From 0f6a649c17f3fa815132d042655f241c2515eff8 Mon Sep 17 00:00:00 2001
From: Myron Marston <myron@squareup.com>
Date: Fri, 27 Dec 2024 09:57:04 -0800
Subject: [PATCH] Fix `script/update_ci_yaml` to match changes from #68.

This should fix the build.
---
 script/update_ci_yaml | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/script/update_ci_yaml b/script/update_ci_yaml
index c48db2b4..0e0970bb 100755
--- a/script/update_ci_yaml
+++ b/script/update_ci_yaml
@@ -129,14 +129,19 @@ jobs:
             datastore: "<%= primary_datastore_version %>"
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@bfefad842bb982ff05b233bcbc1571d97a87e69f # v1.206.0
         with:
           ruby-version: ${{ matrix.ruby }}
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
 
-      - uses: KengoTODA/actions-setup-docker-compose@main
+      - uses: KengoTODA/actions-setup-docker-compose@a25fb82c577d314635e25bac72995718b9296dd2 # main
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -156,6 +161,11 @@ jobs:
     name: All CI Checks Passed
     needs: [ci-check]
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
       - run: |
           result="${{ needs.ci-check.result }}"
           if [[ $result == "success" || $result == "skipped" ]]; then