From 892602442b055c59926077125c6ddfb806b872b3 Mon Sep 17 00:00:00 2001 From: rshashank17 Date: Tue, 14 Jul 2026 08:46:38 +0530 Subject: [PATCH] fix(ci): Remediate Zizmor security audit findings for CSAT workflow --- .github/workflows/csat.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/csat.yml b/.github/workflows/csat.yml index 24569d6646b..959b54349eb 100644 --- a/.github/workflows/csat.yml +++ b/.github/workflows/csat.yml @@ -4,16 +4,25 @@ on: types: - closed +concurrency: + group: ${{ github.workflow }}-${{ github.event.issue.number }} + cancel-in-progress: true + permissions: contents: read - issues: write jobs: welcome: + name: Run CSAT survey script runs-on: ubuntu-latest + permissions: + contents: read + issues: write # Required for csat script to comment on closed issues steps: - - uses: actions/checkout@v3 - - uses: actions/github-script@v6 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + with: + persist-credentials: false + - uses: actions/github-script@00f12e3e20659f42342b1c0226afda7f7c042325 # v6 with: script: | const script = require('./.github/scripts/csat.js')