feat: Upgrade Reusable GitHub Actions version (#2989)
* feat: Upgrade Github Actions versions * fix: Fix supply chain scorecard * fix: Remove ubuntu-4-core instances as they are redundant * fix: Upgrade also CodeQL
This commit is contained in:
Antonis Stamatiou
GitHub
parent
81c3a07412
commit
6c3eced3e9
|
|
@ -1,6 +1,6 @@
|
|||
root = true
|
||||
|
||||
[*]
|
||||
[*.{js|ts}]
|
||||
end_of_line = lf
|
||||
charset = utf-8
|
||||
indent_style = space
|
||||
|
|
|
|||
28
.github/workflows/build-for-pr.yml
vendored
28
.github/workflows/build-for-pr.yml
vendored
|
|
@ -14,15 +14,15 @@ env:
|
|||
|
||||
jobs:
|
||||
build-linux-for-pr:
|
||||
runs-on: ubuntu-latest-4-cores
|
||||
runs-on: ubuntu-22.04
|
||||
if: ${{ github.event.label.name == 'Build Apps for PR' }}
|
||||
steps:
|
||||
- name: ci/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
- name: ci/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -42,7 +42,7 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/linux
|
||||
- name: ci/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-linux
|
||||
path: ./build/linux
|
||||
|
|
@ -53,18 +53,18 @@ jobs:
|
|||
if: ${{ github.event.label.name == 'Build Apps for PR' }}
|
||||
steps:
|
||||
- name: ci/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
- name: ci/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
cache-dependency-path: package-lock.json
|
||||
- name: ci/cache-node-modules
|
||||
id: cache-node-modules
|
||||
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
|
||||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
|
||||
with:
|
||||
path: node_modules
|
||||
key: ${{ runner.os }}-build-node-modules-${{ hashFiles('**/package-lock.json') }}
|
||||
|
|
@ -85,18 +85,18 @@ jobs:
|
|||
- windows-install-deps
|
||||
steps:
|
||||
- name: ci/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
- name: ci/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
cache-dependency-path: package-lock.json
|
||||
- name: ci/cache-node-modules
|
||||
id: cache-node-modules
|
||||
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
|
||||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
|
||||
with:
|
||||
path: node_modules
|
||||
key: ${{ runner.os }}-build-node-modules-${{ hashFiles('package-lock.json') }}
|
||||
|
|
@ -129,7 +129,7 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/win
|
||||
- name: ci/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-windows
|
||||
path: ./build/win
|
||||
|
|
@ -140,11 +140,11 @@ jobs:
|
|||
if: ${{ github.event.label.name == 'Build Apps for PR' }}
|
||||
steps:
|
||||
- name: ci/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
- name: ci/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -171,7 +171,7 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/macos/
|
||||
- name: ci/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-macos
|
||||
path: ./build/macos/
|
||||
|
|
|
|||
40
.github/workflows/ci.yaml
vendored
40
.github/workflows/ci.yaml
vendored
|
|
@ -11,12 +11,12 @@ env:
|
|||
|
||||
jobs:
|
||||
build-linux:
|
||||
runs-on: ubuntu-latest-4-cores
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: ci/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: ci/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -38,13 +38,13 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/linux
|
||||
- name: ci/upload-test-results
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: linux-test-results
|
||||
path: test-results.xml
|
||||
retention-days: 5
|
||||
- name: ci/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-linux
|
||||
path: ./build/linux
|
||||
|
|
@ -54,16 +54,16 @@ jobs:
|
|||
runs-on: windows-2022
|
||||
steps:
|
||||
- name: ci/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: ci/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
cache-dependency-path: package-lock.json
|
||||
- name: ci/cache-node-modules
|
||||
id: cache-node-modules
|
||||
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
|
||||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
|
||||
with:
|
||||
path: node_modules
|
||||
key: ${{ runner.os }}-build-node-modules-${{ hashFiles('**/package-lock.json') }}
|
||||
|
|
@ -88,16 +88,16 @@ jobs:
|
|||
- windows-install-deps
|
||||
steps:
|
||||
- name: ci/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: ci/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
cache-dependency-path: package-lock.json
|
||||
- name: ci/cache-node-modules
|
||||
id: cache-node-modules
|
||||
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
|
||||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
|
||||
with:
|
||||
path: node_modules
|
||||
key: ${{ runner.os }}-build-node-modules-${{ hashFiles('package-lock.json') }}
|
||||
|
|
@ -130,13 +130,13 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/win
|
||||
- name: ci/upload-test-results
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: windows-test-results
