Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make CI a little bit safer #13933

Merged
merged 1 commit into from
Jan 3, 2025
Merged

Make CI a little bit safer #13933

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/workflows/clippy_dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ jobs:
# Setup
- name: Checkout
uses: actions/checkout@v4
with:
# Unsetting this would make so that any malicious package could get our Github Token
persist-credentials: false

# Run
- name: Build
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/clippy_mq.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ jobs:
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
# Unsetting this would make so that any malicious package could get our Github Token
persist-credentials: false

# Run
- name: Check Changelog
Expand Down Expand Up @@ -63,6 +65,8 @@ jobs:
# Setup
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install i686 dependencies
if: matrix.host == 'i686-unknown-linux-gnu'
Expand Down Expand Up @@ -121,6 +125,8 @@ jobs:
# Setup
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install toolchain
run: rustup show active-toolchain
Expand All @@ -136,6 +142,8 @@ jobs:
# Setup
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install toolchain
run: rustup show active-toolchain
Expand Down Expand Up @@ -188,6 +196,8 @@ jobs:
# Setup
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install toolchain
run: rustup show active-toolchain
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/clippy_pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ jobs:
# Setup
- name: Checkout
uses: actions/checkout@v4
with:
# Unsetting this would make so that any malicious package could get our Github Token
persist-credentials: false

- name: Install toolchain
run: rustup show active-toolchain
Expand Down
10 changes: 9 additions & 1 deletion .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,27 @@ jobs:
# Setup
- name: Checkout
uses: actions/checkout@v4
with:
# Unsetting this would make so that any malicious package could get our Github Token
persist-credentials: false

- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ env.TARGET_BRANCH }}
path: 'out'
# Unsetting this would make so that any malicious package could get our Github Token
persist-credentials: false

# Run
- name: Set tag name
if: startswith(github.ref, 'refs/tags/')
run: |
TAG=$(basename ${{ github.ref }})
TAG=$(basename "${TAGNAME}")
echo "TAG_NAME=$TAG" >> $GITHUB_ENV
env:
# Make sure that the reference gets expanded before injecting it
TAGNAME: ${{ github.ref }}
- name: Set beta to true
if: github.ref == 'refs/heads/beta'
run: echo "BETA=true" >> $GITHUB_ENV
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/lintcheck.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 2
# Unsetting this would make so that any malicious package could get our Github Token
persist-credentials: false

# HEAD is the generated merge commit `refs/pull/N/merge` between the PR and `master`, `HEAD^`
# being the commit from `master` that is the base of the merge
Expand Down Expand Up @@ -73,6 +75,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Unsetting this would make so that any malicious package could get our Github Token
persist-credentials: false

- name: Cache lintcheck bin
id: cache-lintcheck-bin
Expand Down Expand Up @@ -103,6 +108,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Unsetting this would make so that any malicious package could get our Github Token
persist-credentials: false

- name: Restore lintcheck bin
uses: actions/cache/restore@v4
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/remark.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ jobs:
# Setup
- name: Checkout
uses: actions/checkout@v4
with:
# Unsetting this would make so that any malicious package could get our Github Token
persist-credentials: false

- name: Setup Node.js
uses: actions/setup-node@v4
Expand Down
Loading