88 branches :
99 - " 2.3.x"
1010
11+ permissions :
12+ contents : read
13+
1114jobs :
1215 lint :
1316 name : " Lint"
@@ -25,11 +28,16 @@ jobs:
2528 - " 8.5"
2629
2730 steps :
31+ - name : Harden the runner (Audit all outbound calls)
32+ uses : step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
33+ with :
34+ egress-policy : audit
35+
2836 - name : " Checkout"
29- uses : actions/checkout@v4
37+ uses : actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
3038
3139 - name : " Install PHP"
32- uses : " shivammathur/setup-php@v2 "
40+ uses : " shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 " # v2
3341 with :
3442 coverage : " none"
3543 php-version : " ${{ matrix.php-version }}"
@@ -49,18 +57,23 @@ jobs:
4957 runs-on : " ubuntu-latest"
5058
5159 steps :
60+ - name : Harden the runner (Audit all outbound calls)
61+ uses : step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
62+ with :
63+ egress-policy : audit
64+
5265 - name : " Checkout"
53- uses : actions/checkout@v4
66+ uses : actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
5467
5568 - name : " Checkout build-cs"
56- uses : actions/checkout@v4
69+ uses : actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
5770 with :
5871 repository : " phpstan/build-cs"
5972 path : " build-cs"
6073 ref : " 2.x"
6174
6275 - name : " Install PHP"
63- uses : " shivammathur/setup-php@v2 "
76+ uses : " shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 " # v2
6477 with :
6578 coverage : " none"
6679 php-version : " 8.2"
@@ -102,11 +115,16 @@ jobs:
102115 - " highest"
103116
104117 steps :
118+ - name : Harden the runner (Audit all outbound calls)
119+ uses : step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
120+ with :
121+ egress-policy : audit
122+
105123 - name : " Checkout"
106- uses : actions/checkout@v4
124+ uses : actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
107125
108126 - name : " Install PHP"
109- uses : " shivammathur/setup-php@v2 "
127+ uses : " shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 " # v2
110128 with :
111129 coverage : " none"
112130 php-version : " ${{ matrix.php-version }}"
@@ -139,11 +157,16 @@ jobs:
139157 - " 8.5"
140158
141159 steps :
160+ - name : Harden the runner (Audit all outbound calls)
161+ uses : step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
162+ with :
163+ egress-policy : audit
164+
142165 - name : " Checkout"
143- uses : actions/checkout@v4
166+ uses : actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
144167
145168 - name : " Install PHP"
146- uses : " shivammathur/setup-php@v2 "
169+ uses : " shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 " # v2
147170 with :
148171 coverage : " none"
149172 php-version : " ${{ matrix.php-version }}"
0 commit comments