diff --git a/.github/dependabot.yml b/.github/dependabot.yml index db86156..7da1f95 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,6 +9,8 @@ updates: open-pull-requests-limit: 0 # Maintain dependencies for Composer + ignore: + - dependency-name: "yiisoft/*" - package-ecosystem: "composer" directory: "/" schedule: diff --git a/.github/workflows/composer-require-checker.yml b/.github/workflows/composer-require-checker.yml index d2ef508..1a56fef 100644 --- a/.github/workflows/composer-require-checker.yml +++ b/.github/workflows/composer-require-checker.yml @@ -24,6 +24,9 @@ on: name: Composer require checker +permissions: + contents: read + jobs: composer-require-checker: uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@master diff --git a/.github/workflows/mssql.yml b/.github/workflows/mssql.yml index 065ed44..f1e82fc 100644 --- a/.github/workflows/mssql.yml +++ b/.github/workflows/mssql.yml @@ -15,6 +15,9 @@ on: - 'composer.json' - 'phpunit.xml.dist' name: mssql + +permissions: + contents: read jobs: tests: permissions: @@ -89,13 +92,15 @@ jobs: dpkg -l | grep msodbcsql - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + with: + persist-credentials: false - name: Create MS SQL Database run: docker exec -i mssql ${{ matrix.mssql.tools-path }}/bin/sqlcmd ${{ matrix.mssql.flag }} -S localhost -U SA -P 'YourStrong!Passw0rd' -Q 'CREATE DATABASE yiitest' - name: Install PHP with extensions - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45 with: php-version: ${{ matrix.php }} extensions: ${{ env.extensions }} @@ -107,7 +112,7 @@ jobs: run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV - name: Cache dependencies installed with composer - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 with: path: ${{ env.COMPOSER_CACHE_DIR }} key: php${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }} @@ -131,7 +136,7 @@ jobs: CYCLE_MSSQL_PASSWORD: YourStrong!Passw0rd - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage.xml diff --git a/.github/workflows/mutation.yml b/.github/workflows/mutation.yml index 820f01a..3ca737c 100644 --- a/.github/workflows/mutation.yml +++ b/.github/workflows/mutation.yml @@ -20,6 +20,9 @@ on: name: mutation test +permissions: + contents: read + jobs: mutation: uses: yiisoft/actions/.github/workflows/roave-infection.yml@master diff --git a/.github/workflows/mysql.yml b/.github/workflows/mysql.yml index 314bfe1..e16fc48 100644 --- a/.github/workflows/mysql.yml +++ b/.github/workflows/mysql.yml @@ -22,6 +22,9 @@ on: name: mysql +permissions: + contents: read + jobs: tests: name: PHP ${{ matrix.php }}-mysql-${{ matrix.mysql }} @@ -60,10 +63,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + with: + persist-credentials: false - name: Install PHP with extensions - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45 with: php-version: ${{ matrix.php }} extensions: ${{ env.extensions }} @@ -75,7 +80,7 @@ jobs: run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV - name: Cache dependencies installed with composer - uses: actions/cache@v3 + uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c with: path: ${{ env.COMPOSER_CACHE_DIR }} key: php${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }} @@ -100,6 +105,6 @@ jobs: - name: Upload coverage to Codecov if: matrix.os == 'ubuntu-latest' - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 with: files: ./coverage.xml diff --git a/.github/workflows/pgsql.yml b/.github/workflows/pgsql.yml index 24d40cf..441ce3d 100644 --- a/.github/workflows/pgsql.yml +++ b/.github/workflows/pgsql.yml @@ -22,6 +22,9 @@ on: name: pgsql +permissions: + contents: read + jobs: tests: name: PHP ${{ matrix.php }}-pgsql-${{ matrix.pgsql }} @@ -64,10 +67,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + with: + persist-credentials: false - name: Install PHP with extensions - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45 with: php-version: ${{ matrix.php }} extensions: ${{ env.extensions }} @@ -80,7 +85,7 @@ jobs: run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV - name: Cache dependencies installed with composer - uses: actions/cache@v3 + uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c with: path: ${{ env.COMPOSER_CACHE_DIR }} key: php${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }} @@ -105,6 +110,6 @@ jobs: - name: Upload coverage to Codecov if: matrix.os == 'ubuntu-latest' - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 with: files: ./coverage.xml diff --git a/.github/workflows/rector-cs.yml b/.github/workflows/rector-cs.yml index 6424c2a..d4003af 100644 --- a/.github/workflows/rector-cs.yml +++ b/.github/workflows/rector-cs.yml @@ -1,7 +1,7 @@ name: Rector + PHP CS Fixer on: - pull_request_target: + pull_request: paths: - 'src/**' - 'tests/**' @@ -20,8 +20,5 @@ concurrency: jobs: rector: uses: yiisoft/actions/.github/workflows/rector-cs.yml@master - secrets: - token: ${{ secrets.YIISOFT_GITHUB_TOKEN }} with: - repository: ${{ github.event.pull_request.head.repo.full_name }} php: '8.1' diff --git a/.github/workflows/sqlite.yml b/.github/workflows/sqlite.yml index 1e7f6d8..8bb4bd2 100644 --- a/.github/workflows/sqlite.yml +++ b/.github/workflows/sqlite.yml @@ -21,6 +21,9 @@ on: name: sqlite +permissions: + contents: read + jobs: phpunit: name: PHP ${{ matrix.php }}-${{ matrix.os }} @@ -41,10 +44,12 @@ jobs: steps: - name: Checkout. - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + with: + persist-credentials: false - name: Install PHP with extensions. - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45 with: coverage: pcov extensions: pdo, pdo_sqlite @@ -57,7 +62,7 @@ jobs: run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV - name: Cache dependencies installed with composer. - uses: actions/cache@v3 + uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c with: path: ${{ env.COMPOSER_CACHE_DIR }} key: php${{ matrix.php }}-composer-${{ hashFiles('composer.json') }} @@ -75,6 +80,6 @@ jobs: - name: Upload coverage to Codecov. if: matrix.os == 'ubuntu-latest' - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 with: files: ./coverage.xml diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index eec5542..528e0cd 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -22,6 +22,9 @@ on: name: static analysis +permissions: + contents: read + jobs: psalm: uses: yiisoft/actions/.github/workflows/psalm.yml@master