ci: various workflow improvements (#670)

commit: 17079384ec16f77a530ffab35ab91e8e41fa4dcc [log] [tgz]
author: エリス <erisu@users.noreply.github.com> Fri Jul 25 01:16:29 2025 +0900
committer: GitHub <noreply@github.com> Fri Jul 25 01:16:29 2025 +0900
tree: 8c81cfdd47188fc1d07c16cc4220160d74b41199
parent: a8f7483cf9dabcfd69dbddf2d0c5d0860e639da8 [diff]
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3434357..8f40aec 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml

@@ -25,6 +25,10 @@
     branches:
       - '*'
 
+permissions:
+  contents: read
+  security-events: write
+
 jobs:
   test:
     name: NodeJS ${{ matrix.node-version }} on ${{ matrix.os }}
@@ -32,7 +36,7 @@
     strategy:
       matrix:
         node-version: [20.x, 22.x, 24.x]
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-15]
 
     steps:
       - uses: actions/checkout@v4
@@ -63,7 +67,8 @@
 
       - uses: github/codeql-action/analyze@v3
 
-      - uses: codecov/codecov-action@v4
+      # v4.6.0
+      - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238
         if: success()
         with:
           name: ${{ runner.os }} node.js ${{ matrix.node-version }}
commit	17079384ec16f77a530ffab35ab91e8e41fa4dcc	[log] [tgz]
author	エリス <erisu@users.noreply.github.com>	Fri Jul 25 01:16:29 2025 +0900
committer	GitHub <noreply@github.com>	Fri Jul 25 01:16:29 2025 +0900
tree	8c81cfdd47188fc1d07c16cc4220160d74b41199
parent	a8f7483cf9dabcfd69dbddf2d0c5d0860e639da8 [diff]