Skip to content

Commit 4be9509

Browse files
maennchenmaennchen
authored
Harden CI (#144)
* Harden CI * Fix CI
1 parent c7e45ae commit 4be9509

File tree

8 files changed

+62
-38
lines changed

8 files changed

+62
-38
lines changed

.github/workflows/branch_main.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ on:
55

66
name: "Main Branch"
77

8+
permissions:
9+
contents: read
10+
811
jobs:
912
test:
1013
name: "Test"
@@ -17,6 +20,9 @@ jobs:
1720
docs:
1821
name: "Docs"
1922

23+
permissions:
24+
contents: write
25+
2026
uses: ./.github/workflows/part_docs.yml
2127
with:
2228
elixirVersion: "1.18"

.github/workflows/part_docs.yml

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@ name: "Documentation"
1616
env:
1717
BUILD_EMBEDDED: true
1818

19+
permissions:
20+
contents: read
21+
1922
jobs:
2023
generate:
2124
name: "Generate"
@@ -26,20 +29,20 @@ jobs:
2629
MIX_ENV: dev
2730

2831
steps:
29-
- uses: actions/checkout@v4
30-
- uses: erlef/setup-beam@v1
32+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
33+
- uses: erlef/setup-beam@8aa8a857c6be0daae6e97272bb299d5b942675a4 # v1.19.0
3134
id: setupBEAM
3235
with:
3336
otp-version: ${{ inputs.otpVersion }}
3437
elixir-version: ${{ inputs.elixirVersion }}
35-
- uses: actions/cache@v4
38+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
3639
with:
3740
path: deps
3841
key: deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
3942
restore-keys: |
4043
deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-
4144
- run: mix deps.get --check-locked
42-
- uses: actions/cache@v4
45+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
4346
with:
4447
path: _build/dev
4548
key: compile-${{ env.MIX_ENV }}-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
@@ -48,7 +51,7 @@ jobs:
4851
- run: mix deps.compile
4952
- run: mix compile --warning-as-errors
5053
- run: mix docs
51-
- uses: actions/upload-artifact@v4
54+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
5255
with:
5356
name: docs
5457
path: doc
@@ -66,8 +69,8 @@ jobs:
6669
contents: write
6770

6871
steps:
69-
- uses: actions/checkout@v4
70-
- uses: actions/download-artifact@v4
72+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
73+
- uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
7174
with:
7275
name: docs
7376
path: docs

.github/workflows/part_test.yml

Lines changed: 28 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ name: "Test"
1313
env:
1414
BUILD_EMBEDDED: true
1515

16+
permissions:
17+
contents: read
18+
1619
jobs:
1720
format:
1821
name: Check Formatting
@@ -23,20 +26,20 @@ jobs:
2326
MIX_ENV: dev
2427

2528
steps:
26-
- uses: actions/checkout@v4
27-
- uses: erlef/setup-beam@v1
29+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
30+
- uses: erlef/setup-beam@8aa8a857c6be0daae6e97272bb299d5b942675a4 # v1.19.0
2831
id: setupBEAM
2932
with:
3033
otp-version: ${{ inputs.otpVersion }}
3134
elixir-version: ${{ inputs.elixirVersion }}
32-
- uses: actions/cache@v4
35+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
3336
with:
3437
path: deps
3538
key: deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
3639
restore-keys: |
3740
deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-
3841
- run: mix deps.get --check-locked
39-
- uses: actions/cache@v4
42+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
4043
with:
4144
path: _build/test
4245
key: compile-${{ env.MIX_ENV }}-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
@@ -54,9 +57,9 @@ jobs:
5457
fail-fast: false
5558
matrix:
5659
include:
57-
- otp: '21.3'
60+
- otp: '24.2'
5861
elixir: '1.11'
59-
runs-on: ubuntu-20.04
62+
runs-on: ubuntu-22.04
6063
- otp: '${{ inputs.otpVersion }}'
6164
elixir: '${{ inputs.elixirVersion }}'
6265
runs-on: ubuntu-latest
@@ -66,20 +69,20 @@ jobs:
6669
MIX_ENV: test
6770

