From dcfbeb50b1a1e907cd531bdcc7b29812927c3fa9 Mon Sep 17 00:00:00 2001
From: Muhammad Seyravan <muhammad@sensortower.com>
Date: Tue, 3 Feb 2026 22:38:43 +0300
Subject: [PATCH] Github Actions Security Hardening

---
 .github/workflows/ubuntu-latest.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ubuntu-latest.yml b/.github/workflows/ubuntu-latest.yml
index 5792ec0..67a2488 100644
--- a/.github/workflows/ubuntu-latest.yml
+++ b/.github/workflows/ubuntu-latest.yml
@@ -6,8 +6,18 @@ on:
   pull_request:
     branches: [ master ]
 
+# Restrict default permissions for security
+permissions:
+  contents: read
+
+# Prevent duplicate workflow runs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   ubuntu:
+    name: Ruby Tests
     runs-on: ubuntu-latest
 
     strategy:
@@ -15,7 +25,9 @@ jobs:
         ruby: [ '2.6', '2.7' ]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
     - name: Set up Ruby
       uses: ruby/setup-ruby@90be1154f987f4dc0fe0dd0feedac9e473aa4ba8 # v1
       with: