aboutsummaryrefslogtreecommitdiffstats
path: root/.github/workflows/profile-checks.yml
Commit message (Collapse)AuthorAge
* merges, disable sort.py in profile checks temporarely, two more private-etc ↵Libravatar netblue302023-02-14
| | | | profiles
* ci: profile-checks: comment private-etc-always-required.shLibravatar Kelvin M. Klann2023-01-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This check was broken by commit 34d004892 ("private-etc: corss-distro test for curl, gimp, inkscape, firefox, warzone2100", 2023-01-28). private-etc is currently being reworked and the files in question may no longer be required. Output of running the check: $ ./ci/check/profiles/private-etc-always-required.sh etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile etc/profile-a-l/curl.profile misses alternatives etc/profile-a-l/curl.profile misses ld.so.cache etc/profile-a-l/curl.profile misses ld.so.preload etc/profile-a-l/firefox-common.profile misses alternatives etc/profile-a-l/firefox-common.profile misses ld.so.cache etc/profile-a-l/firefox-common.profile misses ld.so.preload etc/profile-a-l/gimp.profile misses alternatives etc/profile-a-l/gimp.profile misses ld.so.cache etc/profile-a-l/gimp.profile misses ld.so.preload etc/profile-a-l/inkscape.profile misses alternatives etc/profile-a-l/inkscape.profile misses ld.so.cache etc/profile-a-l/inkscape.profile misses ld.so.preload etc/profile-m-z/warzone2100.profile misses alternatives etc/profile-m-z/warzone2100.profile misses ld.so.cache etc/profile-m-z/warzone2100.profile misses ld.so.preload Relates to #4643 #5610.
* build(deps): bump step-security/harden-runner from 2.0.0 to 2.1.0Libravatar dependabot[bot]2023-01-17
| | | | | | | | | | | | | | Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5...18bf8ad2ca49c14cbb28b91346d626ccfb00c518) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump actions/checkout from 3.2.0 to 3.3.0Libravatar dependabot[bot]2023-01-09
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/755da8c3cf115ac066823e79a1e1788f8940201b...ac593985615ec2ede58e132d2e21d2b1cbd6127c) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump actions/checkout from 3.1.0 to 3.2.0Libravatar dependabot[bot]2022-12-19
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8...755da8c3cf115ac066823e79a1e1788f8940201b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* profile-checks.yml: sort paths-ignoreLibravatar Kelvin M. Klann2022-11-27
| | | | | See commit 9bf5e453c ("ci: sort items on paths-ignore lists", 2022-07-12) / PR #5481 for details.
* Run profile-ckeck on workflow editsLibravatar rusty-snake2022-11-27
|
* Workflows: Change egress-policy to block (#5485)Libravatar rusty-snake2022-11-27
|
* Workflows: Change egress-policy to blockLibravatar rusty-snake2022-11-26
|
* ci: sort items on paths-ignore listsLibravatar Kelvin M. Klann2022-11-24
| | | | | | | | | | | | | Leave quotes only on paths with wildcards so that they are sorted before normal paths, then sort everything. Note that in the current workflow files, ignored directories always use wildcards, so this also ensures that ignored directories (along with all other paths with wildcards) are always listed before ignored files (similarly to `--group-directories-first` in GNU `ls`). This order is similar to the one on .github/workflows/profile-checks.yml.
* build(deps): bump step-security/harden-runner from 1.5.0 to 2.0.0dependabot/github_actions/step-security/harden-runner-2.0.0Libravatar dependabot[bot]2022-11-14
| | | | | | | | | | | | | | Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 1.5.0 to 2.0.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/2e205a28d0e1da00c5f53b161f4067b052c61f34...ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* [StepSecurity] ci: Harden GitHub ActionsLibravatar StepSecurity Bot2022-10-31
| | | Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
* build(deps): bump actions/checkout from 3.0.2 to 3.1.0Libravatar dependabot[bot]2022-10-10
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/2541b1294d2704b0964813337f33b291d3f8596b...93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* CI: bump ubuntu to 22.04 and use newer compilers / analyzersLibravatar Reiner Herrmann2022-07-30
|
* build(deps): bump actions/checkout from 3.0.1 to 3.0.2Libravatar dependabot[bot]2022-04-25
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/dcd71f646680f2efd8db4afa5ad64fdcba30e748...2541b1294d2704b0964813337f33b291d3f8596b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump actions/checkout from 3.0.0 to 3.0.1Libravatar dependabot[bot]2022-04-18
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a12a3943b4bdde767164f792f33f40b04645d846...dcd71f646680f2efd8db4afa5ad64fdcba30e748) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* Bump actions/checkout from 2.4.0 to 3Libravatar dependabot[bot]2022-03-08
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/ec3a7ce113134d7a93b817d10a8272cb61118579...a12a3943b4bdde767164f792f33f40b04645d846) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* CI: pin GitHub actions to SHAsLibravatar Topi Miettinen2021-12-26
| | | | | | Pinning actions to SHAs instead of versions improves the supply chain security: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
* Add Profile ChecksLibravatar rusty-snake2021-10-29
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 17:46:12 +0000