From b0d16b759a59836756f8d0ec637f7f8d121a48cd Mon Sep 17 00:00:00 2001
From: Andrew Gallant <jamslam@gmail.com>
Date: Thu, 5 Oct 2023 21:47:14 -0400
Subject: [PATCH] ci: fix it

We bump the pinned version in CI to Rust 1.60 without technically
touching our MSRV. I don't have the patience or time to actually fix it
for Rust 1.34. So the next release we'll just bump the MSRV officially
and content ourselves with CI working on Rust 1.60.
---
 .github/workflows/ci.yml | 55 ++++++++++++++++++++++------------------
 1 file changed, 30 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8c64a92..12621cf 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,33 +1,48 @@
 name: ci
 on:
   pull_request:
+    branches:
+    - master
   push:
     branches:
     - master
   schedule:
   - cron: '00 01 * * *'
+
+# The section is needed to drop write-all permissions that are granted on
+# `schedule` event. By specifying any permission explicitly all others are set
+# to none. By using the principle of least privilege the damage a compromised
+# workflow can do (because of an injection or compromised third party tool or
+# action) is restricted. Currently the worklow doesn't need any additional
+# permission except for pulling the code. Adding labels to issues, commenting
+# on pull-requests, etc. may need additional permissions:
+#
+# Syntax for this section:
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+#
+# Reference for how to assign permissions on a job-by-job basis:
+# https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+#
+# Reference for available permissions that we can enable if needed:
+# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
+permissions:
+  # to fetch code (actions/checkout)
+  contents: read
+
 jobs:
   test:
     name: test
     runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
-        build:
-        - pinned
-        - pinned-win
-        - stable
-        - beta
-        - nightly
-        - macos
-        - win-msvc
-        - win-gnu
         include:
         - build: pinned
           os: ubuntu-latest
-          rust: 1.34.0
+          rust: 1.60.0
         - build: pinned-win
           os: windows-latest
-          rust: 1.34.0
+          rust: 1.60.0
         - build: stable
           os: ubuntu-latest
           rust: stable
@@ -48,15 +63,11 @@ jobs:
           rust: stable-x86_64-gnu
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v1
-      with:
-        fetch-depth: 1
+      uses: actions/checkout@v4
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@master
       with:
         toolchain: ${{ matrix.rust }}
-        override: true
-        profile: minimal
     - run: cargo build --verbose
     - run: cargo doc --verbose
     - if: startsWith(matrix.build, 'pinned-') == false
@@ -69,21 +80,15 @@ jobs:
         cargo test --verbose
 
   rustfmt:
-    name: rustfmt
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v1
-      with:
-        fetch-depth: 1
+      uses: actions/checkout@v4
     - name: Install Rust
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@master
       with:
         toolchain: stable
-        profile: minimal
         components: rustfmt
-    - name: Install rustfmt
-      run: rustup component add rustfmt
     - name: Check formatting
       run: |
         cargo fmt --all -- --check