Skip to content

Commit 9c8c639

Browse files
samhamiltonclaude
andauthored
Fix GitHub Actions security warnings (#646)
* More detailed github actions versions * Pin GitHub Actions to SHA hashes for security CodeQL requires full SHA commit hashes, not version tags, to resolve the "unpinned action" security warnings. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
1 parent cd5f6e2 commit 9c8c639

File tree

1 file changed

+18
-15
lines changed

1 file changed

+18
-15
lines changed

.github/workflows/tests.yml

Lines changed: 18 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
name: Elixir
22
on: push
33

4+
permissions:
5+
contents: read
6+
47
env:
58
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
69
MIX_ENV: test
@@ -25,17 +28,17 @@ jobs:
2528
--health-retries 5
2629
steps:
2730
- run: sudo apt update
28-
- uses: actions/checkout@v6
29-
- uses: erlef/setup-beam@v1
31+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
32+
- uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.20.4
3033
with:
3134
otp-version: "28.x"
3235
elixir-version: "1.19.x"
33-
- uses: actions/setup-node@v6
36+
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
3437
with:
3538
node-version: "24"
3639
cache: "npm"
3740
cache-dependency-path: "**/package-lock.json"
38-
- uses: actions/cache@v5
41+
- uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
3942
with:
4043
path: |
4144
deps
@@ -61,7 +64,7 @@ jobs:
6164
- run: mix credo --strict
6265
- run: mix dialyzer
6366
- run: elixir --logger-sasl-reports true -S mix coveralls.json
64-
- uses: codecov/codecov-action@v5
67+
- uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
6568
with:
6669
token: ${{ secrets.CODECOV_TOKEN }}
6770

@@ -88,8 +91,8 @@ jobs:
8891
--health-retries 5
8992
steps:
9093
- run: sudo apt update
91-
- uses: actions/checkout@v6
92-
- uses: erlef/setup-beam@v1
94+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
95+
- uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.20.4
9396
with:
9497
otp-version: ${{matrix.otp}}
9598
elixir-version: ${{matrix.elixir}}
@@ -119,8 +122,8 @@ jobs:
119122
--health-retries 5
120123
steps:
121124
- run: sudo apt update
122-
- uses: actions/checkout@v6
123-
- uses: erlef/setup-beam@v1
125+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
126+
- uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.20.4
124127
with:
125128
otp-version: ${{matrix.otp}}
126129
elixir-version: ${{matrix.elixir}}
@@ -150,8 +153,8 @@ jobs:
150153
--health-retries 5
151154
steps:
152155
- run: sudo apt update
153-
- uses: actions/checkout@v6
154-
- uses: erlef/setup-beam@v1
156+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
157+
- uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.20.4
155158
with:
156159
otp-version: ${{matrix.otp}}
157160
elixir-version: ${{matrix.elixir}}
@@ -181,8 +184,8 @@ jobs:
181184
--health-retries 5
182185
steps:
183186
- run: sudo apt update
184-
- uses: actions/checkout@v6
185-
- uses: erlef/setup-beam@v1
187+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
188+
- uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.20.4
186189
with:
187190
otp-version: ${{matrix.otp}}
188191
elixir-version: ${{matrix.elixir}}
@@ -212,8 +215,8 @@ jobs:
212215
--health-retries 5
213216
steps:
214217
- run: sudo apt update
215-
- uses: actions/checkout@v6
216-
- uses: erlef/setup-beam@v1
218+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
219+
- uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.20.4
217220
with:
218221
otp-version: ${{matrix.otp}}
219222
elixir-version: ${{matrix.elixir}}

0 commit comments

Comments
 (0)