[StepSecurity] Apply security best practices (#473)

* [StepSecurity] Apply security best practices resolve: #472 Signed-off-by: StepSecurity Bot <[email protected]> * Change frequency to weekly * Update to latest checkout and setup-java actions * add distribution: 'temurin' --------- Signed-off-by: StepSecurity Bot <[email protected]> Co-authored-by: Scott M Stark <[email protected]>
jakartaee · Nov 30, 2023 · 177b46d · 177b46d
1 parent 4820541
commit 177b46d
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /
+    schedule:
+      interval: weekly
diff --git a/.github/workflows/ci-actions.yml b/.github/workflows/ci-actions.yml
@@ -5,6 +5,9 @@ on:
   pull_request:
     branches: [ master ]
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: "Build CDI TCK - JDK ${{matrix.java}}"
@@ -14,10 +17,11 @@ jobs:
       matrix:
         java: [17, 21]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4.1.1
       - name: Set up JDK ${{ matrix.java }}
-        uses: actions/setup-java@v1.4.3
+        uses: actions/setup-java@v4.0.0
         with:
+          distribution: 'temurin'
           java-version: ${{ matrix.java }}
       - name: "Maven install(staging)"
         run: |