🎵 Music notation engraving library for MEI with MusicXML and Humdrum support and various toolkits (JavaScript, Python)
GNU Lesser General Public License v3.0
650
stars
178
forks
source link
Security hardening for GH actions workflows #3671
Open
musicEnfanthen opened 2 months ago
To harden the security of the GitHub action workflow runners, there are multiple steps to consider:
[ ] pin actions to a full length commit SHA (https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
[ ] restrict token permissions to minimum needed (https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#restricting-permissions-for-tokens)