Update auto_assign_reviewer.yml to fix security issue (#4261)

AzureAD · Jul 21, 2023 · 463c27f · 463c27f
1 parent 552cb07
commit 463c27f
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/.github/workflows/auto_assign_reviewer.yml b/.github/workflows/auto_assign_reviewer.yml
@@ -3,8 +3,19 @@ on:
   pull_request_target:
     types: [opened, ready_for_review]
 
+permissions:
+  contents: read
+
 jobs:
   add-reviews:
+    permissions:
+      contents: read  # for kentaro-m/auto-assign-action to fetch config file
+      pull-requests: write  # for kentaro-m/auto-assign-action to assign PR reviewers
     runs-on: ubuntu-latest
     steps:
-      - uses: kentaro-m/[email protected]
+      - name: Harden Runner
+        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        with:
+          egress-policy: audit
+
+      - uses: kentaro-m/auto-assign-action@6b1ff132d1a90349f611f44a589088d13a8beb75 # v1.2.2