Skip to content

Commit de6d653

Browse files
mjameswhmjameswh
authored
chore: Update and pin all GHA actions (#742)
1 parent a773a0d commit de6d653

5 files changed

Lines changed: 50 additions & 15 deletions

File tree

.github/workflows/docs.yml

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,16 +5,23 @@ on:
55
branches:
66
- "master"
77

8+
permissions:
9+
contents: read
10+
actions: write
11+
812
jobs:
913
docs:
14+
permissions:
15+
contents: read
16+
actions: write
1017
name: Generating API documentation
1118
runs-on: ubuntu-latest
1219
steps:
13-
- uses: actions/checkout@v4
20+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
1421
with:
1522
submodules: recursive
1623

17-
- uses: actions/setup-node@v1
24+
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
1825
with:
1926
node-version: 20
2027

@@ -23,7 +30,7 @@ jobs:
2330

2431
- name: Cache phpDocumentor build files
2532
id: phpdocumentor-cache
26-
uses: actions/cache@v3
33+
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
2734
with:
2835
path: .phpdoc/cache
2936
key: ${{ runner.os }}-phpdocumentor-${{ github.sha }}

.github/workflows/run-test-suite.yml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,13 @@ on:
3838
- 'psalm-baseline.xml'
3939
- '.editorconfig'
4040

41+
permissions:
42+
contents: read
43+
4144
jobs:
4245
test:
46+
permissions:
47+
contents: read
4348
name: PHP${{ matrix.php }}${{ matrix.extensions-suffix }}, ${{ matrix.os }}, ${{ matrix.dependencies }} deps
4449
runs-on: ${{ matrix.os }}
4550
timeout-minutes: ${{ inputs.test-timeout }}
@@ -65,10 +70,10 @@ jobs:
6570
git config --global core.eol lf
6671
6772
- name: Check Out Code
68-
uses: actions/checkout@v4
73+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
6974

7075
- name: Setup PHP ${{ matrix.php }}
71-
uses: shivammathur/setup-php@v2
76+
uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
7277
with:
7378
php-version: ${{ matrix.php }}
7479
extensions: dom, sockets, grpc, curl ${{ matrix.extensions-suffix }}
@@ -77,7 +82,7 @@ jobs:
7782
run: composer validate --strict
7883

7984
- name: Install dependencies with composer
80-
uses: ramsey/composer-install@v3
85+
uses: ramsey/composer-install@5c2bcf28d7b060ef3c601d7b476d5430a7b46c27 # v4
8186
with:
8287
dependency-versions: ${{ matrix.dependencies }}
8388

.github/workflows/security-check.yml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,17 @@ name: Security
22

33
on: [push, pull_request]
44

5+
permissions:
6+
contents: read
7+
58
concurrency:
69
cancel-in-progress: ${{ !contains(github.ref, 'release/')}}
710
group: tests-${{ github.workflow }}-${{ github.ref }}
811

912
jobs:
1013
security:
14+
permissions:
15+
contents: read
1116
name: Security Checks (PHP ${{ matrix.php }}, OS ${{ matrix.os }})
1217
runs-on: ${{ matrix.os }}
1318
strategy:
@@ -18,16 +23,16 @@ jobs:
1823
os: [ ubuntu-latest ]
1924
steps:
2025
- name: Set up PHP ${{ matrix.php }}
21-
uses: shivammathur/setup-php@v2
26+
uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
2227
with:
2328
php-version: ${{ matrix.php }}
2429
extensions: dom, sockets, grpc, curl
2530

2631
- name: Check Out Code
27-
uses: actions/checkout@v4
32+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2833

2934
- name: Install dependencies with composer
30-
uses: ramsey/composer-install@v3
35+
uses: ramsey/composer-install@5c2bcf28d7b060ef3c601d7b476d5430a7b46c27 # v4
3136
with:
3237
dependency-versions: ${{ matrix.dependencies }}
3338

.github/workflows/static-analysis.yml

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,17 @@ name: Static Analysis
22

33
on: [push, pull_request]
44

5+
permissions:
6+
contents: read
7+
58
concurrency:
69
cancel-in-progress: ${{ !contains(github.ref, 'release/')}}
710
group: tests-${{ github.workflow }}-${{ github.ref }}
811

912
jobs:
1013
psalm:
14+
permissions:
15+
contents: read
1116
name: Psalm Validation (PHP ${{ matrix.php }}, OS ${{ matrix.os }})
1217
runs-on: ${{ matrix.os }}
1318
continue-on-error: true
@@ -18,23 +23,25 @@ jobs:
1823
os: [ubuntu-latest]
1924
steps:
2025
- name: Set up PHP ${{ matrix.php }}
21-
uses: shivammathur/setup-php@v2
26+
uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
2227
with:
2328
php-version: ${{ matrix.php }}
2429
extensions: dom
2530

2631
- name: Check Out Code
27-
uses: actions/checkout@v4
32+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2833

2934
- name: Install dependencies with composer
30-
uses: ramsey/composer-install@v3
35+
uses: ramsey/composer-install@5c2bcf28d7b060ef3c601d7b476d5430a7b46c27 # v4
3136
with:
3237
dependency-versions: ${{ matrix.dependencies }}
3338

3439
- name: 🔍 Run Tests
3540
run: vendor/bin/psalm
3641

3742
arch:
43+
permissions:
44+
contents: read
3845
name: Architecture tests
3946
runs-on: ${{ matrix.os }}
4047
continue-on-error: true
@@ -45,18 +52,18 @@ jobs:
4552
os: [ubuntu-latest]
4653
steps:
4754
- name: Set up PHP ${{ matrix.php }}
48-
uses: shivammathur/setup-php@v2
55+
uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
4956
with:
5057
php-version: ${{ matrix.php }}
5158
extensions: dom
5259

5360
- name: Check Out Code
54-
uses: actions/checkout@v4
61+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
5562
with:
5663
fetch-depth: 1
5764

5865
- name: Install dependencies with composer
59-
uses: ramsey/composer-install@v3
66+
uses: ramsey/composer-install@5c2bcf28d7b060ef3c601d7b476d5430a7b46c27 # v4
6067
with:
6168
dependency-versions: ${{ matrix.dependencies }}
6269

.github/workflows/testing.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,19 +2,26 @@ name: Testing
22

33
on: [push, pull_request]
44

5+
permissions:
6+
contents: read
7+
58
concurrency:
69
cancel-in-progress: ${{ !contains(github.ref, 'release/')}}
710
group: tests-${{ github.workflow }}-${{ github.ref }}
811

912
jobs:
1013
unit:
14+
permissions:
15+
contents: read
1116
name: Unit Testing
1217
uses: ./.github/workflows/run-test-suite.yml
1318
with:
1419
fail-fast: false
1520
test-command: composer test:unit
1621

1722
functional:
23+
permissions:
24+
contents: read
1825
name: Functional Testing
1926
uses: ./.github/workflows/run-test-suite.yml
2027
with:
@@ -23,6 +30,8 @@ jobs:
2330
download-binaries: true
2431

2532
acceptance-slow:
33+
permissions:
34+
contents: read
2635
name: Acceptance Testing (Slow)
2736
uses: ./.github/workflows/run-test-suite.yml
2837
with:
@@ -31,6 +40,8 @@ jobs:
3140
download-binaries: true
3241

3342
acceptance-fast:
43+
permissions:
44+
contents: read
3445
name: Acceptance Testing (Fast)
3546
uses: ./.github/workflows/run-test-suite.yml
3647
with:

0 commit comments

Comments
 (0)