Minecon724/dncurrency
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

more changes regarding github actions security hardening (#3088)

Browse source 
https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
This commit is contained in:
Russel Waters 2021-01-25 14:01:53 -08:00 committed by GitHub
commit ac6c097095
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 36 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.github/workflows/analyzers.yml vendored
View file

@ -7,7 +7,7 @@ jobs:
runs-on: ubuntu-18.04
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@50fbc62
- uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e
- name: Get clang-format 8
env:
DEBIAN_FRONTEND: noninteractive
@ -19,12 +19,12 @@ jobs:
runs-on: ubuntu-18.04
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@50fbc62
- uses: actions/setup-python@41b7212
- uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e
- uses: actions/setup-python@41b7212b1668f5de9d65e9c82aa777e6bbedb3a8
with:
python-version: '3.x'
architecture: 'x64'
- uses: BSFishy/pip-action@8f2d471
- uses: BSFishy/pip-action@8f2d471d809dc20b6ada98c91910b6ae6243f318
with:
packages: |
cmake-format

10
.github/workflows/beta_artifacts.yml vendored
View file

@ -24,7 +24,7 @@ jobs:
- name: tag
run: |
echo "TAG=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}
@ -47,7 +47,7 @@ jobs:
- name: tag
run: |
echo "TAG=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}
@ -72,7 +72,7 @@ jobs:
- name: tag
run: |
echo "TAG=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}
@ -86,7 +86,7 @@ jobs:
env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to ghcr.io
uses: docker/login-action@adb7347
uses: docker/login-action@adb73476b6e06caddec5db0bc1deacbec8cdd947
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@ -101,7 +101,7 @@ jobs:
- name: tag
run: |
Write-Output "TAG=${{ github.event.inputs.ref }}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}

4
.github/workflows/develop.yml vendored
View file

@ -8,13 +8,13 @@ jobs:
linux_job:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps
run: ci/actions/linux/install_deps.sh
- name: Login to ghcr.io
uses: docker/login-action@adb7347
uses: docker/login-action@adb73476b6e06caddec5db0bc1deacbec8cdd947
with:
registry: ghcr.io
username: ${{ github.repository_owner }}

10
.github/workflows/live_artifacts.yml vendored
View file

@ -23,7 +23,7 @@ jobs:
- name: tag
run: |
echo "TAG=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}
@ -46,7 +46,7 @@ jobs:
- name: tag
run: |
echo "TAG=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}
@ -71,7 +71,7 @@ jobs:
- name: tag
run: |
echo "TAG=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}
@ -85,7 +85,7 @@ jobs:
env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to ghcr.io
uses: docker/login-action@adb7347
uses: docker/login-action@adb73476b6e06caddec5db0bc1deacbec8cdd947
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@ -100,7 +100,7 @@ jobs:
- name: tag
run: |
Write-Output "TAG=${{ github.event.inputs.ref }}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}

8
.github/workflows/release_tests.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
env:
BOOST_ROOT: /tmp/boost
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
@ -27,7 +27,7 @@ jobs:
runs-on: ubuntu-18.04
timeout-minutes: 60
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
@ -40,7 +40,7 @@ jobs:
runs-on: ubuntu-18.04
timeout-minutes: 60
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
@ -53,7 +53,7 @@ jobs:
runs-on: windows-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps

6
.github/workflows/rocksdb_release_tests.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
env:
BOOST_ROOT: /tmp/boost
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps
@ -27,7 +27,7 @@ jobs:
runs-on: ubuntu-18.04
timeout-minutes: 60
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps
@ -39,7 +39,7 @@ jobs:
runs-on: ubuntu-18.04
timeout-minutes: 60
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps

8
.github/workflows/rocksdb_tests.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
DEADLINE_SCALE_FACTOR: 2
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps
@ -28,7 +28,7 @@ jobs:
timeout-minutes: 60
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps
@ -41,7 +41,7 @@ jobs:
timeout-minutes: 60
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps
@ -57,7 +57,7 @@ jobs:
DEADLINE_SCALE_FACTOR: 2
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Windows Defender

10
.github/workflows/test_network_artifacts.yml vendored
View file

@ -24,7 +24,7 @@ jobs:
- name: tag
run: |
echo "TAG=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}
@ -47,7 +47,7 @@ jobs:
- name: tag
run: |
echo "TAG=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}
@ -72,7 +72,7 @@ jobs:
- name: tag
run: |
echo "TAG=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}
@ -86,7 +86,7 @@ jobs:
env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to ghcr.io
uses: docker/login-action@adb7347
uses: docker/login-action@adb73476b6e06caddec5db0bc1deacbec8cdd947
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@ -101,7 +101,7 @@ jobs:
- name: tag
run: |
Write-Output "TAG=${{ github.event.inputs.ref }}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
ref: ${{ github.event.inputs.ref }}

8
.github/workflows/tests.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
BOOST_ROOT: /tmp/boost
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps
@ -26,7 +26,7 @@ jobs:
timeout-minutes: 60
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps
@ -39,7 +39,7 @@ jobs:
timeout-minutes: 60
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Fetch Deps
@ -52,7 +52,7 @@ jobs:
timeout-minutes: 60
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
steps:
- uses: actions/checkout@5a4ac90
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
submodules: "recursive"
- name: Windows Defender