Skip to content

chore(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 #27

chore(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1

chore(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 #27

Workflow file for this run

# Copyright 2026 Chainguard, Inc.
# SPDX-License-Identifier: Apache-2.0
name: Action Lint
on:
pull_request:
branches: ['main']
paths:
- '.github/workflows/**'
- '.github/actions/**'
push:
branches: ['main']
paths:
- '.github/workflows/**'
- '.github/actions/**'
permissions: {}
jobs:
action-lint:
permissions:
contents: read # Clone the repository
name: Action lint
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
with:
egress-policy: block
allowed-endpoints: >
*.githubapp.com:443
api.github.com:443
github.com:443
go.dev:443
hooks.slack.com:443
release-assets.githubusercontent.com:443
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Find yamls
id: get_yamls
run: |
set -ex
mapfile -t yamls < <(find .github/workflows -name "*.y*ml" | grep -v dependabot.)
echo "files=${yamls[*]}" >> "${GITHUB_OUTPUT}"
- name: Action lint
uses: step-security/action-actionlint@c3aa382d371c6b05513ae5907d4f77713e21813c # v1.72.0
env:
SHELLCHECK_OPTS: "--exclude=SC2129"
with:
actionlint_flags: ${{ steps.get_yamls.outputs.files }}