mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 14:56:05 -06:00
897f12dd88
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](0d381219dd...5c7944e73c)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
59 lines
1.4 KiB
YAML
59 lines
1.4 KiB
YAML
# Lints and checks for potential issues in Python files.
|
|
|
|
name: Check-Python
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches-ignore:
|
|
- 'dependabot/**'
|
|
paths:
|
|
- '**.py'
|
|
- .github/workflows/check-python.yml
|
|
pull_request:
|
|
paths:
|
|
- '**.py'
|
|
- .github/workflows/check-python.yml
|
|
schedule:
|
|
- cron: '0 7 * * 2'
|
|
|
|
permissions: # added using https://github.com/step-security/secure-workflows
|
|
contents: read
|
|
|
|
jobs:
|
|
codeql-python:
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 10
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde
|
|
with:
|
|
disable-sudo: true
|
|
egress-policy: block
|
|
allowed-endpoints: >
|
|
api.github.com:443
|
|
files.pythonhosted.org:443
|
|
github.com:443
|
|
objects.githubusercontent.com:443
|
|
pypi.org:443
|
|
uploads.github.com:443
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
|
|
|
|
- name: print env
|
|
run: ./ci/printenv.sh
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93
|
|
with:
|
|
languages: python
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93
|