fccdb03c53
Add additional audits.
2023-04-03 16:41:07 -06:00
feb1f41ce6
CI: Check out both the base and PR branches for "recent base" check
...
This should hopefully ensure that we end up with a single Git repository
that has both branches in it, enabling `git merge-base --is-ancestor` to
work correctly.
2023-03-16 16:22:28 +00:00
ac3568a557
CI: Provide `write` permission for `pull-requests`
...
The "recent base" check attempts to remove a label from the PR being
checked, which uses the `issues` API. But a `write` permission for the
`issues` API appears to be insufficient.
2023-03-16 15:51:20 +00:00
5c316e8d50
CI: Remove most usages of `actions-rs` actions
...
These actions are unmaintained. The only one we continue to use is
`actions-rs/clippy-check` because there is no suitable alternative.
2023-03-16 15:38:15 +00:00
41997a5ac3
CI: Use `github.head_ref` instead of `HEAD` for "recent base" check
...
The `pull_request_target` event causes `actions/checkout` to check out
the target branch (e.g. the main repo's `master` branch) instead of the
PR's branch. This meant that after zcash/zcash#6487 merged, the check
would always pass (because the queried revision is always present in the
history of `master`). `github.head_ref` correctly points to the tip of
the PR's branch, ensuring that `git merge-base --is-ancestor` performs
the expected comparison.
2023-03-15 15:33:05 +00:00
8a33c66a68
CI: Include explicit `failure()` condition in "recent base" check
...
This is necessary to override the default `success()` status check, and
allow the narrowing condition to function correctly.
2023-03-15 02:48:55 +00:00
08347f40fc
CI: Fetch all history for "recent base" check
...
This ensures that the branch history containing the commit in question
is present.
2023-03-15 02:44:48 +00:00
e67a0d746c
CI: Fix permissions for Checks workflow
2023-03-14 14:14:47 +00:00
07cdc1cb4a
CI: Check that the PR branch has a sufficiently recent base for Tekton
...
This provides an explicit error message to PR authors telling them if
they need to rebase, avoiding the rediscovery of known breaking changes
to Tekton CI compatibility.
2023-03-13 17:42:48 +00:00
56ee27ed7b
depends: Update Rust to 1.68.0
2023-03-09 16:31:21 +00:00
d01129e752
depends: Update Rust to 1.67.1
2023-02-16 15:45:29 +00:00
baf7d9e24a
depends: Update Rust to 1.64.0
2022-09-23 02:27:01 +00:00
9d4b6795c8
build: update book.yml
...
Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>
2022-09-19 12:24:18 +02:00
3cf26a1c4f
script: Lint Gitian descriptors with ShellCheck
...
(cherry picked from commit bitcoin/bitcoin@14aded46df )
Zcash: Applies CI change to GitHub Actions workflow.
2022-08-20 03:15:12 +00:00
c11cf55b5b
CI: Enforce shell lints to prevent regression
2022-08-19 22:40:36 +00:00
3bf9022d51
CI: Migrate to published versions of cargo-vet
2022-08-17 08:20:39 +00:00
e27190d00a
depends: Update Rust to 1.63.0
2022-08-11 15:51:57 +00:00
93422e8fe2
depends: Update Rust to 1.62.1
2022-08-10 22:57:46 +00:00
a5b468a6ec
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
2022-06-27 00:59:00 +00:00
dbcd7b396e
CI: Add workflow that runs `cargo vet --locked`
2022-06-09 17:00:15 +00:00
6e96680a0c
Bump actions/checkout from 2 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 01:10:19 +00:00
b2b178bd21
lint: Add check that every Cargo patch has a matching replacement
...
We canonicalize git URLs when linting Cargo patches, because Cargo
treats `path/to/repo` and `path/to/repo.git` identically (and similarly
it strips a trailing slash), so we allow `.cargo/config.offline` and
`Cargo.toml` to mismatch in this way to minimise lints.
2022-04-07 02:14:52 +00:00
21430b13ac
depends: Update Rust to 1.59.0
2022-03-01 00:09:18 +00:00
9fd44c76fa
CI: Add Pyflakes to lints workflow
2021-11-18 14:45:39 +00:00
ba7aaf1e7c
CI: Ignore errors from general lints we don't yet have passing
...
Once we have made the necessary backports or changes to get these lints
to pass, we can remove the corresponding ignores to prevent regression.
2021-08-24 16:02:34 +01:00
73a33efa43
CI: Use Rust 1.54 for lints
2021-07-30 18:36:42 +01:00
4026386cac
CI: Add Rust lints
2021-07-14 23:11:02 +01:00
b54b416d68
CI: Check scripted diffs
2021-07-14 22:58:05 +01:00
29280b9821
CI: Add workflow that runs general lints
2021-07-14 22:19:40 +01:00
93a46e303d
CI: Build book with latest mdbook
...
`mdbook-katex` is installed from crates.io, and if it doesn't use the
same version of `mdbook` it can cause build issues.
2021-06-13 08:04:26 +01:00
20abdb0e04
CI: Publish correct book directory
2021-06-13 08:04:26 +01:00
6962a9a3d3
CI: Correctly build zcashd book
2021-02-25 15:00:33 +00:00
9cee5686bb
Actions: Add a workflow to deploy the zcashd book
2021-01-27 17:20:30 +00:00
Sean Bowe
Jack Grigg
Jack Grigg
Alex
Hennadii Stepanov
nathannaveen
dependabot[bot]