bo0tzz
64000d9d76
feat: static analysis job for gha workflows ( #17688 )
...
* fix: set persist-credentials explicitly for checkout
https://woodruffw.github.io/zizmor/audits/#artipacked
* fix: minimize permissions scope for workflows
https://woodruffw.github.io/zizmor/audits/#excessive-permissions
* fix: remove potential template injections
https://woodruffw.github.io/zizmor/audits/#template-injection
* fix: only pass needed secrets in workflow_call
https://woodruffw.github.io/zizmor/audits/#secrets-inherit
* fix: push perm for single-arch build jobs
I hadn't realised these push to the registry too :x
* chore: fix formatting
* fix: $
* fix: retag job quoting
* feat: static analysis job for gha workflows
* chore: fix formatting
* fix: clear last zizmor checks
* fix: broken merge
---------
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
2025-04-23 15:49:06 +00:00
bo0tzz
504930947d
fix: various actions workflow security improvements ( #17651 )
...
* fix: set persist-credentials explicitly for checkout
https://woodruffw.github.io/zizmor/audits/#artipacked
* fix: minimize permissions scope for workflows
https://woodruffw.github.io/zizmor/audits/#excessive-permissions
* fix: remove potential template injections
https://woodruffw.github.io/zizmor/audits/#template-injection
* fix: only pass needed secrets in workflow_call
https://woodruffw.github.io/zizmor/audits/#secrets-inherit
* fix: push perm for single-arch build jobs
I hadn't realised these push to the registry too :x
* chore: fix formatting
* fix: $
* fix: retag job quoting
---------
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
2025-04-18 15:10:27 -05:00
Nicholas Flamy
9e015c7f97
feat: lint workflow files and others files in .github ( #16914 )
...
* add npm prettier dep and format script to .github folder
* initial work on prettier formatting test
* attempt index notation
* change name of .github job to be valid
* another use of index notation
this is getting overcomplicated
* Change job ID to `github-files-formatting` and chane the name to `.github Files Checks`
* Change job name to `.github Files Formatting`
* Update Makefile with .github module and `filter-out`s
* run prettier formatting as added in this PR
2025-03-24 10:49:18 -05:00
renovate[bot]
9105e696bf
chore(deps): pin github action dependencies ( #16923 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-17 17:25:14 +00:00
Zack Pollard
0d6bef2c05
ci: job naming improvements and success job for matrix ( #12316 )
...
Co-authored-by: bo0tzz <git@bo0tzz.me>
2024-09-04 23:28:30 +01:00
Zack Pollard
441b009a0b
ci: more path filtering, path filtering happens in pre-job so all jobs can be required ( #12260 )
...
ci: don't use gha path filtering, use a pre-job to skip instead, add path filtering to more workflows
2024-09-03 13:23:39 +01:00
Zack Pollard
8fc4ce14ab
feat: split preview and archives to different pages projects ( #9878 )
2024-05-30 10:01:17 +01:00
Zack Pollard
8315488b99
ci: use extracted PR number for messaging PRs from forks & remove approval ( #9865 )
...
* ci: use extracted PR number for messaging PRs from forks
* ci: remove required approval to deploy docs for PRs from forks
2024-05-29 18:59:06 +01:00
Zack Pollard
61051ba479
ci: search for pull request when docs are deploying from a fork ( #9858 )
2024-05-29 19:39:39 +02:00
Zack Pollard
30e18aba69
feat(ci): website deployment IaC and github actions ( #9857 )
...
* feat(ci): Docs build workflow
* chore(ci): Remove docs from test workflow
* feat(ci): Docs deployment workflow
* fix: )
* fix(ci): Docs build artifact upload path
* fix(ci): Small fixes, logging
* fix: Parse parameters
* feat(ci): Download docs artifact
* feat(ci): Comment docs preview url on PR
* fix(ci): Download artifacts through github-script
* chore(ci): Add TODO
* nit: Tweak log message
* feat: website deployment iac and github actions
---------
Co-authored-by: bo0tzz <git@bo0tzz.me>
2024-05-29 18:11:07 +01:00
