From 47a264d45832d8aae8a28405662060e9f7bfbae4 Mon Sep 17 00:00:00 2001
From: Michael McLoughlin <mmcloughlin@gmail.com>
Date: Tue, 27 Apr 2021 21:33:47 -0700
Subject: [PATCH 1/2] ci: github actions hardening

---
 .github/workflows/ci.yml | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 998fd76b..459fabca 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,3 +1,8 @@
+name: ci
+
+permissions:
+  contents: read
+
 on:
   push:
     branches:
@@ -16,7 +21,7 @@ jobs:
     runs-on: ${{ matrix.platform }}
     steps:
     - name: Install Go
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3
       with:
         go-version: ${{ matrix.go-version }}
     - name: Configure Go Environment
@@ -26,7 +31,9 @@ jobs:
     - name: Go Environment
       run: go env
     - name: Checkout code
-      uses: actions/checkout@v1
+      uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+      with:
+        persist-credentials: false
     - name: Bootstrap
       run: ./script/bootstrap
 
@@ -38,13 +45,13 @@ jobs:
       run: ./script/coverage
 
     - name: Upload Unit Test Coverage
-      uses: codecov/codecov-action@v1.0.5
+      uses: codecov/codecov-action@967e2b38a85a62bd61be5529ada27ebc109948c2 #v1.4.1
       with:
         token: ${{ secrets.CODECOV_TOKEN }}
         file: unittests.coverprofile
         flags: unittests
     - name: Upload Integration Test Coverage
-      uses: codecov/codecov-action@v1.0.5
+      uses: codecov/codecov-action@967e2b38a85a62bd61be5529ada27ebc109948c2 #v1.4.1
       with:
         token: ${{ secrets.CODECOV_TOKEN }}
         file: integration.coverprofile
@@ -58,7 +65,7 @@ jobs:
     runs-on: ${{ matrix.platform }}
     steps:
     - name: Install Go
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3
       with:
         go-version: ${{ matrix.go-version }}
     - name: Configure Go Environment
@@ -68,7 +75,9 @@ jobs:
     - name: Go Environment
       run: go env
     - name: Checkout code
-      uses: actions/checkout@v1
+      uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+      with:
+        persist-credentials: false
     - name: Bootstrap
       run: ./script/bootstrap
     - name: Lint
@@ -82,11 +91,13 @@ jobs:
     runs-on: ${{ matrix.platform }}
     steps:
     - name: Install Go
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3
       with:
         go-version: ${{ matrix.go-version }}
     - name: Checkout code
-      uses: actions/checkout@v1
+      uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+      with:
+        persist-credentials: false
     - name: Run Third-Party Tests
       working-directory: ./tests/thirdparty
       run: go test -pkgs packages.json

From 7484227d0a823e94e69d09897b3db4b6f6460652 Mon Sep 17 00:00:00 2001
From: Michael McLoughlin <mmcloughlin@gmail.com>
Date: Tue, 27 Apr 2021 21:35:53 -0700
Subject: [PATCH 2/2] dedupe name field

---
 .github/workflows/ci.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 459fabca..f39e71ca 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,7 +11,6 @@ on:
   schedule:
     - cron: '17 12 * * 6'
 
-name: ci
 jobs:
   test:
     strategy: