mirror of
https://github.com/Llewellynvdm/zoxide.git
synced 2024-11-25 14:07:35 +00:00
Harden GitHub Actions (#544)
* Harden GitHub Actions * Update release.yml --------- Co-authored-by: Ajeet D'Souza <98ajeet@gmail.com>
This commit is contained in:
StepSecurity Bot
Ajeet D'Souza
parent
8f1cb75732
commit
fa1cfb490d
13
.github/workflows/ci.yml
vendored
13
.github/workflows/ci.yml
vendored
@ -8,6 +8,9 @@ env:
|
|||||||
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
||||||
CARGO_INCREMENTAL: 0
|
CARGO_INCREMENTAL: 0
|
||||||
CARGO_TERM_COLOR: always
|
CARGO_TERM_COLOR: always
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
ci:
|
ci:
|
||||||
name: ${{ matrix.os }}
|
name: ${{ matrix.os }}
|
||||||
@ -16,29 +19,29 @@ jobs:
|
|||||||
matrix:
|
matrix:
|
||||||
os: [ubuntu-latest, windows-latest]
|
os: [ubuntu-latest, windows-latest]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- uses: actions-rs/toolchain@v1
|
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
|
||||||
if: ${{ matrix.os == 'windows-latest' }}
|
if: ${{ matrix.os == 'windows-latest' }}
|
||||||
with:
|
with:
|
||||||
toolchain: stable
|
toolchain: stable
|
||||||
components: rustfmt, clippy
|
components: rustfmt, clippy
|
||||||
profile: minimal
|
profile: minimal
|
||||||
override: true
|
override: true
|
||||||
- uses: cachix/install-nix-action@v16
|
- uses: cachix/install-nix-action@d56f3ce9be45c562799280e8a561fbbe8f36de44 # v16
|
||||||
if: ${{ matrix.os != 'windows-latest' }}
|
if: ${{ matrix.os != 'windows-latest' }}
|
||||||
with:
|
with:
|
||||||
nix_path: nixpkgs=channel:nixos-unstable
|
nix_path: nixpkgs=channel:nixos-unstable
|
||||||
- uses: cachix/cachix-action@v10
|
- uses: cachix/cachix-action@73e75d1a0cd4330597a571e8f9dedb41faa2fc4e # v10
|
||||||
if: ${{ matrix.os != 'windows-latest' && env.CACHIX_AUTH_TOKEN != '' }}
|
if: ${{ matrix.os != 'windows-latest' && env.CACHIX_AUTH_TOKEN != '' }}
|
||||||
with:
|
with:
|
||||||
authToken: ${{ env.CACHIX_AUTH_TOKEN }}
|
authToken: ${{ env.CACHIX_AUTH_TOKEN }}
|
||||||
name: zoxide
|
name: zoxide
|
||||||
|
|
||||||
- name: Setup cache
|
- name: Setup cache
|
||||||
uses: Swatinem/rust-cache@v1
|
uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b # v1
|
||||||
with:
|
with:
|
||||||
key: ${{ matrix.target }}
|
key: ${{ matrix.target }}
|
||||||
|
|
||||||
|
|||||||
2
.github/workflows/no-response.yml
vendored
2
.github/workflows/no-response.yml
vendored
@ -11,7 +11,7 @@ jobs:
|
|||||||
if: github.repository == 'ajeetdsouza/zoxide'
|
if: github.repository == 'ajeetdsouza/zoxide'
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: lee-dohm/no-response@v0.5.0
|
- uses: lee-dohm/no-response@9bb0a4b5e6a45046f00353d5de7d90fb8bd773bb # v0.5.0
|
||||||
with:
|
with:
|
||||||
token: ${{ github.token }}
|
token: ${{ github.token }}
|
||||||
daysUntilClose: 30
|
daysUntilClose: 30
|
||||||
|
|||||||
23
.github/workflows/release.yml
vendored
23
.github/workflows/release.yml
vendored
@ -6,11 +6,12 @@ on:
|
|||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
env:
|
env:
|
||||||
CARGO_INCREMENTAL: 0
|
CARGO_INCREMENTAL: 0
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
release:
|
release:
|
||||||
name: ${{ matrix.target }}
|
name: ${{ matrix.target }}
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
