build: Pin GitHub Actions
The main benefit of pinning GitHub actions is the determinism it brings in terms of what version of a given action will be executed. This is a step towards having hermetic builds. Once pinned to a commit, dependabot will automatically issue PRs to update to newer versions. Pinned versions is the only security metric from OpenSSF scorecard that this repository currently have a zero score. Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This commit is contained in:
Paulo Gomes
2
.github/dependabot.yml
vendored
2
.github/dependabot.yml
vendored
@@ -3,5 +3,7 @@ version: 2
|
||||
updates:
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
labels: ["area/build"]
|
||||
schedule:
|
||||
# by default this will be on a monday.
|
||||
interval: "weekly"
|
||||
|
||||
Reference in New Issue
Block a user