Skip to content

Bump the github-actions group with 2 updates #380

Bump the github-actions group with 2 updates

Bump the github-actions group with 2 updates #380

Workflow file for this run

# SPDX-FileCopyrightText: 2023 Erlang Ecosystem Foundation
# SPDX-License-Identifier: Apache-2.0
on:
pull_request:
branches:
- "*"
workflow_dispatch: {}
name: "Pull Request"
permissions:
contents: read
jobs:
test:
name: "Test"
permissions:
contents: read
security-events: write
uses: ./.github/workflows/part_test.yml
secrets:
OID_CERTIFICATION_API_TOKEN: ${{ secrets.OID_CERTIFICATION_API_TOKEN }}
license:
name: "License"
permissions:
id-token: write
contents: read
attestations: write
uses: ./.github/workflows/part_license.yml
with:
attest: false
docs:
name: "Docs"
permissions:
id-token: write
contents: read
attestations: write
uses: ./.github/workflows/part_docs.yml
with:
attest: false
dependency-review:
name: "Dependency Review"
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0
with:
egress-policy: audit
- name: 'Checkout Repository'
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: 'Dependency Review'
uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0