JDM170/build
1
0
Fork 0
mirror of https://github.com/armbian/build synced 2025-09-24 19:47:06 +07:00
Code Issues Packages Projects Releases Wiki Activity

actions: Run YAML formatter over all workflow files

Browse Source
This commit is contained in:
ColorfulRhino
2024-07-10 00:42:34 +02:00
committed by Igor
parent 2a27fdd4d0
commit 6f664c92fd
10 changed files with 87 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build-board-list.yml vendored
View File

@@ -4,8 +4,8 @@ run-name: Update board list at armbian/os - Pushed commit "${{ github.event.push
on:
push:
paths:
- 'config/boards/*.*'
branches: [ main ]
- "config/boards/*.*"
branches: [main]
jobs:
update-board-list-dispatch:

4
.github/workflows/build-train.yml vendored
View File

@@ -4,9 +4,9 @@ run-name: Run build train - Pushed commit "${{ github.event.push.head_commit.mes
on:
push:
branches:
- 'main'
- "main"
paths:
- 'config/*.config'
- "config/*.config"
jobs:
build-train-dispatch:

19
.github/workflows/labels-from-yml.yml vendored
View File

@@ -5,27 +5,28 @@ on:
workflow_dispatch:
push:
branches:
- 'main'
- "main"
paths:
- '.github/labels.yml'
- ".github/labels.yml"
pull_request:
paths:
- '.github/labels.yml'
- ".github/labels.yml"
jobs:
labeler:
permissions:
contents: read # for actions/labeler to determine modified files
pull-requests: write # for actions/labeler to add labels to PRs
contents: read # for actions/labeler to determine modified files
pull-requests: write # for actions/labeler to add labels to PRs
issues: write # for actions/labeler to add labels to issues
if: ${{ github.repository_owner == 'Armbian' }}
runs-on: ubuntu-latest
steps:
-
name: Checkout
- name: Checkout
uses: actions/checkout@v4
-
name: Run Labeler
- name: Run Labeler
uses: crazy-max/ghaction-github-labeler@v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

1
.github/workflows/open-jira-ticket.yml vendored
View File

@@ -8,6 +8,7 @@ jobs:
sync:
name: Sync Items
runs-on: ubuntu-latest
steps:
- name: Sync
uses: igorpecovnik/github-action-issue-to-jira@master

19
.github/workflows/pr-auto-labeler.yml vendored
View File

@@ -5,28 +5,27 @@ run-name: 'Set labels - PR #${{ github.event.pull_request.number }} ("${{ github
#
on:
- pull_request_target
- pull_request_target
jobs:
label-category:
permissions:
contents: read # for actions/labeler to determine modified files
pull-requests: write # for actions/labeler to add labels to PRs
contents: read # for actions/labeler to determine modified files
pull-requests: write # for actions/labeler to add labels to PRs
name: "Category labels"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/labeler@v5
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
- uses: actions/checkout@v4
- uses: actions/labeler@v5
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
label-size:
permissions:
contents: read # for pascalgn/size-label-action to determine modified files
pull-requests: write # for pascalgn/size-label-action to add labels to PRs
contents: read # for pascalgn/size-label-action to determine modified files
pull-requests: write # for pascalgn/size-label-action to add labels to PRs
name: "Size label"
runs-on: ubuntu-latest

17
.github/workflows/pr-build-artifacts.yml vendored
View File

@@ -10,7 +10,6 @@ on:
types: [opened, reopened, synchronize, labeled]
jobs:
Check:
permissions:
pull-requests: read
@@ -21,17 +20,15 @@ jobs:
outputs:
member: ${{ steps.checkUserMember.outputs.isTeamMember }}
steps:
- uses: tspascoal/get-user-teams-membership@v3
id: checkUserMember
with:
username: ${{ github.actor }}
organization: armbian
team: "Release manager"
GITHUB_TOKEN: ${{ secrets.ORG_MEMBERS }}
- uses: tspascoal/get-user-teams-membership@v3
id: checkUserMember
with:
username: ${{ github.actor }}
organization: armbian
team: "Release manager"
GITHUB_TOKEN: ${{ secrets.ORG_MEMBERS }}
Compile:
needs: Check
name: Generate artifacts
concurrency:

