JDM170/build
1
0
Fork 0
mirror of https://github.com/armbian/build synced 2025-09-24 19:47:06 +07:00
Code Issues Packages Projects Releases Wiki Activity

actions: Run YAML formatter over all workflow files

Browse Source
This commit is contained in:
ColorfulRhino
2024-07-10 00:42:34 +02:00
committed by Igor
parent 2a27fdd4d0
commit 6f664c92fd
10 changed files with 87 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build-board-list.yml vendored
View File

@@ -4,8 +4,8 @@ run-name: Update board list at armbian/os - Pushed commit "${{ github.event.push
on: on:
push: push:
paths: paths:
- 'config/boards/*.*' - "config/boards/*.*"
branches: [ main ] branches: [main]
jobs: jobs:
update-board-list-dispatch: update-board-list-dispatch:

4
.github/workflows/build-train.yml vendored
View File

@@ -4,9 +4,9 @@ run-name: Run build train - Pushed commit "${{ github.event.push.head_commit.mes
on: on:
push: push:
branches: branches:
- 'main' - "main"
paths: paths:
- 'config/*.config' - "config/*.config"
jobs: jobs:
build-train-dispatch: build-train-dispatch:

19
.github/workflows/labels-from-yml.yml vendored
View File

@@ -5,27 +5,28 @@ on:
workflow_dispatch: workflow_dispatch:
push: push:
branches: branches:
- 'main' - "main"
paths: paths:
- '.github/labels.yml' - ".github/labels.yml"
pull_request: pull_request:
paths: paths:
- '.github/labels.yml' - ".github/labels.yml"
jobs: jobs:
labeler: labeler:
permissions: permissions:
contents: read # for actions/labeler to determine modified files contents: read # for actions/labeler to determine modified files
pull-requests: write # for actions/labeler to add labels to PRs pull-requests: write # for actions/labeler to add labels to PRs
issues: write # for actions/labeler to add labels to issues issues: write # for actions/labeler to add labels to issues
if: ${{ github.repository_owner == 'Armbian' }} if: ${{ github.repository_owner == 'Armbian' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- - name: Checkout
name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
-
name: Run Labeler - name: Run Labeler
uses: crazy-max/ghaction-github-labeler@v5 uses: crazy-max/ghaction-github-labeler@v5
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}

1
.github/workflows/open-jira-ticket.yml vendored
View File

@@ -8,6 +8,7 @@ jobs:
sync: sync:
name: Sync Items name: Sync Items
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Sync - name: Sync
uses: igorpecovnik/github-action-issue-to-jira@master uses: igorpecovnik/github-action-issue-to-jira@master

19
.github/workflows/pr-auto-labeler.yml vendored
View File

@@ -5,28 +5,27 @@ run-name: 'Set labels - PR #${{ github.event.pull_request.number }} ("${{ github
# #
on: on:
- pull_request_target - pull_request_target
jobs: jobs:
label-category: label-category:
permissions: permissions:
contents: read # for actions/labeler to determine modified files contents: read # for actions/labeler to determine modified files
pull-requests: write # for actions/labeler to add labels to PRs pull-requests: write # for actions/labeler to add labels to PRs
name: "Category labels" name: "Category labels"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/labeler@v5 - uses: actions/labeler@v5
with: with:
repo-token: "${{ secrets.GITHUB_TOKEN }}" repo-token: "${{ secrets.GITHUB_TOKEN }}"
label-size: label-size:
permissions: permissions:
contents: read # for pascalgn/size-label-action to determine modified files contents: read # for pascalgn/size-label-action to determine modified files
pull-requests: write # for pascalgn/size-label-action to add labels to PRs pull-requests: write # for pascalgn/size-label-action to add labels to PRs
name: "Size label" name: "Size label"
runs-on: ubuntu-latest runs-on: ubuntu-latest

17
.github/workflows/pr-build-artifacts.yml vendored
View File

@@ -10,7 +10,6 @@ on:
types: [opened, reopened, synchronize, labeled] types: [opened, reopened, synchronize, labeled]
jobs: jobs:
Check: Check:
permissions: permissions:
pull-requests: read pull-requests: read
@@ -21,17 +20,15 @@ jobs:
outputs: outputs:
member: ${{ steps.checkUserMember.outputs.isTeamMember }} member: ${{ steps.checkUserMember.outputs.isTeamMember }}
steps: steps:
- uses: tspascoal/get-user-teams-membership@v3
- uses: tspascoal/get-user-teams-membership@v3 id: checkUserMember
id: checkUserMember with:
with: username: ${{ github.actor }}
username: ${{ github.actor }} organization: armbian
organization: armbian team: "Release manager"
team: "Release manager" GITHUB_TOKEN: ${{ secrets.ORG_MEMBERS }}
GITHUB_TOKEN: ${{ secrets.ORG_MEMBERS }}
Compile: Compile:
needs: Check needs: Check
name: Generate artifacts name: Generate artifacts
concurrency: concurrency:

