Alex
8b1ff3f005
build: harden build.yml permissions
...
This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions ) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token ) (except from `on: pull_request` [from external forks](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an [injection](https://securitylab.github.com/research/github-actions-untrusted-input/ ) or compromised third party tool or action) is restricted.
It is recommended to have [most strict permissions on the top level](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions ) and grant write permissions on [job level](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs ) case by case.
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-12-09 11:28:26 +01:00
Max Kellermann
20310437d0
.github/workflows/build.yml: build with Ubuntu 22.04 as well
2022-07-13 12:41:04 +02:00
Max Kellermann
d29e1544bf
.github/workflows/build.yml: explicitly select ubuntu-20.04
...
According to https://github.com/actions/virtual-environments
"ubuntu-latest" maps to "ubuntu-20.04", even though "ubuntu-22.04" is
also available. Since our job description is very specific to
"ubuntu-20.04", let's select this explicitly.
2022-07-13 12:37:02 +02:00
Marceline Cramer
18ebd42c52
.github: Add reminder to include backtrace in issue template
2022-07-04 10:32:58 -06:00
Max Kellermann
dcf39ee44e
.github/workflows/build.yml: add "python-version: 3.x"
...
This appears to be necessary as of actions/setup-python@v4 (commit
45d908e25f
).
2022-06-13 21:37:04 +02:00
dependabot[bot]
45d908e25f
build(deps): bump actions/setup-python from 3 to 4
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](https://github.com/actions/setup-python/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-13 15:23:52 +00:00
Max Kellermann
b4f454a553
Merge pull request #1548 from MusicPlayerDaemon/dependabot/github_actions/actions/setup-python-3
...
build(deps): bump actions/setup-python from 1 to 3
2022-06-08 12:56:55 +02:00
dependabot[bot]
e2d6bb7444
build(deps): bump actions/checkout from 2 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-05 08:28:29 +00:00
dependabot[bot]
f89916e6fb
build(deps): bump actions/setup-python from 1 to 3
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 1 to 3.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](https://github.com/actions/setup-python/compare/v1...v3 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-05 08:28:27 +00:00
naveen
7d95b15cbc
chore: Included githubactions in the dependabot config
...
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.
Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot
GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-05 01:30:13 +00:00
Max Kellermann
2730f91872
.github/workflows/build.yml: build everything, not just unit tests (Linux)
2022-05-23 21:32:42 +02:00
Max Kellermann
97ca85e155
.github/workflows/build.yml: verbose build (Linux)
2022-05-23 21:32:02 +02:00
Max Kellermann
39bb4c5871
.github/workflows/build.yml: build everything, not just unit tests
2022-05-23 21:28:28 +02:00
Max Kellermann
bdceb90c59
.github/workflows/build.yml: verbose build
2022-05-23 21:25:28 +02:00
Max Kellermann
a009e95afd
.github/ISSUE_TEMPLATE/bug_report.md: add "Configuration" section
2022-05-19 09:26:21 +02:00
Max Kellermann
32aafb3572
.github/ISSUE_TEMPLATE/question.md: remove, we have GitHub discussions now
2022-05-19 09:25:00 +02:00
Max Kellermann
b577783cf0
.github/FUNDING.yml: remove, no funding
...
This was an experiment, but I decided I don't need that.
2022-05-19 09:24:22 +02:00
Max Kellermann
aa7b872a14
.github/workflows/build.yml: run "apt-get update"
...
The build has been failing for a week or two because the package lists
in the image are outdated.
2022-05-19 09:23:08 +02:00
Max Kellermann
b9cc036703
.github/workflows/build.yml: rebuild branch v0.23.x
2021-12-03 23:00:42 +01:00
Max Kellermann
f01388559f
.github/workflows/build.yml: fix the ccache.key
2021-11-26 13:32:48 +01:00
Max Kellermann
27edd4a610
.github/workflows: merge build-{linux,macos}.yml into one
2021-11-26 13:32:08 +01:00
Max Kellermann
fd5b195879
.github/workflows/build-macos.yml: use actions/setup-python@v1
...
Without it, BSFishy/meson-build defaults to /usr/local/bin/python,
which is Python 2.
2021-11-23 12:17:32 +01:00
Max Kellermann
bb5df9839d
.github/workflows/build-macos.yml: install Meson, ninja and Boost
2021-11-23 12:17:32 +01:00
Max Kellermann
be34d55291
.github/workflows: add macOS build
2021-11-23 11:41:40 +01:00
Max Kellermann
c13911b171
.github/workflows: auto-build with GitHub Actions
2021-11-23 10:45:14 +01:00
Max Kellermann
ff2e584bde
Create FUNDING.yml
2020-01-20 14:30:52 +01:00
Max Kellermann
45a091c00c
.github: add issue templates
2019-05-20 16:44:02 +02:00