|
||||
path: test-results.xml
|
||||
retention-days: 5
|
||||
- name: ci/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-windows
|
||||
path: ./build/win
|
||||
|
|
@ -146,9 +146,9 @@ jobs:
|
|||
runs-on: macos-12
|
||||
steps:
|
||||
- name: ci/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: ci/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -169,13 +169,13 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/macos/
|
||||
- name: ci/upload-test-results
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: macos-test-results
|
||||
path: test-results.xml
|
||||
retention-days: 5
|
||||
- name: ci/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-macos
|
||||
path: ./build/macos/
|
||||
|
|
@ -193,17 +193,17 @@ jobs:
|
|||
pull-requests: write
|
||||
steps:
|
||||
- name: ci/download-macos-test-results
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
|
||||
with:
|
||||
name: macos-test-results
|
||||
path: macos-test-results
|
||||
- name: ci/download-windows-test-results
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
|
||||
with:
|
||||
name: windows-test-results
|
||||
path: windows-test-results
|
||||
- name: ci/download-linux-test-results
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
|
||||
with:
|
||||
name: linux-test-results
|
||||
path: linux-test-results
|
||||
|
|
|
|||
14
.github/workflows/codeql-analysis.yml
vendored
14
.github/workflows/codeql-analysis.yml
vendored
|
|
@ -7,7 +7,7 @@ on:
|
|||
# The branches below must be a subset of the branches above
|
||||
branches: [master]
|
||||
schedule:
|
||||
- cron: '0 0 * * 0'
|
||||
- cron: "0 0 * * 0"
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
|
@ -18,25 +18,23 @@ jobs:
|
|||
security-events: write
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
language: [ 'javascript' ]
|
||||
|
||||
language: ["javascript"]
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v2
|
||||
uses: github/codeql-action/init@423a04bb2cb7cd2643007122588f1387778f14d0 # v2.16.5
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
config-file: ./.github/codeql/codeql-config.yml
|
||||
|
||||
# Autobuild attempts to build any compiled languages
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@v2
|
||||
uses: github/codeql-action/autobuild@423a04bb2cb7cd2643007122588f1387778f14d0 # v2.16.5
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v2
|
||||
uses: github/codeql-action/analyze@423a04bb2cb7cd2643007122588f1387778f14d0 # v2.16.5
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ on:
|
|||
default: false
|
||||
cmt:
|
||||
type: boolean
|
||||
description: "True if this is Comatibility Matrix Testing"
|
||||
description: "True if this is Compatibility Matrix Testing"
|
||||
required: false
|
||||
default: false
|
||||
outputs:
|
||||
|
|
|
|||
27
.github/workflows/e2e-performance.yml
vendored
27
.github/workflows/e2e-performance.yml
vendored
|
|
@ -13,16 +13,13 @@ jobs:
|
|||
build:
|
||||
if: ${{ github.event.label.name == 'Run E2E Performance Tests' }}
|
||||
runs-on: ${{ matrix.os }}
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ubuntu-latest]
|
||||
node-version: [16]
|
||||
|
||||
steps:
|
||||
|
||||
- name: Add start comment
|
||||
uses: actions/github-script@v6
|
||||
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
||||
with:
|
||||
script: |
|
||||
github.rest.issues.createComment({
|
||||
|
|
@ -35,13 +32,13 @@ jobs:
|
|||
- name: Set env variable for timestamp
|
||||
run: echo "NOW=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
|
||||
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
||||
- name: Use Node.js ${{ matrix.node-version }}
|
||||
uses: actions/setup-node@v2
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version: ${{ matrix.node-version }}
|
||||
cache: 'npm'
|
||||
cache: "npm"
|
||||
|
||||
- name: Install packages
|
||||
run: sudo apt-get install libxtst-dev libpng++-dev
|
||||
|
|
@ -53,7 +50,7 @@ jobs:
|
|||
run: ELECTRON_DISABLE_SANDBOX=1 xvfb-run --auto-servernum --server-args="-screen 0 1280x960x24" -- npm run test:e2e:performance
|
||||
|
||||
- name: Upload artifact to Github
|
||||
uses: actions/upload-artifact@v3
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: perf-test-report.json
|
||||
path: ${{ env.RESULTS_PATH }}
|
||||
|
|
@ -72,7 +69,7 @@ jobs:
|
|||
run: aws s3 cp ${{ env.RESULTS_PATH }} s3://${{ secrets.AWS_BUCKET_PERFORMANCE_TESTS }}/${{ github.head_ref }}-${{ github.sha }}-${{ env.NOW }}.json
|
||||
|
||||
- name: Add results in PR comment
|
||||
uses: actions/github-script@v6
|
||||
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
||||
with:
|
||||
script: |
|
||||
const fs = require('fs');
|
||||
|
|
@ -87,7 +84,13 @@ jobs:
|
|||
|
||||
- name: Remove "Run E2E Performance Tests" label
|
||||
if: always()
|
||||
uses: actions-ecosystem/action-remove-labels@v1
|
||||
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
