Open alpe opened 10 months ago
I'm all for security improvements, but at the same need to ensure that:
I think all of your tasks make sense, except Harden Runner might make adding and updating GH workflows a bit more painful, but at the same time it does seem good to prevent malicious PRs as well.
I found some nice examples in https://github.com/sozercan/aikit/tree/main/.github/workflows
Not related to supply chain security but code quality