From 3b730273593bfc09e1b616ed6eadae8d35c65762 Mon Sep 17 00:00:00 2001
From: Georgi Georgiev <vuryss@gmail.com>
Date: Tue, 25 Jun 2024 10:52:57 +0300
Subject: [PATCH] chore: actions security update (#5)

---
 .github/workflows/coverage.yml | 9 +++++----
 .github/workflows/tests.yml    | 5 +++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 326cd21..6450374 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -1,13 +1,14 @@
 name: Code coverage
 on: [push, pull_request]
+permissions: read-all
 jobs:
   run:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up php 8.3
-        uses: shivammathur/setup-php@2e947f1f6932d141d076ca441d0e1e881775e95b
+        uses: shivammathur/setup-php@2e947f1f6932d141d076ca441d0e1e881775e95b # v2.31.0
         with:
           php-version: '8.3'
       - name: Install dependencies
@@ -15,12 +16,12 @@ jobs:
       - name: Run tests and collect coverage
         run: vendor/bin/pest --coverage-clover clover.xml
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673
+        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: clover.xml
       - name: Upload coverage to codacy
-        uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699
+        uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # v1.3.0
         with:
           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
           coverage-report: clover.xml
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index d76d965..ec42fc6 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -1,13 +1,14 @@
 name: Tests
 on: [push, pull_request]
+permissions: read-all
 jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up php 8.3
-        uses: shivammathur/setup-php@2e947f1f6932d141d076ca441d0e1e881775e95b
+        uses: shivammathur/setup-php@2e947f1f6932d141d076ca441d0e1e881775e95b # v2.31.0
         with:
           php-version: '8.3'
       - name: Install dependencies