diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fedf7a9a..cb8c414e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,11 +26,9 @@ jobs: language: [ go ] steps: - - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 - with: - egress-policy: audit - + - name: Set up Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + go-version: 1.20.1 - name: Checkout uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 @@ -46,4 +44,4 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.3.3 with: - category: "/language:${{ matrix.language }}" \ No newline at end of file + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index a581c284..bc89cd53 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -16,11 +16,6 @@ jobs: dependency-review: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 - with: - egress-policy: audit - - name: 'Checkout Repository' uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 - name: 'Dependency Review' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b063f0fe..495be496 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -31,11 +31,6 @@ jobs: # actions: read steps: - - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 - with: - egress-policy: audit - - name: "Checkout code" uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.1.0 with: diff --git a/.github/workflows/static-scan.yml b/.github/workflows/static-scan.yml index e841cf33..5c430794 100644 --- a/.github/workflows/static-scan.yml +++ b/.github/workflows/static-scan.yml @@ -6,10 +6,10 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 + - name: Set up Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: - egress-policy: audit + go-version: 1.20.1 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: remove deployer container from dockerfile @@ -32,11 +32,6 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 - with: - egress-policy: audit - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Run ShellCheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # master @@ -45,11 +40,6 @@ jobs: runs-on: ubuntu-latest name: Hadolint steps: - - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 - with: - egress-policy: audit - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - uses: hadolint/hadolint-action@v3.1.0 name: Run Hadolint @@ -60,11 +50,6 @@ jobs: go-check: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 - with: - egress-policy: audit - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 - name: remove deployer container from dockerfile