From a5ce5a076f6d1f9564f433e0aed53a7bea1f48c2 Mon Sep 17 00:00:00 2001
From: Fabian Zeindl <fabian.zeindl@gmail.com>
Date: Mon, 6 May 2024 06:38:58 +0200
Subject: [PATCH] [build] harden security of github actions

---
 .github/workflows/build-master.yml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-master.yml b/.github/workflows/build-master.yml
index 60020fc..a67c898 100644
--- a/.github/workflows/build-master.yml
+++ b/.github/workflows/build-master.yml
@@ -23,9 +23,14 @@ jobs:
       url: ${{ steps.deployment.outputs.page_url }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: Harden Runner
+        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
         with:
           distribution: 'temurin'
           java-version: '17'
@@ -44,12 +49,12 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/configure-pages@v3
+      - uses: actions/configure-pages@b8130d9ab958b325bbde9786d62f2c97a9885a0e # v3.0.7
 
-      - uses: actions/upload-pages-artifact@v1
+      - uses: actions/upload-pages-artifact@84bb4cd4b733d5c320c9c9cfbc354937524f4d64 # v1.0.10
         with:
           path: 'build/dokka/html'
 
       - name: Deploy to Documentation GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v1
+        uses: actions/deploy-pages@f27bcc15848fdcdcc02f01754eb838e44bcf389b # v1.2.9