magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

improve gh actions security using zizmor

Browse source 
https://github.com/woodruffw/zizmor
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-12-14 21:00:33 -05:00
parent e4489a5d20
commit c6bf8f5ea1
No known key found for this signature in database
3 changed files with 176 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.github/workflows/documentation.yml vendored
View file

@ -36,6 +36,8 @@ concurrency:
group: "pages"
cancel-in-progress: false
permissions: {}
jobs:
docs:
name: Documentation and GitHub Pages
@ -61,6 +63,8 @@ jobs:
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup GitHub Pages
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && (github.event_name != 'pull_request')
@ -109,8 +113,8 @@ jobs:
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
run: |
sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF
extra-substituters = ${{ env.ATTIC_ENDPOINT }}
extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}
extra-substituters = ${ATTIC_ENDPOINT}
extra-trusted-public-keys = ${ATTIC_PUBLIC_KEY}
EOF
- name: Prepare build environment