissions-for-tokens)