48
.github/workflows/pr-kernel-security-analysis.yml vendored
View File

@@ -21,36 +21,34 @@ concurrency:
cancel-in-progress: true
jobs:
Analysis:
name: Check kernel security options
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'Armbian' }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: a13xp0p0v/kconfig-hardened-check
path: kconfig-hardened-check
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: a13xp0p0v/kconfig-hardened-check
path: kconfig-hardened-check
- name: Check kernel config for security issues
# Run kernel-hardening-checker for each kernel config file excluding RISC-V configs, since they are not supported yet.
# See https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
# sed explanation: 1) Put spaces in front of every line 2) replace colored output with emojis since GitHub Actions job summaries don't support colored output
run: |
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
if [[ "${file}" = config/kernel/*.config && ! $(head -n 10 "${file}" | grep -q "riscv") ]]; then
kconfig-hardened-check/bin/kernel-hardening-checker -m show_fail -c $file | sed 's/^/ /; s/\x1b\[32m/✅ /; s/\x1b\[31m/❌ /; s/\x1b\[0m//' >> $GITHUB_STEP_SUMMARY
fi
done
- name: Check kernel config for security issues
# Run kernel-hardening-checker for each kernel config file excluding RISC-V configs, since they are not supported yet.
# See https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
# sed explanation: 1) Put spaces in front of every line 2) replace colored output with emojis since GitHub Actions job summaries don't support colored output
run: |
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
if [[ "${file}" = config/kernel/*.config && ! $(head -n 10 "${file}" | grep -q "riscv") ]]; then
kconfig-hardened-check/bin/kernel-hardening-checker -m show_fail -c $file | sed 's/^/ /; s/\x1b\[32m/✅ /; s/\x1b\[31m/❌ /; s/\x1b\[0m//' >> $GITHUB_STEP_SUMMARY
fi
done

50
.github/workflows/pr-lint-scripts.yml vendored
View File

@@ -17,45 +17,43 @@ concurrency:
cancel-in-progress: true
jobs:
Shellcheck:
name: Shell script analysis
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'Armbian' }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
- name: List all changed files
run: |
- name: List all changed files
run: |
# Use framework internal mechanism for checking `lib` and `extensions` code only one file is passed,
# and source's are followed, thus the whole project is "understood" by shellcheck.
# For example, when checking individual files, one variable might be thought "unused" because it
# is only used in another file, which does not happen when done properly.
# Use framework internal mechanism for checking `lib` and `extensions` code only one file is passed,
# and source's are followed, thus the whole project is "understood" by shellcheck.
# For example, when checking individual files, one variable might be thought "unused" because it
# is only used in another file, which does not happen when done properly.
bash lib/tools/shellcheck.sh
bash lib/tools/shellcheck.sh
ret=0
ret=0
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
if [[ ! "${file}" =~ lib/|extensions/|.py|.service|.rules|.network|.netdev ]]; then
if grep -qE "^#\!/.*bash" $file; then
if [[ ! "${file}" =~ lib/|extensions/|.py|.service|.rules|.network|.netdev ]]; then
if grep -qE "^#\!/.*bash" $file; then
shellcheck --severity=error $file || ret=$?
shellcheck --severity=error $file || ret=$?
fi
fi
fi
fi
done
done
exit $ret
exit $ret

9
.github/workflows/rebase.yml vendored
View File

@@ -4,7 +4,6 @@ run-name: Check comment for `/rebase`
# If you comment "/rebase" to the PR this Action will rebase the PR
#
on:
issue_comment:
types: [created]
@@ -12,18 +11,20 @@ on:
jobs:
rebase:
permissions:
contents: write # for cirrus-actions/rebase to push code to rebase
pull-requests: read # for cirrus-actions/rebase to get info about PR
contents: write # for cirrus-actions/rebase to push code to rebase
pull-requests: read # for cirrus-actions/rebase to get info about PR
name: Rebase
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
runs-on: ubuntu-latest
steps:
- name: Checkout the latest code
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
- name: Automatic Rebase
uses: cirrus-actions/rebase@1.8
env:

8
.github/workflows/scorecard.yml vendored
View File

@@ -6,9 +6,9 @@ on:
branch_protection_rule:
schedule:
# Weekly on Saturdays.
- cron: '30 1 * * 6'
- cron: "30 1 * * 6"
push:
branches: [ main ]
branches: [main]
# Declare default permissions as read only.
permissions: read-all
@@ -44,8 +44,8 @@ jobs:
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here.
publish_results: true