||||
continue-on-error: true # Label might have been removed manually
|
||||
with:
|
||||
labels: |
|
||||
Run E2E Performance Tests
|
||||
script: |
|
||||
github.rest.issues.removeLabel({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
name: 'Run E2E Performance Tests',
|
||||
});
|
||||
|
|
|
|||
2
.github/workflows/nightly-builds.yaml
vendored
2
.github/workflows/nightly-builds.yaml
vendored
|
|
@ -12,7 +12,7 @@ jobs:
|
|||
tag: ${{ steps.tag-creation.outputs.tag }}
|
||||
steps:
|
||||
- name: nightly/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: nightly/patch-version
|
||||
uses: ./.github/actions/patch-nightly-version
|
||||
- name: nightly/create-nightly-build-tag
|
||||
|
|
|
|||
26
.github/workflows/nightly-main.yml
vendored
26
.github/workflows/nightly-main.yml
vendored
|
|
@ -28,11 +28,11 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: ci/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.REFERENCE }}
|
||||
- name: ci/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -52,7 +52,7 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/linux
|
||||
- name: ci/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-nightly-main
|
||||
path: ./build
|
||||
|
|
@ -62,11 +62,11 @@ jobs:
|
|||
runs-on: windows-2022
|
||||
steps:
|
||||
- name: nightly/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.REFERENCE }}
|
||||
- name: nightly/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -102,7 +102,7 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/win-release
|
||||
- name: nightly/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-nightly-main
|
||||
path: ./build
|
||||
|
|
@ -120,11 +120,11 @@ jobs:
|
|||
CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_CSC_LINK }}
|
||||
steps:
|
||||
- name: nightly/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.REFERENCE }}
|
||||
- name: nightly/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -150,11 +150,11 @@ jobs:
|
|||
- mac-app-store-preflight
|
||||
steps:
|
||||
- name: nightly/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.REFERENCE }}
|
||||
- name: nightly/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -182,7 +182,7 @@ jobs:
|
|||
- name: nightly/rename-arm64-to-m1
|
||||
run: rename 's/arm64/m1/' ./build/macos-release/$(jq -r .version package.json)/*
|
||||
- name: nightly/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-nightly-main
|
||||
path: ./build
|
||||
|
|
@ -198,7 +198,7 @@ jobs:
|
|||
- build-linux
|
||||
steps:
|
||||
- name: nightly/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.REFERENCE }}
|
||||
- name: nightly/setup-aws-credentials
|
||||
|
|
@ -208,7 +208,7 @@ jobs:
|
|||
aws-access-key-id: ${{ secrets.MM_DESKTOP_RELEASE_AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.MM_DESKTOP_RELEASE_AWS_SECRET_ACCESS_KEY }}
|
||||
- name: nightly/download-builds
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
|
||||
with:
|
||||
name: build-nightly-main
|
||||
path: build
|
||||
|
|
|
|||
16
.github/workflows/nightly-rainforest.yml
vendored
16
.github/workflows/nightly-rainforest.yml
vendored
|
|
@ -30,11 +30,11 @@ jobs:
|
|||
runs-on: windows-2022
|
||||
steps:
|
||||
- name: nightly/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.REFERENCE }}
|
||||
- name: nightly/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -70,7 +70,7 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/win
|
||||
- name: nightly/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-rainforest
|
||||
path: ./build
|
||||
|
|
@ -80,11 +80,11 @@ jobs:
|
|||
runs-on: macos-12
|
||||
steps:
|
||||
- name: nightly/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.REFERENCE }}
|
||||
- name: nightly/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -112,7 +112,7 @@ jobs:
|
|||
- name: nightly/rename-arm64-to-m1
|
||||
run: rename 's/arm64/m1/' ./build/macos/$(jq -r .version package.json)/*
|
||||
- name: nightly/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build-rainforest
|
||||
path: ./build
|
||||
|
|
@ -125,7 +125,7 @@ jobs:
|
|||
- build-msi-installer
|
||||
steps:
|
||||
- name: nightly/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.REFERENCE }}
|
||||
- name: nightly/setup-aws-credentials
|
||||
|
|
@ -135,7 +135,7 @@ jobs:
|
|||
aws-access-key-id: ${{ secrets.MM_DESKTOP_DAILY_AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.MM_DESKTOP_DAILY_AWS_SECRET_ACCESS_KEY }}
|
||||
- name: nightly/download-builds
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
|
||||
with:
|
||||
name: build-rainforest
|
||||
path: build
|
||||
|
|
|
|||
4
.github/workflows/release-mas.yaml
vendored
4
.github/workflows/release-mas.yaml
vendored
|
|
@ -26,9 +26,9 @@ jobs:
|
|||
CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_CSC_LINK }}
|
||||
steps:
|
||||
- name: release/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: release/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
