How to use GitHub Actions with security in mind

When working in the real world with continuous integration / continuous deployment, you have to take care of your pipelines and the things they have access to.

• Who can push code into to an environment?
• Who could read and change the connection strings to the database?
• Who can create new resources in your cloud environment?
• Do you trust your third party extensions?
• What part of the network does your pipeline have access to?

I'll go over each of these aspects of GitHub Actions and show you what to look for and how to improve your security stance without locking every DevOps engineer out.