ci: Updaiting workflow permissions and adding hardend runner per step-security.

[san-est]

Description:
Updating several workflows and their permissions per step-security requirements and adding hardend runner to one of the workflows.

Related issue(s):

Fixes #3121

Notes for reviewer:

Checklist

• Documented (Code comments, README, etc.)
• Tested (unit, integration, etc.)

[github-actions]

🚨 Memory Leak Detected 🚨

A potential memory leak has been detected in the test titled validates enforcement of request id. This may impact the application's performance and stability.

Details

📊 Memory Leak Detection Report 📊

GC Type: MarkSweepCompact
Cost: 27,265.5 ms

Heap Statistics (before vs after executing the test):

• Total Heap Size: increased with 1.46 MB
• Total Heap Size Executable: no changes
• Total Physical Size: decreased with 348.16 KB
• Total Available Size: decreased with 5.88 MB
• Total Global Handles Size: no changes
• Used Global Handles Size: decreased with 64.00 bytes
• Used Heap Size: decreased with 3.44 MB
• Heap Size Limit: no changes
• Malloced Memory: no changes
• External Memory: no changes
• Peak Malloced Memory: no changes

Heap Space Statistics (before vs after executing the test):

• Old Space:

  • Space Size: increased with 1.84 MB
  • Space Used Size: increased with 2.08 MB
  • Space Available Size: decreased with 8.72 MB
  • Physical Space Size: increased with 1.84 MB

• Large Object Space:

  • Space Size: increased with 835.58 KB
  • Space Used Size: increased with 813.50 KB
  • Space Available Size: no changes
  • Physical Space Size: increased with 835.58 KB

Recommendations

Please investigate the memory allocations in this test, focusing on objects that are not being properly deallocated.

[github-actions]

Tests

       3 files     399 suites   18s ⏱️
1 433 tests 1 432 ✔️ 1 💤 0 ❌
1 442 runs  1 441 ✔️ 1 💤 0 ❌

Results for commit b89ff2d.

♻️ This comment has been updated with latest results.

[github-actions]

Acceptance Tests

  17 files  245 suites   28m 2s ⏱️
599 tests 593 ✔️ 4 💤 2 ❌
728 runs  722 ✔️ 4 💤 2 ❌

Results for commit b89ff2d.

♻️ This comment has been updated with latest results.

[Nana-EC]

@san-est need to fix DCO then you can check in

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[github-actions]

Test Results

 20 files  ± 0  287 suites  +4   35m 8s ⏱️ +33s
607 tests + 2  588 ✅  -  3  4 💤 ±0  15 ❌ +5 
768 runs   - 26  747 ✅  - 33  6 💤 +2  15 ❌ +5 

For more details on these failures, see this check.

Results for commit 58c9f9e. ± Comparison against base commit 9afe7c2.

This pull request removes 1 and adds 3 tests. Note that renamed tests count towards both.

"before all" hook in "@tokenmanagement HTS Precompile Token Management Acceptance Tests" ‑ RPC Server Acceptance Tests Acceptance tests @tokenmanagement HTS Precompile Token Management Acceptance Tests "before all" hook in "@tokenmanagement HTS Precompile Token Management Acceptance Tests"

"before all" hook in "Debug API Test Suite" ‑ RPC Server Acceptance Tests Acceptance tests @api-batch-3 RPC Server Acceptance Tests Debug API Test Suite "before all" hook in "Debug API Test Suite"
"before each" hook for "Should eventually exhaust the hbar limit for EXTENDED user" ‑ RPC Server Acceptance Tests Acceptance tests @hbarlimiter HBAR Limiter Acceptance Tests HBAR Rate Limit Tests HBAR Rate Limit For Different Spending Plan Tiers Preconfigured Tiers EXTENDED Tier "before each" hook for "Should eventually exhaust the hbar limit for EXTENDED user"
"before each" hook for "Should increase the amount spent of the spending plan by the transaction cost" ‑ RPC Server Acceptance Tests Acceptance tests @hbarlimiter HBAR Limiter Acceptance Tests HBAR Rate Limit Tests HBAR Rate Limit For Different Spending Plan Tiers Preconfigured Tiers PRIVILEGED Tier "before each" hook for "Should increase the amount spent of the spending plan by the transaction cost"

♻️ This comment has been updated with latest results.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.26%. Comparing base (daf2aef) to head (58c9f9e).
Report is 20 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3124      +/-   ##
==========================================
+ Coverage   83.19%   83.26%   +0.07%     
==========================================
  Files          63       66       +3     
  Lines        4242     4254      +12     
  Branches      830      829       -1     
==========================================
+ Hits         3529     3542      +13     
- Misses        470      471       +1     
+ Partials      243      241       -2     

Flag	Coverage Δ
config-service	98.14% <ø> (?)
relay	85.45% <ø> (-0.14%)	⬇️
server	83.52% <ø> (+0.04%)	⬆️
ws-server	36.87% <ø> (+0.71%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 32 files with indirect coverage changes