|
|||
30
.github/workflows/release.yaml
vendored
30
.github/workflows/release.yaml
vendored
|
|
@ -19,7 +19,7 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: release/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: release/notify-channel
|
||||
run: |
|
||||
jq --null-input \
|
||||
|
|
@ -30,14 +30,14 @@ jobs:
|
|||
curl -i -H "Content-Type: application/json" -X POST -d @/tmp/webhook-data.json ${{ secrets.MM_DESKTOP_RELEASE_WEBHOOK_URL }} || echo "NOFICATION FAILED! check logs as this will succeed intentionally"
|
||||
|
||||
build-linux:
|
||||
runs-on: ubuntu-latest-4-cores
|
||||
runs-on: ubuntu-22.04
|
||||
needs:
|
||||
- begin-notification
|
||||
steps:
|
||||
- name: release/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: release/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -59,7 +59,7 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/linux
|
||||
- name: release/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build
|
||||
path: ./build
|
||||
|
|
@ -71,9 +71,9 @@ jobs:
|
|||
- begin-notification
|
||||
steps:
|
||||
- name: release/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: release/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -110,7 +110,7 @@ jobs:
|
|||
bash -x ./scripts/patch_updater_yml.sh
|
||||
bash -x ./scripts/cp_artifacts.sh release ./build/win-release
|
||||
- name: release/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build
|
||||
path: ./build
|
||||
|
|
@ -122,9 +122,9 @@ jobs:
|
|||
- begin-notification
|
||||
steps:
|
||||
- name: release/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: release/setup-node
|
||||
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
||||
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
|
||||
with:
|
||||
node-version-file: "package.json"
|
||||
cache: "npm"
|
||||
|
|
@ -154,7 +154,7 @@ jobs:
|
|||
- name: release/rename-arm64-to-m1
|
||||
run: rename 's/arm64/m1/' ./build/macos-release/$(jq -r .version package.json)/*
|
||||
- name: release/upload-build
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: build
|
||||
path: ./build
|
||||
|
|
@ -174,7 +174,7 @@ jobs:
|
|||
aws-access-key-id: ${{ secrets.MM_DESKTOP_RELEASE_AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.MM_DESKTOP_RELEASE_AWS_SECRET_ACCESS_KEY }}
|
||||
- name: release/download-builds
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
|
||||
- name: release/setup-files-for-aws
|
||||
run: |
|
||||
mkdir -p ./aws-s3-dist
|
||||
|
|
@ -188,9 +188,9 @@ jobs:
|
|||
- upload-to-s3
|
||||
steps:
|
||||
- name: release/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: release/download-builds
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
|
||||
- name: release/setup-files-for-github-release
|
||||
run: |
|
||||
mkdir -p ./ghr-dist
|
||||
|
|
@ -211,7 +211,7 @@ jobs:
|
|||
- github-release
|
||||
steps:
|
||||
- name: release/checkout-repo
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: release/notify-channel
|
||||
|
|
|
|||
24
.github/workflows/scorecards-analysis.yml
vendored
24
.github/workflows/scorecards-analysis.yml
vendored
|
|
@ -3,7 +3,7 @@ on:
|
|||
# Only the default branch is supported.
|
||||
branch_protection_rule:
|
||||
schedule:
|
||||
- cron: '44 7 * * 5'
|
||||
- cron: "44 7 * * 5"
|
||||
push:
|
||||
branches: [master]
|
||||
|
||||
|
|
@ -15,34 +15,26 @@ jobs:
|
|||
name: Scorecards analysis
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
# Needed to upload the results to code-scanning dashboard.
|
||||
# Needed if using Code scanning alerts
|
||||
security-events: write
|
||||
actions: read
|
||||
contents: read
|
||||
|
||||
# Needed for GitHub OIDC token if publish_results is true
|
||||
id-token: write
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: "Run analysis"
|
||||
uses: ossf/scorecard-action@v2.2.0
|
||||
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
# Read-only PAT token. To create it,
|
||||
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
|
||||
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
|
||||
# Publish the results to enable scorecard badges. For more details, see
|
||||
# https://github.com/ossf/scorecard-action#publishing-results.
|
||||
# For private repositories, `publish_results` will automatically be set to `false`,
|
||||
# regardless of the value entered here.
|
||||
publish_results: true
|
||||
|
||||
# Upload the results as artifacts (optional).
|
||||
- name: "Upload artifact"
|
||||
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
|
|
@ -50,6 +42,6 @@ jobs:
|
|||
|
||||
# Upload the results to GitHub's code scanning dashboard.
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
|
||||
uses: github/codeql-action/upload-sarif@423a04bb2cb7cd2643007122588f1387778f14d0 # v2.16.5
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
|
|
|||
Loading…
Reference in a new issue