clearlinux/official-images
2
0
Fork 0
mirror of https://github.com/clearlinux/official-images.git synced 2026-06-15 18:26:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
26,058 Commits 320 Branches 0 Tags
master
Commit Graph

29 Commits

Author SHA1 Message Date
Tianon Gravi a59abe2fb9 Remove BASHBREW_GENERATE_SKIP_PGP_PROXY (no longer used) 2022-06-27 15:13:05 -07:00
naveen 24fba907a8 chore: Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-06-12 00:31:16 +00:00
Tianon Gravi 4faa4579ff Write PR diff to GITHUB_STEP_SUMMARY 2022-05-10 12:15:44 -07:00
Joe Ferguson 02e57c3af3 Skip pgp-happy-eyeballs on build tests 
https://github.com/docker-library/official-images/pull/11917#issuecomment-1049236174
 2022-02-23 16:15:40 -08:00
Rob Cowsill d0c35646ec Turn trace off during workflow commands 
Required so the resume token isn't leaked in the logs, and to
prevent any interference with workflow command processing
 2021-11-26 15:23:45 +00:00
Rob Cowsill 16ef34a23a Prevent code injection 
* Stop workflow command processing until the set-output command
* Parse JSON instead of injecting it into the source
* Restrict permissions to minimum required
 2021-11-25 16:14:47 +00:00
Tianon Gravi 6b701d8410 Fix comments pagination in "Munge PR" 2021-10-20 16:58:20 -07:00
Tianon Gravi 6b31fa06e3 Merge pull request #10879 from infosiftr/test-better-munge 
Make "Munge PR" more intelligent (test PR)
 2021-10-11 16:35:26 +00:00
George Adams ab4eed6c03 actions: auto cancel builds if user pushes another commit (#10991) 2021-09-30 14:31:39 -07:00
Tianon Gravi f0edc7c298 Make "Munge PR" more intelligent 2021-09-09 16:00:57 -07:00
Tianon Gravi 7449616ec1 Update "munge-pr.yml" to run "diff-pr.sh" inside a container 
This avoids accidentally reintroducing CVE-2020-15228 (for example, having a PR that changes `diff-pr.sh` to write something malicious to `$GITHUB_ENV`).
 2020-11-30 17:05:58 -08:00
Tianon Gravi cf7abb9b67 Stage the PR diff in a file instead of a variable (avoiding length limits) 2020-11-17 01:27:26 -08:00
Tianon Gravi 6e417c94f7 Pass along the PR diff via environment variable instead of outputs 2020-11-17 00:28:43 -08:00
Tianon Gravi 254a5aee42 Fix typo 2020-11-16 17:23:06 -08:00
Tianon Gravi 752c8cde54 Switch from external script to embedded to fix branch drift 2020-11-16 16:38:48 -08:00
Tianon Gravi c2def78393 Add workaround for "merge_commit_sha" not being set quickly enough... 
See https://docs.github.com/en/free-pro-team@latest/rest/reference/pulls#get-a-pull-request (and/or https://github.community/t/why-does-merge-commit-sha-change-during-action-run/129932/2?u=tianon)
 2020-11-16 11:22:56 -08:00
Tianon Gravi 693326e3f2 Add new "Munge PR" workflow using "pull_request_target" 2020-11-16 10:00:20 -08:00
Tianon Gravi cb58d204f3 Update test-pr action from set-env to $GITHUB_ENV file 
See https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
 2020-10-06 16:37:42 -07:00
Tianon Gravi af378d70ca Set "GIT_LFS_SKIP_SMUDGE" in both GitHub Actions to prevent LFS from breaking diff/test 
See https://github.com/docker-library/bashbrew/issues/10 for details and https://github.com/docker-library/official-images/pull/8282 for the PR which failed and caused us to notice. 😅
 2020-06-30 12:25:14 -07:00
Tianon Gravi eef6790f39 Update Github Actions to use our local clone for running tests 
This allows test changes to be tested too, if they live in the PR with the image change.
 2020-05-15 13:56:58 -07:00
Tianon Gravi c50488efd5 Fix generate for really long matrices 2020-05-07 13:05:46 -07:00
Tianon Gravi 3e21779c20 Adjust "actions/checkout@v2" params to unshallow so that we can properly detect which files changed in the PR 2020-05-06 13:47:26 -07:00
Tianon Gravi d6816f0a19 Add "initial diffing" commit URL 2020-05-05 16:29:36 -07:00
Tianon Gravi 088d51bfde Move PR diff generation to our separate "Periodic" workflow 2020-05-05 16:28:58 -07:00
Tianon Gravi dc9cd282e7 Rename workflow job to "Periodic Actions" 2020-05-05 16:24:56 -07:00
Tianon Gravi 07c8f39371 Remove unnecessary actions/checkout in PR labeller job 2020-05-05 15:12:49 -07:00
Tianon Gravi a40bfb3617 Move PR labelling to a separate (scheduled) workflow 
See https://github.community/t5/GitHub-Actions/GitHub-actions-are-severely-limited-on-PRs/m-p/54669/highlight/true#M9249
 2020-05-05 15:06:18 -07:00
Tianon Gravi 39cc4e2159 Add initial GitHub Actions CI 2020-05-05 11:38:15 -07:00
Tianon Gravi edbe5d50f2 Add an initial issue template to help guide users to the right place to file issues 2017-02-14 14:40:11 -08:00