Merge pull request #212 from kommitters/v0.8

miguelnietoa · web-flow · commit 05c6de5d9723 · 2022-12-22T11:30:21.000-05:00
Release v0.8.9
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -5,6 +5,9 @@ on:
     types:
       [published]
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   publish:
     name: Publish Release to HEX PM
@@ -16,12 +19,17 @@ jobs:
     env:
       HEX_API_KEY: ${{ secrets.HEX_API_KEY }}
     steps:
-      - uses: actions/checkout@v3
-      - uses: erlef/setup-elixir@v1
+      - name: Harden Runner
+        uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
+        with:
+          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+      - uses: erlef/setup-elixir@b980a5ac9b7316a23ebc16de2bb69b7c3ad731b5 # v1.15.0
         with:
           otp-version: ${{ matrix.otp }}
           elixir-version: ${{ matrix.elixir }}
-      - uses: actions/cache@v3
+      - uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0
         with:
           path: deps
           key: ${{ runner.os }}-mix-${{ hashFiles(format('{0}{1}', github.workspace, '/mix.lock')) }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -18,11 +18,16 @@ jobs:
     env:
       MIX_ENV: test
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
+        with:
+          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
       - name: Checkout Github repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
 
       - name: Sets up an Erlang/OTP environment
-        uses: erlef/setup-elixir@v1
+        uses: erlef/setup-elixir@b980a5ac9b7316a23ebc16de2bb69b7c3ad731b5 # v1.15.0
         with:
           otp-version: ${{ matrix.otp }}
           elixir-version: ${{ matrix.elixir }}
@@ -34,7 +39,7 @@ jobs:
           echo "::set-output name=mix_hash::$mix_hash"
 
       - name: Cache dependecies
-        uses: actions/cache@v3
+        uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0
         with:
           path: deps
           key: ${{ runner.os }}-mix-${{ steps.set_vars.outputs.mix_hash }}
@@ -43,7 +48,7 @@ jobs:
 
       - name: Cache PLT files
         id: plt-cache
-        uses: actions/cache@v3
+        uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0
         with:
           path: |
             _build
@@ -76,6 +81,11 @@ jobs:
     needs: tests
     runs-on: ubuntu-20.04
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
+        with:
+          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
       - name: Set BUILD_NUMBER for Pull Request event
         if: github.event_name == 'pull_request'
         run: echo "BUILD_NUMBER=${{ github.event.pull_request.head.sha }}-PR-${{ github.event.pull_request.number }}" >> $GITHUB_ENV
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -21,6 +21,11 @@ jobs:
       id-token: write
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
+        with:
+          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
       - name: "Checkout code"
         uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
         with:
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 0.8.9 (22.12.2022)
+* Harden GitHub Actions.
+
 ## 0.8.8 (20.12.2022)
 * Update build badge and lock to ubuntu-20.04.
 
diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@ You should only use **`stellar_base`** if you are planning to build on top of it
 ```elixir
 def deps do
   [
-    {:stellar_base, "~> 0.8.8"}
+    {:stellar_base, "~> 0.8.9"}
   ]
 end
 ```
diff --git a/mix.exs b/mix.exs
@@ -2,7 +2,7 @@ defmodule StellarBase.MixProject do
   use Mix.Project
 
   @github_url "https://github.com/kommitters/stellar_base"
-  @version "0.8.8"
+  @version "0.8.9"
 
   def project do
     [

Original file line number	Diff line number	Diff line change
@@ -24,7 +24,7 @@ You should only use `stellar_base` if you are planning to build on top of it
`24`	`24`	```elixir
`25`	`25`	`def deps do`
`26`	`26`	`[`
`27`		`- {:stellar_base, "~> 0.8.8"}`
	`27`	`+ {:stellar_base, "~> 0.8.9"}`
`28`	`28`	`]`
`29`	`29`	`end`
`30`	`30`	```
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ defmodule StellarBase.MixProject do`
`2`	`2`	`use Mix.Project`
`3`	`3`
`4`	`4`	`@github_url "https://github.com/kommitters/stellar_base"`
`5`		`- @version "0.8.8"`
	`5`	`+ @version "0.8.9"`
`6`	`6`
`7`	`7`	`def project do`
`8`	`8`	`[`