@ -38,19 +39,19 @@ jobs:
|
|||||||
target: aarch64-pc-windows-msvc
|
target: aarch64-pc-windows-msvc
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Get version
|
- name: Get version
|
||||||
id: get_version
|
id: get_version
|
||||||
uses: SebRollen/toml-action@v1.0.2
|
uses: SebRollen/toml-action@2bd04b06a3ebc3e6a3eb6060de115710cad16cd6 # v1.0.2
|
||||||
with:
|
with:
|
||||||
file: Cargo.toml
|
file: Cargo.toml
|
||||||
field: package.version
|
field: package.version
|
||||||
|
|
||||||
- name: Install Rust
|
- name: Install Rust
|
||||||
uses: actions-rs/toolchain@v1
|
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
|
||||||
with:
|
with:
|
||||||
toolchain: stable
|
toolchain: stable
|
||||||
profile: minimal
|
profile: minimal
|
||||||
@ -58,12 +59,12 @@ jobs:
|
|||||||
target: ${{ matrix.target }}
|
target: ${{ matrix.target }}
|
||||||
|
|
||||||
- name: Setup cache
|
- name: Setup cache
|
||||||
uses: Swatinem/rust-cache@v1
|
uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b # v1
|
||||||
with:
|
with:
|
||||||
key: ${{ matrix.target }}
|
key: ${{ matrix.target }}
|
||||||
|
|
||||||
- name: Build binary
|
- name: Build binary
|
||||||
uses: actions-rs/cargo@v1
|
uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
|
||||||
with:
|
with:
|
||||||
command: build
|
command: build
|
||||||
args: --release --locked --target=${{ matrix.target }} --color=always --verbose
|
args: --release --locked --target=${{ matrix.target }} --color=always --verbose
|
||||||
@ -71,13 +72,13 @@ jobs:
|
|||||||
|
|
||||||
- name: Install cargo-deb
|
- name: Install cargo-deb
|
||||||
if: ${{ matrix.deb == true }}
|
if: ${{ matrix.deb == true }}
|
||||||
uses: actions-rs/install@v0.1
|
uses: actions-rs/install@9da1d2adcfe5e7c16992e8242ca33a56b6d9b101 # v0.1.2
|
||||||
with:
|
with:
|
||||||
crate: cargo-deb
|
crate: cargo-deb
|
||||||
|
|
||||||
- name: Build deb
|
- name: Build deb
|
||||||
if: ${{ matrix.deb == true }}
|
if: ${{ matrix.deb == true }}
|
||||||
uses: actions-rs/cargo@v1
|
uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
|
||||||
with:
|
with:
|
||||||
command: deb
|
command: deb
|
||||||
args: --no-build --no-strip --output=. --target=${{ matrix.target }}
|
args: --no-build --no-strip --output=. --target=${{ matrix.target }}
|
||||||
@ -102,7 +103,7 @@ jobs:
|
|||||||
./target/${{ matrix.target }}/release/zoxide.exe
|
./target/${{ matrix.target }}/release/zoxide.exe
|
||||||
|
|
||||||
- name: Upload artifact
|
- name: Upload artifact
|
||||||
uses: actions/upload-artifact@v2
|
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
|
||||||
with:
|
with:
|
||||||
name: ${{ matrix.target }}
|
name: ${{ matrix.target }}
|
||||||
path: |
|
path: |
|
||||||
@ -112,7 +113,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Create release
|
- name: Create release
|
||||||
if: ${{ github.ref == 'refs/heads/main' && startsWith(github.event.head_commit.message, 'chore(release)') }}
|
if: ${{ github.ref == 'refs/heads/main' && startsWith(github.event.head_commit.message, 'chore(release)') }}
|
||||||
uses: softprops/action-gh-release@v1
|
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
|
||||||
with:
|
with:
|
||||||
draft: true
|
draft: true
|
||||||
files: |
|
files: |
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user