From b52db8580bf85af1f95dfd5da6874c3b55c47ea3 Mon Sep 17 00:00:00 2001
From: "Luke W. Johnston" <lwjohnst@gmail.com>
Date: Wed, 23 Jul 2025 12:08:41 +0200
Subject: [PATCH] fix: :construction_worker: forgot to checkout before building
 and publishing

---
 .github/workflows/release-package.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/release-package.yml b/.github/workflows/release-package.yml
index 3425dec..76e6554 100644
--- a/.github/workflows/release-package.yml
+++ b/.github/workflows/release-package.yml
@@ -33,6 +33,14 @@ jobs:
       - release
     if: ${{ needs.release.outputs.previous_version != needs.release.outputs.current_version }}
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
       # This workflow and the publish workflows are based on:
       # - https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
       # - https://www.andrlik.org/dispatches/til-use-uv-for-build-and-publish-github-actions/