From 0d4593cb5e11ceeb542baff8dfd7ae72e0398aaa Mon Sep 17 00:00:00 2001 From: MuneebAijaz Date: Mon, 19 Aug 2024 10:22:29 +0500 Subject: [PATCH 1/4] Misc fixes to workflows --- .github/workflows/push.yaml | 1 + .github/workflows/release.yaml | 16 +--------------- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 8667b23ab..5999ce58d 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -27,6 +27,7 @@ jobs: with: token: ${{ secrets.STAKATER_GITHUB_TOKEN }} fetch-depth: 0 # otherwise, you will fail to push refs to dest repo + submodules: recursive # Setting up helm binary - name: Set up Helm diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 20dbebe6e..dda7b45d7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -24,6 +24,7 @@ jobs: with: token: ${{ secrets.STAKATER_GITHUB_TOKEN }} fetch-depth: 0 # otherwise, you will fail to push refs to dest repo + submodules: recursive # Setting up helm binary - name: Set up Helm @@ -171,22 +172,7 @@ jobs: org.opencontainers.image.created=${{ steps.prep.outputs.created }} org.opencontainers.image.revision=${{ github.sha }} - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - docs: - - '.markdownlint.yaml' - - '.vale.ini' - - 'Dockerfile-docs' - - 'docs-nginx.conf' - - 'docs/**' - - 'README.md' - - 'theme_common' - - 'theme_override' - - name: Build and Push Docker Image for Docs to ghcr registry - if: steps.filter.outputs.docs == 'true' uses: docker/build-push-action@v5 with: context: . From 4654e047cf63f368d0ed43045bce542ac85e8dc8 Mon Sep 17 00:00:00 2001 From: MuneebAijaz Date: Tue, 20 Aug 2024 18:14:56 +0500 Subject: [PATCH 2/4] test --- .github/workflows/pull_request.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 004666da2..b06c3d508 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -36,6 +36,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: + token: ${{ secrets.STAKATER_GITHUB_TOKEN }} ref: ${{github.event.pull_request.head.sha}} fetch-depth: 0 From 80a1578beb21e13138a2f4b9810e1ffbe1c7a534 Mon Sep 17 00:00:00 2001 From: MuneebAijaz Date: Tue, 20 Aug 2024 18:20:06 +0500 Subject: [PATCH 3/4] permissions --- .github/workflows/pull_request.yaml | 7 +++++-- .github/workflows/push.yaml | 4 ++++ .github/workflows/release.yaml | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index b06c3d508..96dbde7ab 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -28,15 +28,18 @@ jobs: MD_CONFIG: .github/md_config.json DOC_SRC: README.md MD_LINT_CONFIG: .markdownlint.yaml + build: + + permissions: + contents: read + runs-on: ubuntu-latest name: Build - if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')" steps: - name: Check out code uses: actions/checkout@v4 with: - token: ${{ secrets.STAKATER_GITHUB_TOKEN }} ref: ${{github.event.pull_request.head.sha}} fetch-depth: 0 diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 5999ce58d..e4ab8111f 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -17,6 +17,10 @@ env: jobs: build: + + permissions: + contents: read + name: Build if: github.event.pull_request.merged == true runs-on: ubuntu-latest diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index dda7b45d7..fd54c25a0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -15,6 +15,10 @@ env: jobs: build: + + permissions: + contents: read + name: GoReleaser build runs-on: ubuntu-latest From babe5b07a98d4f9a4a950d15cb9bb689485e808c Mon Sep 17 00:00:00 2001 From: MuneebAijaz Date: Tue, 20 Aug 2024 18:21:32 +0500 Subject: [PATCH 4/4] permissions --- .github/workflows/push.yaml | 1 + .github/workflows/release.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index e4ab8111f..f4c9ae571 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -20,6 +20,7 @@ jobs: permissions: contents: read + packages: write # to push artifacts to `ghcr.io` name: Build if: github.event.pull_request.merged == true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index fd54c25a0..9cd9bd8e2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -18,6 +18,7 @@ jobs: permissions: contents: read + packages: write # to push artifacts to `ghcr.io` name: GoReleaser build runs-on: ubuntu-latest