[StepSecurity] ci: Harden GitHub Actions (#145)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2023-06-24 14:09:13 -07:00
parent 82cf6f7305
commit bec6d5200c
3 changed files with 9 additions and 9 deletions
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -32,14 +32,14 @@ jobs:
    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
      with:
        persist-credentials: false
-    - uses: actions/cache@v3.3.1
+    - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
        restore-keys: |
          ${{ runner.os }}-maven-
    - name: Set up JDK ${{ matrix.java }}
-      uses: actions/setup-java@v3.11.0
+      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
      with:
        distribution: 'temurin'
        java-version: ${{ matrix.java }}
@@ -47,6 +47,6 @@ jobs:
      run: mvn -V test jacoco:report --file pom.xml --no-transfer-progress

    - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v3
+      uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
      with:
        files: ./target/site/jacoco/jacoco.xml