6871
steps:
69-
- uses: actions/checkout@v4
70-
- uses: erlef/setup-beam@v1
72+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
73+
- uses: erlef/setup-beam@8aa8a857c6be0daae6e97272bb299d5b942675a4 # v1.19.0
7174
id: setupBEAM
7275
with:
7376
otp-version: ${{ matrix.otp }}
7477
elixir-version: ${{ matrix.elixir }}
75-
- uses: actions/cache@v4
78+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
7679
with:
7780
path: deps
7881
key: deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
7982
restore-keys: |
8083
deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-
8184
- run: mix deps.get --check-locked
82-
- uses: actions/cache@v4
85+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
8386
with:
8487
path: _build/test
8588
key: compile-${{ env.MIX_ENV }}-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
@@ -105,20 +108,20 @@ jobs:
105108
MIX_ENV: dev
106109

107110
steps:
108-
- uses: actions/checkout@v4
109-
- uses: erlef/setup-beam@v1
111+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
112+
- uses: erlef/setup-beam@8aa8a857c6be0daae6e97272bb299d5b942675a4 # v1.19.0
110113
id: setupBEAM
111114
with:
112115
otp-version: ${{ inputs.otpVersion }}
113116
elixir-version: ${{ inputs.elixirVersion }}
114-
- uses: actions/cache@v4
117+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
115118
with:
116119
path: deps
117120
key: deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
118121
restore-keys: |
119122
deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-
120123
- run: mix deps.get --check-locked
121-
- uses: actions/cache@v4
124+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
122125
with:
123126
path: _build/dev
124127
key: compile-${{ env.MIX_ENV }}-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
@@ -138,35 +141,35 @@ jobs:
138141
DIALYZER_PLT_PRIV: true
139142

140143
steps:
141-
- uses: actions/checkout@v4
142-
- uses: erlef/setup-beam@v1
144+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
145+
- uses: erlef/setup-beam@8aa8a857c6be0daae6e97272bb299d5b942675a4 # v1.19.0
143146
id: setupBEAM
144147
with:
145148
otp-version: ${{ inputs.otpVersion }}
146149
elixir-version: ${{ inputs.elixirVersion }}
147-
- uses: actions/cache@v4
150+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
148151
with:
149152
path: deps
150153
key: deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
151154
restore-keys: |
152155
deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-
153156
- run: mix deps.get --check-locked
154-
- uses: actions/cache@v4
157+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
155158
with:
156159
path: _build/dev
157160
key: compile-${{ env.MIX_ENV }}-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
158161
restore-keys: |
159162
compile-${{ env.MIX_ENV }}-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-
160163
- run: mix deps.compile
161164
- run: mix compile --warning-as-errors
162-
- uses: actions/cache@v4
165+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
163166
with:
164167
path: priv/plts/
165168
key: dialyzer_plt_dev-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
166169
restore-keys: |
167170
dialyzer_plt_dev-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-
168171
- run: mix dialyzer --plt
169-
- uses: actions/upload-artifact@v4
172+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
170173
with:
171174
name: dialyzer_plt_dev
172175
path: priv/plts/
@@ -183,28 +186,28 @@ jobs:
183186
DIALYZER_PLT_PRIV: true
184187

