Skip to content

Commit

Permalink
ci: update cid github actions workflow from 0.0.16 to 0.0.17 (#189)
Browse files Browse the repository at this point in the history
Co-authored-by: cid-workflow[bot] <142626371+cid-workflow[bot]@users.noreply.github.com>
  • Loading branch information
cid-workflow[bot] authored May 22, 2024
1 parent 71574dd commit 7ba301a
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 40 deletions.
13 changes: 7 additions & 6 deletions .github/workflows/cid-ossf.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# cid-workflow-version: 0.0.16
# cid-workflow-version: 0.0.17

# This file is generated by the CID Workflow GitHub App.
# DO NOT EDIT!

# name
name: OSSF Scorecard
name: CID - OSSF Scorecard
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
Expand All @@ -13,8 +13,8 @@ on:
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: '40 23 * * 5'
push:
branches: [ 'main' ]
# Allow manual triggering of the workflow
workflow_dispatch:

# Read Permissions. See
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
Expand All @@ -36,8 +36,9 @@ jobs:
contents: read # required in private repos
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: block
allowed-endpoints: >-
Expand All @@ -62,7 +63,7 @@ jobs:
tuf-repo-cdn.sigstore.dev:443
api.securityscorecards.dev:443
- name: Checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
persist-credentials: false
- name: OSSF Analysis
Expand Down
31 changes: 17 additions & 14 deletions .github/workflows/cid-pullrequest.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# cid-workflow-version: 0.0.16
# cid-workflow-version: 0.0.17

# This file is generated by the CID Workflow GitHub App.
# DO NOT EDIT!

# name
name: cid-pullrequest
name: CID - PullRequest

# triggers
on:
Expand All @@ -26,7 +26,6 @@ on:
paths-ignore:
- README.md
- LICENSE
- .github/**
- .gitignore
- .editorconfig
- renovate.json
Expand Down Expand Up @@ -91,8 +90,9 @@ jobs:
if: ${{ github.event.inputs.loglevel == 'debug' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }}
Expand All @@ -101,7 +101,7 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: info
Expand All @@ -123,8 +123,9 @@ jobs:
timeout-minutes: 30
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD }}
Expand All @@ -133,7 +134,7 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: build
Expand All @@ -149,16 +150,17 @@ jobs:
path: .dist
retention-days: 1
if-no-files-found: ignore

# test
test:
name: Test
runs-on: ubuntu-22.04 # https://github.com/actions/runner-images
timeout-minutes: 30
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST }}
Expand All @@ -167,7 +169,7 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: test
Expand All @@ -193,8 +195,9 @@ jobs:
timeout-minutes: 30
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN }}
Expand All @@ -203,17 +206,17 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: download artifacts > build
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: build-${{ github.run_id }}
path: .dist
continue-on-error: true
- name: download artifacts > test
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: test-${{ github.run_id }}
path: .dist
Expand Down
45 changes: 25 additions & 20 deletions .github/workflows/cid.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# cid-workflow-version: 0.0.16
# cid-workflow-version: 0.0.17

# This file is generated by the CID Workflow GitHub App.
# DO NOT EDIT!

# name
name: cid-main
name: CID - DefaultBranch

# triggers
on:
Expand All @@ -28,7 +28,6 @@ on:
paths-ignore:
- README.md
- LICENSE
- .github/**
- .gitignore
- .editorconfig
- renovate.json
Expand Down Expand Up @@ -93,8 +92,9 @@ jobs:
if: ${{ github.event.inputs.loglevel == 'debug' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }}
Expand All @@ -103,7 +103,7 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: info
Expand All @@ -125,8 +125,9 @@ jobs:
timeout-minutes: 30
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD }}
Expand All @@ -135,7 +136,7 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: build
Expand All @@ -151,16 +152,17 @@ jobs:
path: .dist
retention-days: 1
if-no-files-found: ignore

# test
test:
name: Test
runs-on: ubuntu-22.04 # https://github.com/actions/runner-images
timeout-minutes: 30
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST }}
Expand All @@ -169,7 +171,7 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: test
Expand All @@ -195,8 +197,9 @@ jobs:
timeout-minutes: 30
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN }}
Expand All @@ -205,17 +208,17 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: download artifacts > build
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: build-${{ github.run_id }}
path: .dist
continue-on-error: true
- name: download artifacts > test
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: test-${{ github.run_id }}
path: .dist
Expand All @@ -241,8 +244,9 @@ jobs:
timeout-minutes: 30
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_PACKAGE }}
Expand All @@ -251,11 +255,11 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: download artifacts > build
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: build-${{ github.run_id }}
path: .dist
Expand Down Expand Up @@ -287,8 +291,9 @@ jobs:
timeout-minutes: 30
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-telemetry: true
disable-sudo: true
egress-policy: ${{ env.EGRESS_POLICY }}
allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_PUBLISH }}
Expand All @@ -297,11 +302,11 @@ jobs:
with:
version: ${{ env.CID_VERSION }}
- name: checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: download artifacts > package
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: package-${{ github.run_id }}
path: .dist
Expand Down

0 comments on commit 7ba301a

Please sign in to comment.