Sean Bowe
fccdb03c53
Add additional audits.
2023-04-03 16:41:07 -06:00
Jack Grigg
feb1f41ce6
CI: Check out both the base and PR branches for "recent base" check
...
This should hopefully ensure that we end up with a single Git repository
that has both branches in it, enabling `git merge-base --is-ancestor` to
work correctly.
2023-03-16 16:22:28 +00:00
Jack Grigg
ac3568a557
CI: Provide `write` permission for `pull-requests`
...
The "recent base" check attempts to remove a label from the PR being
checked, which uses the `issues` API. But a `write` permission for the
`issues` API appears to be insufficient.
2023-03-16 15:51:20 +00:00
Jack Grigg
5c316e8d50
CI: Remove most usages of `actions-rs` actions
...
These actions are unmaintained. The only one we continue to use is
`actions-rs/clippy-check` because there is no suitable alternative.
2023-03-16 15:38:15 +00:00
Jack Grigg
41997a5ac3
CI: Use `github.head_ref` instead of `HEAD` for "recent base" check
...
The `pull_request_target` event causes `actions/checkout` to check out
the target branch (e.g. the main repo's `master` branch) instead of the
PR's branch. This meant that after zcash/zcash#6487 merged, the check
would always pass (because the queried revision is always present in the
history of `master`). `github.head_ref` correctly points to the tip of
the PR's branch, ensuring that `git merge-base --is-ancestor` performs
the expected comparison.
2023-03-15 15:33:05 +00:00
Jack Grigg
8a33c66a68
CI: Include explicit `failure()` condition in "recent base" check
...
This is necessary to override the default `success()` status check, and
allow the narrowing condition to function correctly.
2023-03-15 02:48:55 +00:00
Jack Grigg
08347f40fc
CI: Fetch all history for "recent base" check
...
This ensures that the branch history containing the commit in question
is present.
2023-03-15 02:44:48 +00:00
Jack Grigg
e67a0d746c
CI: Fix permissions for Checks workflow
2023-03-14 14:14:47 +00:00
Jack Grigg
07cdc1cb4a
CI: Check that the PR branch has a sufficiently recent base for Tekton
...
This provides an explicit error message to PR authors telling them if
they need to rebase, avoiding the rediscovery of known breaking changes
to Tekton CI compatibility.
2023-03-13 17:42:48 +00:00
Jack Grigg
56ee27ed7b
depends: Update Rust to 1.68.0
2023-03-09 16:31:21 +00:00
Jack Grigg
d01129e752
depends: Update Rust to 1.67.1
2023-02-16 15:45:29 +00:00
Jack Grigg
baf7d9e24a
depends: Update Rust to 1.64.0
2022-09-23 02:27:01 +00:00
Alex
9d4b6795c8
build: update book.yml
...
Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>
2022-09-19 12:24:18 +02:00
Hennadii Stepanov
3cf26a1c4f
script: Lint Gitian descriptors with ShellCheck
...
(cherry picked from commit bitcoin/bitcoin@14aded46df )
Zcash: Applies CI change to GitHub Actions workflow.
2022-08-20 03:15:12 +00:00
Jack Grigg
c11cf55b5b
CI: Enforce shell lints to prevent regression
2022-08-19 22:40:36 +00:00
Jack Grigg
3bf9022d51
CI: Migrate to published versions of cargo-vet
2022-08-17 08:20:39 +00:00
Jack Grigg
e27190d00a
depends: Update Rust to 1.63.0
2022-08-11 15:51:57 +00:00
Jack Grigg
93422e8fe2
depends: Update Rust to 1.62.1
2022-08-10 22:57:46 +00:00
nathannaveen
a5b468a6ec
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
2022-06-27 00:59:00 +00:00
Jack Grigg
dbcd7b396e
CI: Add workflow that runs `cargo vet --locked`
2022-06-09 17:00:15 +00:00
dependabot[bot]
6e96680a0c
Bump actions/checkout from 2 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 01:10:19 +00:00
Jack Grigg
b2b178bd21
lint: Add check that every Cargo patch has a matching replacement
...
We canonicalize git URLs when linting Cargo patches, because Cargo
treats `path/to/repo` and `path/to/repo.git` identically (and similarly
it strips a trailing slash), so we allow `.cargo/config.offline` and
`Cargo.toml` to mismatch in this way to minimise lints.
2022-04-07 02:14:52 +00:00
Jack Grigg
21430b13ac
depends: Update Rust to 1.59.0
2022-03-01 00:09:18 +00:00
Jack Grigg
9fd44c76fa
CI: Add Pyflakes to lints workflow
2021-11-18 14:45:39 +00:00
Jack Grigg
ba7aaf1e7c
CI: Ignore errors from general lints we don't yet have passing
...
Once we have made the necessary backports or changes to get these lints
to pass, we can remove the corresponding ignores to prevent regression.
2021-08-24 16:02:34 +01:00
Jack Grigg
73a33efa43
CI: Use Rust 1.54 for lints
2021-07-30 18:36:42 +01:00
Jack Grigg
4026386cac
CI: Add Rust lints
2021-07-14 23:11:02 +01:00
Jack Grigg
b54b416d68
CI: Check scripted diffs
2021-07-14 22:58:05 +01:00
Jack Grigg
29280b9821
CI: Add workflow that runs general lints
2021-07-14 22:19:40 +01:00
Jack Grigg
93a46e303d
CI: Build book with latest mdbook
...
`mdbook-katex` is installed from crates.io, and if it doesn't use the
same version of `mdbook` it can cause build issues.
2021-06-13 08:04:26 +01:00
Jack Grigg
20abdb0e04
CI: Publish correct book directory
2021-06-13 08:04:26 +01:00
Jack Grigg
6962a9a3d3
CI: Correctly build zcashd book
2021-02-25 15:00:33 +00:00
Jack Grigg
9cee5686bb
Actions: Add a workflow to deploy the zcashd book
2021-01-27 17:20:30 +00:00