diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-04-10 06:00:25 -0300 |
---|---|---|
committer | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2023-04-10 09:23:47 +0000 |
commit | 03a1f471c468df5ffd62d94b18571af3d631cdbd (patch) | |
tree | f7ea4731ca04f7d3b8c28169f748c5b8110a1ff5 /.github | |
parent | build(deps): bump step-security/harden-runner from 2.2.1 to 2.3.0 (diff) | |
download | firejail-03a1f471c468df5ffd62d94b18571af3d631cdbd.tar.gz firejail-03a1f471c468df5ffd62d94b18571af3d631cdbd.tar.zst firejail-03a1f471c468df5ffd62d94b18571af3d631cdbd.zip |
ci: fix codeql unable to download its own bundle
Due to step-security/harden-runner blocking access to
objects.githubusercontent.com.
Log from a recent run of CodeQL[1] [2]:
##[group]Setup CodeQL tools
Did not find CodeQL tools version 2.12.6 in the toolcache.
Downloading CodeQL tools from https://github.com/github/codeql-action/releases/download/codeql-bundle-20230403/codeql-bundle-linux64.tar.gz. This may take a while.
connect ECONNREFUSED 54.185.253.63:443
Waiting 13 seconds before trying again
connect ECONNREFUSED 54.185.253.63:443
Waiting 12 seconds before trying again
##[error]connect ECONNREFUSED 54.185.253.63:443
##[error]Unable to download and extract CodeQL CLI
Post job cleanup.
[...]
Mon, 10 Apr 2023 07:20:18 GMT:endpoint called ip address:port 140.82.112.4:443, domain: github.com.
Mon, 10 Apr 2023 07:20:20 GMT:endpoint called ip address:port 140.82.112.6:443, domain: api.github.com.
Mon, 10 Apr 2023 07:20:23 GMT:domain not allowed: objects.githubusercontent.com.
Mon, 10 Apr 2023 07:20:23 GMT:ip address dropped: 54.185.253.63
Mon, 10 Apr 2023 07:20:23 GMT:endpoint called ip address:port 140.82.112.4:443, domain: github.com.
Mon, 10 Apr 2023 07:20:23 GMT:endpoint called ip address:port 54.185.253.63:443, domain: objects.githubusercontent.com.
Mon, 10 Apr 2023 07:20:35 GMT:domain not allowed: api.snapcraft.io.
[1] https://github.com/netblue30/firejail/pull/5781
[2] https://github.com/netblue30/firejail/actions/runs/4655304231/jobs/8238131624
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3a112fdc2..aaa21053f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -81,6 +81,7 @@ jobs: | |||
81 | allowed-endpoints: > | 81 | allowed-endpoints: > |
82 | api.github.com:443 | 82 | api.github.com:443 |
83 | github.com:443 | 83 | github.com:443 |
84 | objects.githubusercontent.com:443 | ||
84 | uploads.github.com:443 | 85 | uploads.github.com:443 |
85 | 86 | ||
86 | - name: Checkout repository | 87 | - name: Checkout repository |