Apply Security Best Practices
Secure Workflow
Restrict permissions for GITHUB_TOKEN.
Add step-security/harden-runner to secure your CI/CD pipeline.
(See how popular projects use harden-runner
)
Pin actions to a full length commit SHA.