Skip to content

Commit 985eefb

Browse files
committed
Security updates and cleanup
1 parent 01db58e commit 985eefb

10 files changed

Lines changed: 31 additions & 11 deletions

File tree

.github/workflows/bridge.yml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@ concurrency:
1717
group: ${{ github.workflow }}-${{ github.ref }}
1818
cancel-in-progress: true
1919

20+
permissions:
21+
contents: read
22+
2023
jobs:
2124
tests:
2225
if: |
@@ -26,13 +29,18 @@ jobs:
2629
name: 'Test bridge'
2730

2831
steps:
32+
- name: Harden the runner (Audit all outbound calls)
33+
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
34+
with:
35+
egress-policy: audit
36+
2937
- name: Checkout csolution-rpc repository
3038
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
3139
with:
3240
fetch-depth: 0
3341

3442
- name: Set up Node.js
35-
uses: actions/setup-node@v4
43+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
3644
with:
3745
node-version: 'lts/*'
3846

.github/workflows/codegen.yml

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,9 @@ concurrency:
2121
group: ${{ github.workflow }}-${{ github.ref }}
2222
cancel-in-progress: true
2323

24+
permissions:
25+
contents: read
26+
2427
jobs:
2528
tests:
2629
if: |
@@ -30,13 +33,18 @@ jobs:
3033
name: 'Test codegen'
3134

3235
steps:
36+
- name: Harden the runner (Audit all outbound calls)
37+
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
38+
with:
39+
egress-policy: audit
40+
3341
- name: Checkout csolution-rpc repository
3442
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
3543
with:
3644
fetch-depth: 0
3745

3846
- name: Set up Node.js
39-
uses: actions/setup-node@v4
47+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
4048
with:
4149
node-version: 'lts/*'
4250

@@ -59,7 +67,7 @@ jobs:
5967
path: codegen/reports/junit/testreport.xml
6068
retention-days: 1
6169
if-no-files-found: error
62-
70+
6371
- name: Archive generated interface files
6472
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
6573
with:
@@ -77,6 +85,11 @@ jobs:
7785
contents: write
7886

7987
steps:
88+
- name: Harden the runner (Audit all outbound calls)
89+
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
90+
with:
91+
egress-policy: audit
92+
8093
- name: Download generated files
8194
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
8295
with:

api/csolution-openapi.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ openapi: 3.1.0
22
info:
33
title: csolution rpc
44
version: 0.0.1
5-
description: Specification of remote procedure call methods for CMSIS csolution integration
5+
description: Specification of remote procedure call methods for CMSIS csolution integration
66
license:
77
name: Apache 2.0
88
url: http://www.apache.org/licenses/LICENSE-2.0.html

bridge/.vscode/launch.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,4 +19,4 @@
1919
]
2020
}
2121
]
22-
}
22+
}

bridge/README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,4 +21,3 @@ npm run lint
2121
node dist/server.js
2222
```
2323
By default it listens on http://localhost:3000
24-

codegen/.vscode/launch.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,4 +39,4 @@
3939
}
4040
}
4141
]
42-
}
42+
}

codegen/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,4 +40,4 @@ Options:
4040
-c, --client <string> Generate TypeScript client interface (default: "./rpc-interface.ts")
4141
-s, --server <string> Generate C++ server interface (default: "./RpcInterface.h")
4242
-h, --help display help for command
43-
```
43+
```

codegen/src/codegen.test.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ import {Codegen} from './codegen.js';
33
import fs from 'fs';
44

55
describe('codegen', () => {
6-
let codegen: Codegen;
6+
let codegen: Codegen;
77

88
beforeEach(() => {
99
codegen = new Codegen();

codegen/src/codegen.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -232,7 +232,7 @@ using namespace jsonrpccxx;\n`;
232232
this.collectStructs(parent, item);
233233
} else if (item.$ref) {
234234
const ref = item.$ref.match(/^#\/components\/schemas\/(.*)/);
235-
this.structs[parent] ??= { description: obj.description };
235+
this.structs[parent] ??= { description: obj.description };
236236
(this.structs[parent].extends ??= []).push(ref ? ref[1] : '');
237237
}
238238
}

csolution-rpc.code-workspace

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,4 @@
1111
}
1212
],
1313
"settings": {}
14-
}
14+
}

0 commit comments

Comments
 (0)