48
.github/workflows/pr-kernel-security-analysis.yml vendored
View File

@@ -21,36 +21,34 @@ concurrency:
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
Analysis: Analysis:
name: Check kernel security options name: Check kernel security options
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'Armbian' }} if: ${{ github.repository_owner == 'Armbian' }}
steps: steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout repository - name: Get changed files
uses: actions/checkout@v4 id: changed-files
with: uses: tj-actions/changed-files@v44
fetch-depth: 0
- name: Get changed files - name: Checkout repository
id: changed-files uses: actions/checkout@v4
uses: tj-actions/changed-files@v44 with:
repository: a13xp0p0v/kconfig-hardened-check
path: kconfig-hardened-check
- name: Checkout repository - name: Check kernel config for security issues
uses: actions/checkout@v4 # Run kernel-hardening-checker for each kernel config file excluding RISC-V configs, since they are not supported yet.
with: # See https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
repository: a13xp0p0v/kconfig-hardened-check # sed explanation: 1) Put spaces in front of every line 2) replace colored output with emojis since GitHub Actions job summaries don't support colored output
path: kconfig-hardened-check run: |
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
- name: Check kernel config for security issues if [[ "${file}" = config/kernel/*.config && ! $(head -n 10 "${file}" | grep -q "riscv") ]]; then
# Run kernel-hardening-checker for each kernel config file excluding RISC-V configs, since they are not supported yet. kconfig-hardened-check/bin/kernel-hardening-checker -m show_fail -c $file | sed 's/^/ /; s/\x1b\[32m/✅ /; s/\x1b\[31m/❌ /; s/\x1b\[0m//' >> $GITHUB_STEP_SUMMARY
# See https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56 fi
# sed explanation: 1) Put spaces in front of every line 2) replace colored output with emojis since GitHub Actions job summaries don't support colored output done
run: |
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
if [[ "${file}" = config/kernel/*.config && ! $(head -n 10 "${file}" | grep -q "riscv") ]]; then
kconfig-hardened-check/bin/kernel-hardening-checker -m show_fail -c $file | sed 's/^/ /; s/\x1b\[32m/✅ /; s/\x1b\[31m/❌ /; s/\x1b\[0m//' >> $GITHUB_STEP_SUMMARY
fi
done

50
.github/workflows/pr-lint-scripts.yml vendored
View File

@@ -17,45 +17,43 @@ concurrency:
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
Shellcheck: Shellcheck:
name: Shell script analysis name: Shell script analysis
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'Armbian' }} if: ${{ github.repository_owner == 'Armbian' }}
steps: steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Checkout repository - name: Get changed files
uses: actions/checkout@v4 id: changed-files
with: uses: tj-actions/changed-files@v44
fetch-depth: 2
- name: Get changed files - name: List all changed files
id: changed-files run: |
uses: tj-actions/changed-files@v44
- name: List all changed files # Use framework internal mechanism for checking `lib` and `extensions` code only one file is passed,
run: | # and source's are followed, thus the whole project is "understood" by shellcheck.
# For example, when checking individual files, one variable might be thought "unused" because it
# is only used in another file, which does not happen when done properly.
# Use framework internal mechanism for checking `lib` and `extensions` code only one file is passed, bash lib/tools/shellcheck.sh
# and source's are followed, thus the whole project is "understood" by shellcheck.
# For example, when checking individual files, one variable might be thought "unused" because it
# is only used in another file, which does not happen when done properly.
bash lib/tools/shellcheck.sh ret=0
ret=0 for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do if [[ ! "${file}" =~ lib/|extensions/|.py|.service|.rules|.network|.netdev ]]; then
if grep -qE "^#\!/.*bash" $file; then
if [[ ! "${file}" =~ lib/|extensions/|.py|.service|.rules|.network|.netdev ]]; then shellcheck --severity=error $file || ret=$?
if grep -qE "^#\!/.*bash" $file; then
shellcheck --severity=error $file || ret=$? fi
fi
fi done
fi
done exit $ret
exit $ret

9
.github/workflows/rebase.yml vendored
View File

@@ -4,7 +4,6 @@ run-name: Check comment for `/rebase`
# If you comment "/rebase" to the PR this Action will rebase the PR # If you comment "/rebase" to the PR this Action will rebase the PR
# #
on: on:
issue_comment: issue_comment:
types: [created] types: [created]
@@ -12,18 +11,20 @@ on:
jobs: jobs:
rebase: rebase:
permissions: permissions:
contents: write # for cirrus-actions/rebase to push code to rebase contents: write # for cirrus-actions/rebase to push code to rebase
pull-requests: read # for cirrus-actions/rebase to get info about PR pull-requests: read # for cirrus-actions/rebase to get info about PR
name: Rebase name: Rebase
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout the latest code - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0 # otherwise, you will fail to push refs to dest repo fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
- name: Automatic Rebase - name: Automatic Rebase
uses: cirrus-actions/rebase@1.8 uses: cirrus-actions/rebase@1.8
env: env:

8
.github/workflows/scorecard.yml vendored
View File

@@ -6,9 +6,9 @@ on:
branch_protection_rule: branch_protection_rule:
schedule: schedule:
# Weekly on Saturdays. # Weekly on Saturdays.
- cron: '30 1 * * 6' - cron: "30 1 * * 6"
push: push:
branches: [ main ] branches: [main]
# Declare default permissions as read only. # Declare default permissions as read only.
permissions: read-all permissions: read-all
@@ -44,8 +44,8 @@ jobs:
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results for public repositories to enable scorecard badges. For more details, see # Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results. # https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless # For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here. # of the value entered here.
publish_results: true publish_results: true