From b7a8a76a40e27d65296729089b096bc53a0a82de Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 01:03:27 +0300 Subject: [PATCH 1/3] Harden GitHub workflows --- .github/workflows/linter.yml | 2 +- .github/workflows/main.yml | 6 ++++-- .github/workflows/static.yml | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index ae398fc2d..1e4718dea 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -26,6 +26,6 @@ on: jobs: phpcs: - uses: yiisoft/yii2-actions/.github/workflows/linter.yml@master + uses: yiisoft/yii2-actions/.github/workflows/linter.yml@161a59a5e7d9c5b650c4a132f6e9292bacfcb5cc with: extensions: 'amqp' diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 779fe2e4b..301a9e628 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -33,13 +33,15 @@ jobs: php: [ '8.3', '8.4', '8.5' ] steps: - name: Checkout. - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 + with: + persist-credentials: false - name: PHP Unit tests for PHP ${{ matrix.php }} run: make test v=${{ matrix.php }} - name: Upload coverage to Codecov. - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@04b047e8bb82a0c002c8312c1c880fbc6a999d45 with: files: ./coverage.xml token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 0f2021fba..462c0f9f4 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -26,6 +26,6 @@ on: jobs: phpstan: - uses: yiisoft/yii2-actions/.github/workflows/phpstan.yml@master + uses: yiisoft/yii2-actions/.github/workflows/phpstan.yml@161a59a5e7d9c5b650c4a132f6e9292bacfcb5cc with: extensions: amqp From 1b2da6eb837e83c1423bd245b27e5a2a86d11b41 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Sat, 20 Jun 2026 11:33:24 +0300 Subject: [PATCH 2/3] Use master for yiisoft actions --- .github/workflows/linter.yml | 2 +- .github/workflows/static.yml | 2 +- .github/zizmor.yml | 5 +++++ 3 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 .github/zizmor.yml diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 1e4718dea..ae398fc2d 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -26,6 +26,6 @@ on: jobs: phpcs: - uses: yiisoft/yii2-actions/.github/workflows/linter.yml@161a59a5e7d9c5b650c4a132f6e9292bacfcb5cc + uses: yiisoft/yii2-actions/.github/workflows/linter.yml@master with: extensions: 'amqp' diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 462c0f9f4..0f2021fba 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -26,6 +26,6 @@ on: jobs: phpstan: - uses: yiisoft/yii2-actions/.github/workflows/phpstan.yml@161a59a5e7d9c5b650c4a132f6e9292bacfcb5cc + uses: yiisoft/yii2-actions/.github/workflows/phpstan.yml@master with: extensions: amqp diff --git a/.github/zizmor.yml b/.github/zizmor.yml new file mode 100644 index 000000000..85ca7982a --- /dev/null +++ b/.github/zizmor.yml @@ -0,0 +1,5 @@ +rules: + unpinned-uses: + config: + policies: + "yiisoft/*": any From d140f969fc30edac8101daaf979a213105eda760 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Sun, 21 Jun 2026 15:19:44 +0300 Subject: [PATCH 3/3] Remove redundant zizmor config --- .github/zizmor.yml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 .github/zizmor.yml diff --git a/.github/zizmor.yml b/.github/zizmor.yml deleted file mode 100644 index 85ca7982a..000000000 --- a/.github/zizmor.yml +++ /dev/null @@ -1,5 +0,0 @@ -rules: - unpinned-uses: - config: - policies: - "yiisoft/*": any