Merge pull request #107 from github/chore/update-action-workflows

Update action workflows

Author: mvkaran

.github/workflows/trigger-deploy-on-comment.yml

@@ -2,6 +2,7 @@ name: Trigger deploy on comment
 on:
   issue_comment:
     types: [created]
+permissions: read-all
 jobs:
   if_merged:
     if: github.event.issue.pull_request && contains(github.event.comment.body, '/deploy')
@@ -18,7 +19,7 @@ jobs:
               core.setFailed("User not authorized to deploy")
             }
       - name: Trigger build
-        uses: benc-uk/workflow-dispatch@v1
+        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc #v1.2.4
         with:
           repo: ${{ secrets.GITHUBBRASIL_REPO_NWO }}
           workflow: Trigger build when public PR is merged

.github/workflows/website-pr-validation.yml

@@ -9,12 +9,13 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-latest
+    permissions: read-all
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3
       - name: Check format of yaml file
         id: yaml-lint
-        uses: ibiqlik/action-yamllint@v3
+        uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c #v3.1.1
         with:
           strict: true
           file_or_dir: website/**/*.yml
@@ -40,6 +41,10 @@ jobs:
   validate:
     runs-on: ubuntu-latest
     needs: lint
+    permissions:
+      contents: read
+      pull-requests: write
+      actions: write
     steps:
       - name: Checkout fork
         uses: actions/checkout@v3
@@ -49,7 +54,7 @@ jobs:
           ref: main
           repository: ${{ secrets.BRAZIL_REPO_NWO }}
           path: ./brazil-main
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 #v1.207.0
         with:
           ruby-version: 3.0.0
       - name: Validate PR