-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Apply security best practices Signed-off-by: Matthieu MOREL <[email protected]>
- Loading branch information
Showing
22 changed files
with
193 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,13 +7,19 @@ on: | |
pull_request_target: | ||
types: [opened, reopened, ready_for_review] | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
# Automatically assigns reviewers and owner | ||
add-reviews: | ||
permissions: | ||
contents: read # for kentaro-m/auto-assign-action to fetch config file | ||
pull-requests: write # for kentaro-m/auto-assign-action to assign PR reviewers | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Set the author of a PR as the assignee | ||
uses: kentaro-m/[email protected] | ||
uses: kentaro-m/auto-assign-action@f4648c0a9fdb753479e9e75fc251f507ce17bb7e # v2.0.0 | ||
with: | ||
configuration-path: ".github/auto-assignees.yml" | ||
repo-token: "${{ secrets.GITHUB_TOKEN }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,7 +11,7 @@ jobs: | |
runs-on: ubuntu-latest | ||
steps: | ||
- name: Request a PR review based on files types/paths, and/or groups the author belongs to | ||
uses: necojackarc/[email protected] | ||
uses: necojackarc/auto-request-review@e89da1a8cd7c8c16d9de9c6e763290b6b0e3d424 # v0.13.0 | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
config: .github/auto-assignees.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,21 +6,24 @@ on: | |
- "site/**" | ||
- "design/**" | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
# Build the Velero CLI once for all Kubernetes versions, and cache it so the fan-out workers can get it. | ||
build-cli: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out the code | ||
uses: actions/checkout@v4 | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
- name: Set up Go | ||
uses: actions/setup-go@v5 | ||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
with: | ||
go-version-file: 'go.mod' | ||
# Look for a CLI that's made for this PR | ||
- name: Fetch built CLI | ||
id: cache | ||
uses: actions/cache@v4 | ||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
env: | ||
cache-name: cache-velero-cli | ||
with: | ||
|
@@ -55,7 +58,7 @@ jobs: | |
steps: | ||
- name: Fetch built CLI | ||
id: cache | ||
uses: actions/cache@v4 | ||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
env: | ||
cache-name: cache-velero-cli | ||
with: | ||
|
@@ -65,7 +68,7 @@ jobs: | |
# This key controls the prefixes that we'll look at in the cache to restore from | ||
restore-keys: | | ||
velero-${{ github.event.pull_request.number }}- | ||
- uses: engineerd/[email protected] | ||
- uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 | ||
with: | ||
version: "v0.21.0" | ||
image: "kindest/node:v${{ matrix.k8s }}" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,28 +6,31 @@ on: | |
paths-ignore: | ||
- "site/**" | ||
- "design/**" | ||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
# Build the Velero CLI and image once for all Kubernetes versions, and cache it so the fan-out workers can get it. | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out the code | ||
uses: actions/checkout@v4 | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
- name: Set up Go | ||
uses: actions/setup-go@v5 | ||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
with: | ||
go-version-file: 'go.mod' | ||
# Look for a CLI that's made for this PR | ||
- name: Fetch built CLI | ||
id: cli-cache | ||
uses: actions/cache@v4 | ||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
with: | ||
path: ./_output/bin/linux/amd64/velero | ||
# The cache key a combination of the current PR number and the commit SHA | ||
key: velero-cli-${{ github.event.pull_request.number }}-${{ github.sha }} | ||
- name: Fetch built image | ||
id: image-cache | ||
uses: actions/cache@v4 | ||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
with: | ||
path: ./velero.tar | ||
# The cache key a combination of the current PR number and the commit SHA | ||
|
@@ -66,27 +69,27 @@ jobs: | |
fail-fast: false | ||
steps: | ||
- name: Check out the code | ||
uses: actions/checkout@v4 | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
- name: Set up Go | ||
uses: actions/setup-go@v5 | ||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
with: | ||
go-version-file: 'go.mod' | ||
- name: Install MinIO | ||
run: | ||
docker run -d --rm -p 9000:9000 -e "MINIO_ACCESS_KEY=minio" -e "MINIO_SECRET_KEY=minio123" -e "MINIO_DEFAULT_BUCKETS=bucket,additional-bucket" bitnami/minio:2021.6.17-debian-10-r7 | ||
- uses: engineerd/[email protected] | ||
- uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 | ||
with: | ||
version: "v0.21.0" | ||
image: "kindest/node:v${{ matrix.k8s }}" | ||
- name: Fetch built CLI | ||
id: cli-cache | ||
uses: actions/cache@v4 | ||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
with: | ||
path: ./_output/bin/linux/amd64/velero | ||
key: velero-cli-${{ github.event.pull_request.number }}-${{ github.sha }} | ||
- name: Fetch built Image | ||
id: image-cache | ||
uses: actions/cache@v4 | ||
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
with: | ||
path: ./velero.tar | ||
key: velero-image-${{ github.event.pull_request.number }}-${{ github.sha }} | ||
|
@@ -121,7 +124,7 @@ jobs: | |
timeout-minutes: 30 | ||
- name: Upload debug bundle | ||
if: ${{ failure() }} | ||
uses: actions/upload-artifact@v4 | ||
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | ||
with: | ||
name: DebugBundle | ||
path: /home/runner/work/velero/velero/test/e2e/debug-bundle* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,25 @@ | ||
name: Pull Request Linter Check | ||
on: [pull_request] | ||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
|
||
build: | ||
permissions: | ||
contents: read # for actions/checkout to fetch code | ||
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests | ||
name: Run Linter Check | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out the code | ||
uses: actions/checkout@v4 | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
- name: Set up Go | ||
uses: actions/setup-go@v5 | ||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | ||
with: | ||
go-version-file: 'go.mod' | ||
- name: Linter check | ||
uses: golangci/golangci-lint-action@v6 | ||
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 | ||
with: | ||
version: v1.57.2 | ||
args: --verbose |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,7 +9,7 @@ jobs: | |
execute: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: jpmcb/[email protected] | ||
- uses: jpmcb/prow-github-actions@f4d01dd4b13f289014c23fe5a19878a2479cb35b # v1.1.3 | ||
with: | ||
# TODO: before allowing the /lgtm command, see if we can block merging if changelog labels are missing. | ||
prow-commands: | | ||
|
Oops, something went wrong.