185188
steps:
186-
- uses: actions/checkout@v4
187-
- uses: erlef/setup-beam@v1
189+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
190+
- uses: erlef/setup-beam@8aa8a857c6be0daae6e97272bb299d5b942675a4 # v1.19.0
188191
id: setupBEAM
189192
with:
190193
otp-version: ${{ inputs.otpVersion }}
191194
elixir-version: ${{ inputs.elixirVersion }}
192-
- uses: actions/cache@v4
195+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
193196
with:
194197
path: deps
195198
key: deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
196199
restore-keys: |
197200
deps-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-
198201
- run: mix deps.get --check-locked
199-
- uses: actions/cache@v4
202+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
200203
with:
201204
path: _build/dev
202205
key: compile-${{ env.MIX_ENV }}-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('mix.lock') }}
203206
restore-keys: |
204207
compile-${{ env.MIX_ENV }}-${{ runner.os }}test-${{ steps.setupBEAM.outputs.elixir-version }}-${{ steps.setupBEAM.outputs.otp-version }}-
205208
- run: mix deps.compile
206209
- run: mix compile --warning-as-errors
207-
- uses: actions/download-artifact@v4
210+
- uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
208211
with:
209212
name: dialyzer_plt_dev
210213
path: priv/plts/

.github/workflows/pr.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ on:
66

77
name: "Pull Request"
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
test:
1114
name: "Test"
@@ -18,6 +21,9 @@ jobs:
1821
docs:
1922
name: "Docs"
2023

24+
permissions:
25+
contents: write
26+
2127
uses: ./.github/workflows/part_docs.yml
2228
with:
2329
elixirVersion: "1.18"

.github/workflows/tag-stable.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ on:
55

66
name: "Stable Tag"
77

8+
permissions:
9+
contents: read
10+
811
jobs:
912
release:
1013
name: Create Release
@@ -29,6 +32,9 @@ jobs:
2932
docs:
3033
name: "Docs"
3134

35+
permissions:
36+
contents: write
37+
3238
needs: ["release"]
3339

3440
uses: ./.github/workflows/part_docs.yml

lib/expo/po/tokenizer.ex

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -190,7 +190,7 @@ defmodule Expo.PO.Tokenizer do
190190
# (with the codepoint of the char).
191191
defp tokenize_line(binary, line, _strip_meta?, _acc) when is_binary(binary) do
192192
# To get the first Unicode char, we convert to char list first.
193-
[char | _] = String.to_charlist(binary)
193+
[char | _rest] = String.to_charlist(binary)
194194
msg = :io_lib.format(~c"unexpected token: \"~ts\" (codepoint U+~4.16.0B)", [[char], char])
195195
{:error, line, :unicode.characters_to_binary(msg)}
196196
end

lib/mix/tasks/expo.msguniq.ex

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ defmodule Mix.Tasks.Expo.Msguniq do
3434

3535
@impl Mix.Task
3636
def run(args) do
37-
{:ok, _} = Application.ensure_all_started(:expo)
37+
{:ok, _apps} = Application.ensure_all_started(:expo)
3838
{opts, argv} = OptionParser.parse!(args, strict: @switches, aliases: @aliases)
3939

4040
opts = Keyword.merge(@default_options, opts)

