Skip to content

Restrict permission #13

Restrict permission

Restrict permission #13

Workflow file for this run

name: "test"
on:
pull_request:
push:
branches:
- main
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- run: |
npm install
npm run all
test:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: set testval
id: testval
uses: ./
with:
cond: true
if_true: "true value"
if_false: "false value"
- name: check testval
run: test "${{ steps.testval.outputs.value }}" = "true value"
- name: set falseval
id: falseval
uses: ./
with:
cond: false
if_true: "true value"
if_false: "false value"
- name: check falseval
run: test "${{ steps.falseval.outputs.value }}" = "false value"
- name: Test with GitHub Actions expression
id: event
uses: ./
with:
cond: ${{ github.event_name == 'pull_request' }}
if_true: "value for pull request event"
if_false: "value for non pull request event"
- name: check event
run: echo "${{ steps.event.outputs.value }}"
- name: check event (PR)
if: github.event_name == 'pull_request'
run: test "${{ steps.event.outputs.value }}" = "value for pull request event"
- name: check event (non-PR)
if: github.event_name != 'pull_request'
run: test "${{ steps.event.outputs.value }}" = "value for non pull request event"