Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEC-090: Automated trusted workflow pinning (2023-04-27) #46

Merged
merged 1 commit into from
May 22, 2023
Merged

SEC-090: Automated trusted workflow pinning (2023-04-27) #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/example.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@ jobs:
- { go: "1.16", goos: "solaris", goarch: "amd64" }
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Setup go
uses: actions/setup-go@v2
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with:
go-version: ${{ matrix.go }}
- name: Compile Binary
Expand All @@ -41,7 +41,7 @@ jobs:
go build -o "$product_name" .
zip "${{ env.product_name }}_${{ env.version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip" "$product_name"
- name: Upload product artifact.
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
path: example/${{ env.product_name }}_${{ env.version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
name: ${{ env.product_name }}_${{ env.version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
Expand All @@ -62,7 +62,7 @@ jobs:
- { arch: "arm64" }
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Build
# To run the example with the current commit use 'uses: ./'
uses: ./
Expand Down
26 changes: 13 additions & 13 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
run: |
sudo git clone --depth 1 --branch "v$BATS_VERSION" "$BATS_REPO" "$BATS_PATH"
echo "$BATS_PATH/bin" >> "$GITHUB_PATH"
- uses: actions/checkout@v2
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run BATS tests
run: make test

Expand All @@ -27,18 +27,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Zip Test Bin
run: |
zip ./testdata/test_bin.zip ./testdata/test_bin
zip ./testdata/actions-docker-build.zip ./testdata/actions-docker-build
- name: Upload a test artifact.
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
path: testdata/test_bin.zip
name: test_bin.zip
- name: Upload a test artifact.
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
path: testdata/actions-docker-build.zip
name: actions-docker-build.zip
Expand All @@ -51,7 +51,7 @@ jobs:
- action-test-prep
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# Test setup.
- name: Move Dockerfile to Repo Root
run: |
Expand Down Expand Up @@ -83,7 +83,7 @@ jobs:
- action-test-prep
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Invoke Action
uses: ./ # This is the action we're testing.
with:
Expand Down Expand Up @@ -111,7 +111,7 @@ jobs:
- action-test-prep
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Invoke Action
uses: ./ # This is the action we're testing.
with:
Expand Down Expand Up @@ -139,7 +139,7 @@ jobs:
- action-test-prep
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Invoke Action
uses: ./
with:
Expand All @@ -164,7 +164,7 @@ jobs:
- action-test-prep
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Invoke Action
id: docker-build
uses: ./
Expand Down Expand Up @@ -202,7 +202,7 @@ jobs:
- action-test-prep
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# Test setup.
- name: Move Dockerfile to Repo Root
run: |
Expand All @@ -228,7 +228,7 @@ jobs:
- action-test-prep
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# Test setup
- name: Move Dockerfile to Repo Root
run: |
Expand All @@ -249,10 +249,10 @@ jobs:
- action-test-prep
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# Handle the artifact download ourselves
- name: Download Product Zip Artifact
uses: actions/download-artifact@v3
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
path: archive
name: actions-docker-build.zip
Expand Down
10 changes: 5 additions & 5 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ runs:
run: ${{ github.action_path }}/scripts/register_qemu_binfmt

- name: Download Product Zip Artifact
uses: actions/download-artifact@v3
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
if: ${{ inputs.do_zip_extract_step == 'true' }}
with:
path: ${{ env.ZIP_LOCATION }}
Expand All @@ -166,7 +166,7 @@ runs:
run: ${{ github.action_path}}/scripts/create_metadata

- name: Upload Docker Image metadata
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
env:
# Add _redhat if this is a redhat call.
REDHAT_SUFFIX: ${{ inputs.redhat_tag && '_redhat' || '' }}
Expand All @@ -176,23 +176,23 @@ runs:
if-no-files-found: error

- name: Upload Prod Tarball
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: ${{ env.TAGS != '' }}
with:
name: ${{ env.TARBALL_NAME }}
path: ${{ env.TARBALL_NAME }}
if-no-files-found: error

- name: Upload Dev Tarball
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: ${{ env.DEV_TAGS != '' }}
with:
name: ${{ env.DEV_TARBALL_NAME }}
path: ${{ env.DEV_TARBALL_NAME }}
if-no-files-found: error

- name: Upload Red Hat Tarball
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: ${{ env.REDHAT_TAG != '' }}
with:
name: ${{ env.REDHAT_TARBALL_NAME }}
Expand Down