-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security improvements to GitHub Actions (#17520)
Signed-off-by: Florent Poinsard <[email protected]>
- Loading branch information
Showing
115 changed files
with
901 additions
and
482 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -27,11 +27,13 @@ jobs: | |
| - name: Check out code | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: 'false' | ||
|
|
||
| - name: Check for changes in relevant files | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: dorny/[email protected] | ||
| uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 | ||
| id: changes | ||
| with: | ||
| token: '' | ||
|
|
@@ -47,7 +49,7 @@ jobs: | |
| - '.github/workflows/check_make_vtadmin_authz_testgen.yml' | ||
| - name: Set up Go | ||
| uses: actions/setup-go@v5 | ||
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.vtadmin_changes == 'true' | ||
| with: | ||
| go-version: 1.22.10 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -27,11 +27,13 @@ jobs: | |
| - name: Check out code | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: 'false' | ||
|
|
||
| - name: Check for changes in relevant files | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: dorny/[email protected] | ||
| uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 | ||
| id: changes | ||
| with: | ||
| token: '' | ||
|
|
@@ -49,14 +51,14 @@ jobs: | |
| - '.github/workflows/check_make_vtadmin_web_proto.yml' | ||
| - name: Set up Go | ||
| uses: actions/setup-go@v5 | ||
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.proto_changes == 'true' | ||
| with: | ||
| go-version: 1.22.10 | ||
|
|
||
| - name: Setup Node | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.proto_changes == 'true' | ||
| uses: actions/setup-node@v4 | ||
| uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 | ||
| with: | ||
| # node-version should match package.json | ||
| node-version: '18.16.0' | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,6 +15,7 @@ env: | |
|
|
||
| jobs: | ||
| build: | ||
| timeout-minutes: 60 | ||
| name: Run endtoend tests on Cluster (12) | ||
| runs-on: ubuntu-24.04 | ||
|
|
||
|
|
@@ -45,11 +46,13 @@ jobs: | |
| - name: Check out code | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: 'false' | ||
|
|
||
| - name: Check for changes in relevant files | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: dorny/[email protected] | ||
| uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 | ||
| id: changes | ||
| with: | ||
| token: '' | ||
|
|
@@ -71,13 +74,13 @@ jobs: | |
| - name: Set up Go | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-go@v5 | ||
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
| with: | ||
| go-version: 1.22.10 | ||
|
|
||
| - name: Set up python | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-python@v5 | ||
| uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 | ||
|
|
||
| - name: Tune the OS | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
|
|
@@ -91,6 +94,7 @@ jobs: | |
| - name: Get dependencies | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| timeout-minutes: 10 | ||
| run: | | ||
| # Get key to latest MySQL repo | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,6 +15,7 @@ env: | |
|
|
||
| jobs: | ||
| build: | ||
| timeout-minutes: 60 | ||
| name: Run endtoend tests on Cluster (13) | ||
| runs-on: ubuntu-24.04 | ||
|
|
||
|
|
@@ -45,11 +46,13 @@ jobs: | |
| - name: Check out code | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: 'false' | ||
|
|
||
| - name: Check for changes in relevant files | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: dorny/[email protected] | ||
| uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 | ||
| id: changes | ||
| with: | ||
| token: '' | ||
|
|
@@ -71,13 +74,13 @@ jobs: | |
| - name: Set up Go | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-go@v5 | ||
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
| with: | ||
| go-version: 1.22.10 | ||
|
|
||
| - name: Set up python | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-python@v5 | ||
| uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 | ||
|
|
||
| - name: Tune the OS | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
|
|
@@ -91,6 +94,7 @@ jobs: | |
| - name: Get dependencies | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| timeout-minutes: 10 | ||
| run: | | ||
| # Get key to latest MySQL repo | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,6 +15,7 @@ env: | |
|
|
||
| jobs: | ||
| build: | ||
| timeout-minutes: 60 | ||
| name: Run endtoend tests on Cluster (15) | ||
| runs-on: ubuntu-24.04 | ||
|
|
||
|
|
@@ -45,11 +46,13 @@ jobs: | |
| - name: Check out code | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: 'false' | ||
|
|
||
| - name: Check for changes in relevant files | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: dorny/[email protected] | ||
| uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 | ||
| id: changes | ||
| with: | ||
| token: '' | ||
|
|
@@ -71,13 +74,13 @@ jobs: | |
| - name: Set up Go | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-go@v5 | ||
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
| with: | ||
| go-version: 1.22.10 | ||
|
|
||
| - name: Set up python | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-python@v5 | ||
| uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 | ||
|
|
||
| - name: Tune the OS | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
|
|
@@ -91,6 +94,7 @@ jobs: | |
| - name: Get dependencies | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| timeout-minutes: 10 | ||
| run: | | ||
| # Get key to latest MySQL repo | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,6 +15,7 @@ env: | |
|
|
||
| jobs: | ||
| build: | ||
| timeout-minutes: 60 | ||
| name: Run endtoend tests on Cluster (18) | ||
| runs-on: ubuntu-24.04 | ||
|
|
||
|
|
@@ -45,11 +46,13 @@ jobs: | |
| - name: Check out code | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: 'false' | ||
|
|
||
| - name: Check for changes in relevant files | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: dorny/[email protected] | ||
| uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 | ||
| id: changes | ||
| with: | ||
| token: '' | ||
|
|
@@ -71,13 +74,13 @@ jobs: | |
| - name: Set up Go | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-go@v5 | ||
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
| with: | ||
| go-version: 1.22.10 | ||
|
|
||
| - name: Set up python | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-python@v5 | ||
| uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 | ||
|
|
||
| - name: Tune the OS | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
|
|
@@ -91,6 +94,7 @@ jobs: | |
| - name: Get dependencies | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| timeout-minutes: 10 | ||
| run: | | ||
| # Get key to latest MySQL repo | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,6 +15,7 @@ env: | |
|
|
||
| jobs: | ||
| build: | ||
| timeout-minutes: 60 | ||
| name: Run endtoend tests on Cluster (21) | ||
| runs-on: ubuntu-24.04 | ||
|
|
||
|
|
@@ -45,11 +46,13 @@ jobs: | |
| - name: Check out code | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: 'false' | ||
|
|
||
| - name: Check for changes in relevant files | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' | ||
| uses: dorny/[email protected] | ||
| uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 | ||
| id: changes | ||
| with: | ||
| token: '' | ||
|
|
@@ -71,13 +74,13 @@ jobs: | |
| - name: Set up Go | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-go@v5 | ||
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
| with: | ||
| go-version: 1.22.10 | ||
|
|
||
| - name: Set up python | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| uses: actions/setup-python@v5 | ||
| uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 | ||
|
|
||
| - name: Tune the OS | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
|
|
@@ -91,6 +94,7 @@ jobs: | |
| - name: Get dependencies | ||
| if: steps.skip-workflow.outputs.skip-workflow == 'false' && steps.changes.outputs.end_to_end == 'true' | ||
| timeout-minutes: 10 | ||
| run: | | ||
| # Get key to latest MySQL repo | ||
|
|
||
Oops, something went wrong.