Security hardening: lock community action versions

As there's no lockfile for GitHub Actions, specify the commit SHAs to use for community actions so that changes can be reviewed before using a new version of a particular action.
2020-10-30 01:26:52 +00:00 · 2020-10-30 01:26:52 +00:00 · b3c925a0cf
commit b3c925a0cf
parent d5d9bdf7bf
3 changed files with 16 additions and 16 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -13,10 +13,10 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf

      - name: Cache dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@d974700
        with:
          path: |
            ~/.composer/cache/files
@ -27,7 +27,7 @@ jobs:
          key: dependencies-composer-${{ hashFiles('composer.json') }}

      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@5d27b8f
        with:
          php-version: 7.4
          extensions: mbstring
@ -67,10 +67,10 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf

      - name: Cache dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@d974700
        with:
          path: |
            ~/.composer/cache/files
@ -81,7 +81,7 @@ jobs:
          key: dependencies-composer-${{ hashFiles('composer.json') }}

      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@5d27b8f
        with:
          php-version: 7.4
          extensions: mbstring
@ -107,10 +107,10 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf

      - name: Cache dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@d974700
        with:
          path: |
            ~/.composer/cache/files
@ -121,7 +121,7 @@ jobs:
          key: dependencies-composer-${{ hashFiles('composer.json') }}

      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@5d27b8f
        with:
          php-version: 7.4
          tools: composer:v1
@ -139,10 +139,10 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf

      - name: Cache dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@d974700
        with:
          path: |
            ~/.composer/cache/files
@ -153,7 +153,7 @@ jobs:
          key: dependencies-composer-${{ hashFiles('composer.json') }}

      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@5d27b8f
        with:
          php-version: 7.4
          tools: composer:v1