mix.lock

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
%{
22
"bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"},
3-
"castore": {:hex, :castore, "1.0.11", "4bbd584741601eb658007339ea730b082cc61f3554cf2e8f39bf693a11b49073", [:mix], [], "hexpm", "e03990b4db988df56262852f20de0f659871c35154691427a5047f4967a16a62"},
4-
"credo": {:hex, :credo, "1.7.11", "d3e805f7ddf6c9c854fd36f089649d7cf6ba74c42bc3795d587814e3c9847102", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "56826b4306843253a66e47ae45e98e7d284ee1f95d53d1612bb483f88a8cf219"},
3+
"castore": {:hex, :castore, "1.0.14", "4582dd7d630b48cf5e1ca8d3d42494db51e406b7ba704e81fbd401866366896a", [:mix], [], "hexpm", "7bc1b65249d31701393edaaac18ec8398d8974d52c647b7904d01b964137b9f4"},
4+
"credo": {:hex, :credo, "1.7.12", "9e3c20463de4b5f3f23721527fcaf16722ec815e70ff6c60b86412c695d426c1", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "8493d45c656c5427d9c729235b99d498bd133421f3e0a683e5c1b561471291e5"},
55
"dialyxir": {:hex, :dialyxir, "1.4.5", "ca1571ac18e0f88d4ab245f0b60fa31ff1b12cbae2b11bd25d207f865e8ae78a", [:mix], [{:erlex, ">= 0.2.7", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "b0fb08bb8107c750db5c0b324fa2df5ceaa0f9307690ee3c1f6ba5b9eb5d35c3"},
6-
"earmark_parser": {:hex, :earmark_parser, "1.4.43", "34b2f401fe473080e39ff2b90feb8ddfeef7639f8ee0bbf71bb41911831d77c5", [:mix], [], "hexpm", "970a3cd19503f5e8e527a190662be2cee5d98eed1ff72ed9b3d1a3d466692de8"},
6+
"earmark_parser": {:hex, :earmark_parser, "1.4.44", "f20830dd6b5c77afe2b063777ddbbff09f9759396500cdbe7523efd58d7a339c", [:mix], [], "hexpm", "4778ac752b4701a5599215f7030989c989ffdc4f6df457c5f36938cc2d2a2750"},
77
"erlex": {:hex, :erlex, "0.2.7", "810e8725f96ab74d17aac676e748627a07bc87eb950d2b83acd29dc047a30595", [:mix], [], "hexpm", "3ed95f79d1a844c3f6bf0cea61e0d5612a42ce56da9c03f01df538685365efb0"},
8-
"ex_doc": {:hex, :ex_doc, "0.37.1", "65ca30d242082b95aa852b3b73c9d9914279fff56db5dc7b3859be5504417980", [:mix], [{:earmark_parser, "~> 1.4.42", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_c, ">= 0.1.0", [hex: :makeup_c, repo: "hexpm", optional: true]}, {:makeup_elixir, "~> 0.14 or ~> 1.0", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1 or ~> 1.0", [hex: :makeup_erlang, repo: "hexpm", optional: false]}, {:makeup_html, ">= 0.1.0", [hex: :makeup_html, repo: "hexpm", optional: true]}], "hexpm", "6774f75477733ea88ce861476db031f9399c110640752ca2b400dbbb50491224"},
8+
"ex_doc": {:hex, :ex_doc, "0.38.2", "504d25eef296b4dec3b8e33e810bc8b5344d565998cd83914ffe1b8503737c02", [:mix], [{:earmark_parser, "~> 1.4.44", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_c, ">= 0.1.0", [hex: :makeup_c, repo: "hexpm", optional: true]}, {:makeup_elixir, "~> 0.14 or ~> 1.0", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1 or ~> 1.0", [hex: :makeup_erlang, repo: "hexpm", optional: false]}, {:makeup_html, ">= 0.1.0", [hex: :makeup_html, repo: "hexpm", optional: true]}], "hexpm", "732f2d972e42c116a70802f9898c51b54916e542cc50968ac6980512ec90f42b"},
99
"excoveralls": {:hex, :excoveralls, "0.18.5", "e229d0a65982613332ec30f07940038fe451a2e5b29bce2a5022165f0c9b157e", [:mix], [{:castore, "~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "523fe8a15603f86d64852aab2abe8ddbd78e68579c8525ae765facc5eae01562"},
1010
"file_system": {:hex, :file_system, "1.1.0", "08d232062284546c6c34426997dd7ef6ec9f8bbd090eb91780283c9016840e8f", [:mix], [], "hexpm", "bfcf81244f416871f2a2e15c1b515287faa5db9c6bcf290222206d120b3d43f6"},
1111
"jason": {:hex, :jason, "1.4.4", "b9226785a9aa77b6857ca22832cffa5d5011a667207eb2a0ad56adb5db443b8a", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "c5eb0cab91f094599f94d55bc63409236a8ec69a21a67814529e8d5f6cc90b3b"},

0 commit comments

Comments
 (0)