пре 1 година · 5181d036fa
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,27 @@
 
				+# Dependency Review Action
			
 
				+#
			
 
				+# This Action will scan dependency manifest files that change as part of a Pull Request,
			
 
				+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
			
 
				+# Once installed, if the workflow run is marked as required,
			
 
				+# PRs introducing known-vulnerable packages will be blocked from merging.
			
 
				+#
			
 
				+# Source repository: https://github.com/actions/dependency-review-action
			
 
				+name: 'Dependency Review'
			
 
				+on: [pull_request]
			
 
				+
			
 
				+permissions:
			
 
				+  contents: read
			
 
				+
			
 
				+jobs:
			
 
				+  dependency-review:
			
 
				+    runs-on: ubuntu-latest
			
 
				+    steps:
			
 
				+      - name: Harden the runner (Audit all outbound calls)
			
 
				+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
			
 
				+        with:
			
 
				+          egress-policy: audit
			
 
				+
			
 
				+      - name: 'Checkout Repository'
			
 
				+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
			
 
				+      - name: 'Dependency Review'
			
 
				+        uses: actions/dependency-review-action@67d4f4bd7a9b17a0db54d2a7519187c65e339de8 # v4
			
--- a/.github/workflows/helm.yml
+++ b/.github/workflows/helm.yml
@@ -81,6 +81,11 @@ jobs:
 
				       github.ref == 'refs/heads/main' ||
			
 
				       startsWith(github.ref, 'refs/heads/release-')
			
 
				     steps:
			
 
				+      - name: Harden the runner (Audit all outbound calls)
			
 
				+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
			
 
				+        with:
			
 
				+          egress-policy: audit
			
 
				+
			
 
				       - name: Checkout
			
 
				         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
			
 
				         with:
			
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -44,6 +44,9 @@ env:
 
				   DOCKERFILE: ${{ inputs.dockerfile }}
			
 
				   IS_FORK: ${{ secrets.IS_FORK }}
			
 
				 
			
 
				+permissions:
			
 
				+  contents: read
			
 
				+
			
 
				 jobs:
			
 
				   build-publish:
			
 
				     name: Build and Publish
			
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,9 @@ on:
 
				 env:
			
 
				   IMAGE_NAME: ghcr.io/${{ github.repository }}
			
 
				 
			
 
				+permissions:
			
 
				+  contents: read
			
 
				+
			
 
				 jobs:
			
 
				   release:
			
 
				     name: Create Release
			
@@ -22,6 +25,11 @@ jobs:
 
				     permissions:
			
 
				       contents: write # to create a release and push new docs
			
 
				     steps:
			
 
				+      - name: Harden the runner (Audit all outbound calls)
			
 
				+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
			
 
				+        with:
			
 
				+          egress-policy: audit
			
 
				+
			
 
				       - name: Checkout
			
 
				         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
			
 
				         with: