mirrors/sprout
1
0
Fork 0
mirror of https://github.com/edera-dev/sprout.git synced 2025-12-19 10:10:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

repair github actions warnings and errors

Browse Source
This commit is contained in:
Alex Zenla
2025-10-19 01:26:35 -07:00
parent 7a488ad91b
commit a750b0f6d1
5 changed files with 24 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/dependabot.yaml vendored
View File

@@ -4,6 +4,8 @@ updates:
directory: / directory: /
schedule: schedule:
interval: weekly interval: weekly
cooldown:
default-days: 7
groups: groups:
actions-updates: actions-updates:
dependency-type: production dependency-type: production
@@ -15,6 +17,8 @@ updates:
directory: / directory: /
schedule: schedule:
interval: weekly interval: weekly
cooldown:
default-days: 7
groups: groups:
cargo-updates: cargo-updates:
dependency-type: production dependency-type: production

7
.github/workflows/ci-actions.yaml vendored
View File

@@ -14,8 +14,11 @@ jobs:
name: zizmor name: zizmor
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
# write is needed to upload security events to GitHub code scanning.
security-events: write security-events: write
# we only need to read the contents of the repository.
contents: read contents: read
# we only need to read the action metadata.
actions: read actions: read
steps: steps:
- name: harden runner - name: harden runner
@@ -34,10 +37,10 @@ jobs:
- name: zizmor - name: zizmor
run: uvx zizmor --pedantic --format sarif . > results.sarif run: uvx zizmor --pedantic --format sarif . > results.sarif
env: env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: upload - name: upload
uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4 uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4
with: with:
sarif_file: results.sarif sarif_file: results.sarif
category: zizmor category: zizmor

1
.github/workflows/ci-code.yaml vendored
View File

@@ -9,6 +9,7 @@ on:
- main - main
permissions: permissions:
# we only need to read the contents of the repository.
contents: read contents: read
jobs: jobs:

4
.github/workflows/release-assets.yaml vendored
View File

@@ -12,6 +12,7 @@ jobs:
assets: assets:
name: assets name: assets
permissions: permissions:
# write is needed to upload release artifacts.
contents: write contents: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -34,7 +35,8 @@ jobs:
run: ./hack/assemble.sh run: ./hack/assemble.sh
- name: 'upload release artifacts' - name: 'upload release artifacts'
run: ./hack/ci/upload-release-assets.sh "${{ github.event.release.tag_name }}" run: ./hack/ci/upload-release-assets.sh
env: env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
RELEASE_TAG: "${{ github.event.release.tag_name }}"
if: ${{ github.event_name == 'release' }} if: ${{ github.event_name == 'release' }}

21
hack/ci/upload-release-assets.sh
View File

@@ -2,18 +2,19 @@
set -e set -e
retry() { retry() {
for i in $(seq 1 10); do for i in $(seq 1 10); do
if "${@}"; then if "${@}"; then
return 0 return 0
else else
sleep "${i}" sleep "${i}"
fi fi
done done
"${@}" "${@}"
} }
TAG="${1}" if [ -z "${RELEASE_TAG}" ]; then
shift exit 1
fi
cd target/assemble cd target/assemble