chore: pin workflow actions + tighten permissions

2026-01-31 06:22:42 +01:00
parent 0b95efff27
commit 85dd070dea
2 changed files with 12 additions and 10 deletions
--- a/.github/workflows/auto-response.yml
+++ b/.github/workflows/auto-response.yml
@@ -6,21 +6,22 @@ on:
  pull_request_target:
    types: [labeled]

-permissions:
-  issues: write
-  pull-requests: write
+permissions: {}

 jobs:
  auto-response:
+    permissions:
+      issues: write
+      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
        id: app-token
        with:
          app-id: "2729701"
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - name: Handle labeled items
-        uses: actions/github-script@v7
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
        with:
          github-token: ${{ steps.app-token.outputs.token }}
          script: |