11name : CI
22
3- permissions : read-all
3+ permissions : {}
44
55on :
66 push :
1212 tests :
1313 name : Tests on PHP ${{ matrix.php }} ${{ matrix.dependencies }}
1414 runs-on : ubuntu-24.04
15+ permissions :
16+ contents : read
1517 services :
1618 redis :
1719 image : redis
2325 dependencies : ['--ignore-platform-req=php', '--prefer-lowest --prefer-stable --ignore-platform-req=php']
2426 steps :
2527 - name : Checkout
26- uses : actions/checkout@v4
27- - uses : shivammathur/setup-php@2.32.0
28+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
29+ with :
30+ persist-credentials : false
31+ - uses : shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0
2832 with :
2933 php-version : ${{ matrix.php }}
3034 extensions : mbstring, redis, apcu
4145 env :
4246 REDIS_PORT : ${{ job.services.redis.ports['6379'] }}
4347 - name : Upload coverage to Codecov
44- uses : codecov/codecov-action@v5.1.2
48+ uses : codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
4549 with :
46- file : ./coverage.xml
50+ files : ./coverage.xml
4751 mutation_testing :
4852 name : Mutation testing
4953 runs-on : ubuntu-24.04
5458 - 6379/tcp
5559 steps :
5660 - name : Checkout
57- uses : actions/checkout@v4
58- - uses : shivammathur/setup-php@2.32.0
61+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
62+ with :
63+ persist-credentials : false
64+ - uses : shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0
5965 with :
6066 php-version : ' 8.2'
6167 extensions : mbstring, redis, apcu
6975 REDIS_PORT : ${{ job.services.redis.ports['6379'] }}
7076 - name : Archive report
7177 if : always()
72- uses : actions/upload-artifact@v4
78+ uses : actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
7379 with :
7480 name : Infection report
7581 path : infection.log
8187 php : ['8.2', '8.3', '8.4']
8288 steps :
8389 - name : Checkout
84- uses : actions/checkout@v4
90+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
91+ with :
92+ persist-credentials : false
8593 - name : Install dependencies
8694 run : composer install --no-interaction --prefer-dist
8795 - name : Start stack
@@ -104,8 +112,10 @@ jobs:
104112 runs-on : ubuntu-24.04
105113 steps :
106114 - name : Checkout
107- uses : actions/checkout@v4
108- - uses : shivammathur/setup-php@2.32.0
115+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
116+ with :
117+ persist-credentials : false
118+ - uses : shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0
109119 with :
110120 php-version : ' 8.2'
111121 extensions : mbstring, redis, apcu
@@ -123,7 +133,9 @@ jobs:
123133 runs-on : ubuntu-24.04
124134 steps :
125135 - name : Checkout
126- uses : actions/checkout@v4
136+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
137+ with :
138+ persist-credentials : false
127139 - name : Install dependencies
128140 run : composer install --no-interaction --prefer-dist
129141 - name : Composer Require Checker
@@ -137,7 +149,9 @@ jobs:
137149 runs-on : ubuntu-24.04
138150 steps :
139151 - name : Checkout
140- uses : actions/checkout@v4
152+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
153+ with :
154+ persist-credentials : false
141155 - run : git fetch --depth=1 origin +refs/tags/*:refs/tags/*
142156 # Disable (temporarily) CI check with Roave BC check
143157 # See https://github.com/Nyholm/roave-bc-check-docker/issues/32
@@ -150,7 +164,9 @@ jobs:
150164 runs-on : ubuntu-24.04
151165 steps :
152166 - name : Checkout
153- uses : actions/checkout@v4
167+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
168+ with :
169+ persist-credentials : false
154170 - name : Install nix
155171 uses : cachix/install-nix-action@v30
156172 with :
0 commit comments