oysteikt/mpd
0
0
Fork 0
Code Issues Pull Requests Releases Activity
17,582 Commits 1 Branch 144 Tags 56 MiB
5ca74acd8d
Commit Graph

20 Commits

Author SHA1 Message Date
Alex
8b1ff3f005
build: harden build.yml permissions 
This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) (except from `on: pull_request` [from external forks](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an [injection](https://securitylab.github.com/research/github-actions-untrusted-input/) or compromised third party tool or action) is restricted.
It is recommended to have [most strict permissions on the top level](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) and grant write permissions on [job level](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) case by case.

Signed-off-by: Alex <aleksandrosansan@gmail.com>
 2022-12-09 11:28:26 +01:00
Max Kellermann
20310437d0 .github/workflows/build.yml: build with Ubuntu 22.04 as well 2022-07-13 12:41:04 +02:00
Max Kellermann
d29e1544bf .github/workflows/build.yml: explicitly select ubuntu-20.04 
According to https://github.com/actions/virtual-environments
"ubuntu-latest" maps to "ubuntu-20.04", even though "ubuntu-22.04" is
also available.  Since our job description is very specific to
"ubuntu-20.04", let's select this explicitly.
 2022-07-13 12:37:02 +02:00
Max Kellermann
dcf39ee44e .github/workflows/build.yml: add "python-version: 3.x" 
This appears to be necessary as of actions/setup-python@v4 (commit
45d908e25f).
 2022-06-13 21:37:04 +02:00
dependabot[bot]
45d908e25f
build(deps): bump actions/setup-python from 3 to 4 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-13 15:23:52 +00:00
Max Kellermann
b4f454a553
Merge pull request #1548 from MusicPlayerDaemon/dependabot/github_actions/actions/setup-python-3 
build(deps): bump actions/setup-python from 1 to 3
 2022-06-08 12:56:55 +02:00
dependabot[bot]
e2d6bb7444
build(deps): bump actions/checkout from 2 to 3 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-05 08:28:29 +00:00
dependabot[bot]
f89916e6fb
build(deps): bump actions/setup-python from 1 to 3 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 1 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-05 08:28:27 +00:00
Max Kellermann
2730f91872 .github/workflows/build.yml: build everything, not just unit tests (Linux) 2022-05-23 21:32:42 +02:00
Max Kellermann
97ca85e155 .github/workflows/build.yml: verbose build (Linux) 2022-05-23 21:32:02 +02:00
Max Kellermann
39bb4c5871 .github/workflows/build.yml: build everything, not just unit tests 2022-05-23 21:28:28 +02:00
Max Kellermann
bdceb90c59 .github/workflows/build.yml: verbose build 2022-05-23 21:25:28 +02:00
Max Kellermann
aa7b872a14 .github/workflows/build.yml: run "apt-get update" 
The build has been failing for a week or two because the package lists
in the image are outdated.
 2022-05-19 09:23:08 +02:00
Max Kellermann
b9cc036703 .github/workflows/build.yml: rebuild branch v0.23.x 2021-12-03 23:00:42 +01:00
Max Kellermann
f01388559f .github/workflows/build.yml: fix the ccache.key 2021-11-26 13:32:48 +01:00
Max Kellermann
27edd4a610 .github/workflows: merge build-{linux,macos}.yml into one 2021-11-26 13:32:08 +01:00
Max Kellermann
fd5b195879 .github/workflows/build-macos.yml: use actions/setup-python@v1 
Without it, BSFishy/meson-build defaults to /usr/local/bin/python,
which is Python 2.
 2021-11-23 12:17:32 +01:00
Max Kellermann
bb5df9839d .github/workflows/build-macos.yml: install Meson, ninja and Boost 2021-11-23 12:17:32 +01:00
Max Kellermann
be34d55291 .github/workflows: add macOS build 2021-11-23 11:41:40 +01:00
Max Kellermann
c13911b171 .github/workflows: auto-build with GitHub Actions 2021-11-23 10:45:14 +01:00