From 7ba301a639df2ac6b52687ea0acf9d8f77a80b69 Mon Sep 17 00:00:00 2001 From: "cid-workflow[bot]" <142626371+cid-workflow[bot]@users.noreply.github.com> Date: Wed, 22 May 2024 21:19:21 +0200 Subject: [PATCH] ci: update cid github actions workflow from 0.0.16 to 0.0.17 (#189) Co-authored-by: cid-workflow[bot] <142626371+cid-workflow[bot]@users.noreply.github.com> --- .github/workflows/cid-ossf.yml | 13 ++++---- .github/workflows/cid-pullrequest.yml | 31 +++++++++--------- .github/workflows/cid.yml | 45 +++++++++++++++------------ 3 files changed, 49 insertions(+), 40 deletions(-) diff --git a/.github/workflows/cid-ossf.yml b/.github/workflows/cid-ossf.yml index 82ad45e..977a750 100644 --- a/.github/workflows/cid-ossf.yml +++ b/.github/workflows/cid-ossf.yml @@ -1,10 +1,10 @@ -# cid-workflow-version: 0.0.16 +# cid-workflow-version: 0.0.17 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! # name -name: OSSF Scorecard +name: CID - OSSF Scorecard on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection @@ -13,8 +13,8 @@ on: # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - cron: '40 23 * * 5' - push: - branches: [ 'main' ] + # Allow manual triggering of the workflow + workflow_dispatch: # Read Permissions. See # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions @@ -36,8 +36,9 @@ jobs: contents: read # required in private repos steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: block allowed-endpoints: >- @@ -62,7 +63,7 @@ jobs: tuf-repo-cdn.sigstore.dev:443 api.securityscorecards.dev:443 - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false - name: OSSF Analysis diff --git a/.github/workflows/cid-pullrequest.yml b/.github/workflows/cid-pullrequest.yml index 8480233..0e17ad3 100644 --- a/.github/workflows/cid-pullrequest.yml +++ b/.github/workflows/cid-pullrequest.yml @@ -1,10 +1,10 @@ -# cid-workflow-version: 0.0.16 +# cid-workflow-version: 0.0.17 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! # name -name: cid-pullrequest +name: CID - PullRequest # triggers on: @@ -26,7 +26,6 @@ on: paths-ignore: - README.md - LICENSE - - .github/** - .gitignore - .editorconfig - renovate.json @@ -91,8 +90,9 @@ jobs: if: ${{ github.event.inputs.loglevel == 'debug' }} steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} @@ -101,7 +101,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: info @@ -123,8 +123,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD }} @@ -133,7 +134,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: build @@ -149,7 +150,7 @@ jobs: path: .dist retention-days: 1 if-no-files-found: ignore - + # test test: name: Test @@ -157,8 +158,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST }} @@ -167,7 +169,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: test @@ -193,8 +195,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN }} @@ -203,17 +206,17 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: download artifacts > build - uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: build-${{ github.run_id }} path: .dist continue-on-error: true - name: download artifacts > test - uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: test-${{ github.run_id }} path: .dist diff --git a/.github/workflows/cid.yml b/.github/workflows/cid.yml index 45498cc..8d0192f 100644 --- a/.github/workflows/cid.yml +++ b/.github/workflows/cid.yml @@ -1,10 +1,10 @@ -# cid-workflow-version: 0.0.16 +# cid-workflow-version: 0.0.17 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! # name -name: cid-main +name: CID - DefaultBranch # triggers on: @@ -28,7 +28,6 @@ on: paths-ignore: - README.md - LICENSE - - .github/** - .gitignore - .editorconfig - renovate.json @@ -93,8 +92,9 @@ jobs: if: ${{ github.event.inputs.loglevel == 'debug' }} steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} @@ -103,7 +103,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: info @@ -125,8 +125,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD }} @@ -135,7 +136,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: build @@ -151,7 +152,7 @@ jobs: path: .dist retention-days: 1 if-no-files-found: ignore - + # test test: name: Test @@ -159,8 +160,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST }} @@ -169,7 +171,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: test @@ -195,8 +197,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN }} @@ -205,17 +208,17 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: download artifacts > build - uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: build-${{ github.run_id }} path: .dist continue-on-error: true - name: download artifacts > test - uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: test-${{ github.run_id }} path: .dist @@ -241,8 +244,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_PACKAGE }} @@ -251,11 +255,11 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: download artifacts > build - uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: build-${{ github.run_id }} path: .dist @@ -287,8 +291,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_PUBLISH }} @@ -297,11 +302,11 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: download artifacts > package - uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: package-${{ github.run_id }} path: .dist