cycler icon indicating copy to clipboard operation
cycler copied to clipboard
verified publisher icon matplotlib

CI: Harden GHA configuration

Open tacaswell opened this issue 7 months ago • 1 comments

Apply recommended hardening steps including:

  • pinning to a SHA any actions used
  • not persisting the read token on checkout
  • setting the default permissions
  • adding a depandabot file for GHA

tacaswell avatar Jul 18 '25 16:07 tacaswell

The tool I used to ID what needed to be pinned (zizmor) does not flag actions/XYZ.

tacaswell avatar Jul 22 '25 13:07 tacaswell