Marc Cornellà 242e2faa51 ci: improve security in project.yml workflow (#13329) ... There is no inherent security vulnerability in the workflow, but there were certain practices that increased latent risk. In this commit, we: - Explicitly bind app token for each step that needs it, instead of setting it for all steps after "Store app token" - Refactor "classify" step, to not rely on files passed around, and instead uses only awk script. - Remove all instances of template injection within `run` scripts. There was nothing dangerous, but the practice is unsafe. - Sanitize all unwanted characters from PR plugin and theme names. References: W2M1-06 W2M1-07		2025-09-27 20:00:50 +02:00
..
dependencies	chore(deps): bump requests in /.github/workflows/dependencies (#13280)	2025-08-25 02:37:09 +02:00
installer	chore(installer): only serve installer in / and /install.sh	2024-10-18 14:27:54 +02:00
dependencies.yml	ci: Harden GitHub Actions [StepSecurity] (#13318)	2025-09-19 17:30:10 +02:00
installer.yml	ci: Harden GitHub Actions [StepSecurity] (#13318)	2025-09-19 17:30:10 +02:00
main.yml	ci: Harden GitHub Actions [StepSecurity] (#13318)	2025-09-19 17:30:10 +02:00
project.yml	ci: improve security in project.yml workflow (#13329)	2025-09-27 20:00:50 +02:00
scorecard.yml	chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 (#13322)	2025-09-22 10:50:59 +02:00