actions/ghaction-upx
1
0
Fork 0
mirror of https://github.com/crazy-max/ghaction-upx.git synced 2026-04-14 10:32:59 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #289 from crazy-max/zizmor

Browse Source 
zizmor workflow
This commit is contained in:
CrazyMax
2026-03-27 23:07:09 +01:00
committed by GitHub
parent 63211a80a3 81ddf9b7fe
commit de3bb4857d
8 changed files with 54 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/dependabot.yml vendored
View File

@@ -4,6 +4,8 @@ updates:
directory: "/" directory: "/"
schedule: schedule:
interval: "daily" interval: "daily"
cooldown:
default-days: 2
labels: labels:
- "kind/dependencies" - "kind/dependencies"
- "bot" - "bot"
@@ -11,6 +13,8 @@ updates:
directory: "/" directory: "/"
schedule: schedule:
interval: "daily" interval: "daily"
cooldown:
default-days: 2
versioning-strategy: "increase" versioning-strategy: "increase"
allow: allow:
- dependency-type: "production" - dependency-type: "production"

7
.github/workflows/ci.yml vendored
View File

@@ -4,7 +4,6 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions: permissions:
contents: read contents: read
@@ -18,8 +17,6 @@ on:
tags: tags:
- 'v*' - 'v*'
pull_request: pull_request:
paths-ignore:
- '.github/upx-releases.json'
jobs: jobs:
ci: ci:
@@ -36,7 +33,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- -
name: Download files name: Download files
shell: bash shell: bash
@@ -73,7 +70,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- -
name: UPX name: UPX
uses: ./ uses: ./

11
.github/workflows/labels.yml vendored
View File

@@ -4,7 +4,6 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions: permissions:
contents: read contents: read
@@ -24,16 +23,14 @@ jobs:
labeler: labeler:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
# same as global permissions contents: read # same as global permissions
contents: read issues: write # required to update labels
# required to update labels
issues: write
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- -
name: Run Labeler name: Run Labeler
uses: crazy-max/ghaction-github-labeler@v5 uses: crazy-max/ghaction-github-labeler@24d110aa46a59976b8a7f35518cb7f14f434c916 # v5.3.0
with: with:
dry-run: ${{ github.event_name == 'pull_request' }} dry-run: ${{ github.event_name == 'pull_request' }}

9
.github/workflows/test.yml vendored
View File

@@ -4,7 +4,6 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions: permissions:
contents: read contents: read
@@ -14,8 +13,6 @@ on:
- 'master' - 'master'
- 'releases/v*' - 'releases/v*'
pull_request: pull_request:
paths-ignore:
- '.github/upx-releases.json'
jobs: jobs:
test: test:
@@ -23,16 +20,16 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- -
name: Test name: Test
uses: docker/bake-action@v6 uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6.10.0
with: with:
source: . source: .
targets: test targets: test
- -
name: Upload coverage name: Upload coverage
uses: codecov/codecov-action@v5 uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5.5.4
with: with:
files: ./coverage/clover.xml files: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }} token: ${{ secrets.CODECOV_TOKEN }}

13
.github/workflows/upx-releases-json.yml vendored
View File

@@ -4,7 +4,6 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions: permissions:
contents: read contents: read
@@ -16,23 +15,19 @@ on:
branches: branches:
- 'master' - 'master'
pull_request: pull_request:
paths-ignore:
- '.github/upx-releases.json'
jobs: jobs:
generate: generate:
uses: crazy-max/.github/.github/workflows/releases-json.yml@fa6141aedf23596fb8bdcceab9cce8dadaa31bd9 uses: crazy-max/.github/.github/workflows/releases-json.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0
with: with:
repository: upx/upx repository: upx/upx
artifact_name: upx-releases-json artifact_name: upx-releases-json
filename: upx-releases.json filename: upx-releases.json
secrets: inherit
open-pr: open-pr:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
permissions: permissions:
# required to create PR
contents: write contents: write
pull-requests: write pull-requests: write
needs: needs:
@@ -40,10 +35,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- -
name: Download name: Download
uses: actions/download-artifact@v4 uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with: with:
name: upx-releases-json name: upx-releases-json
path: .github path: .github
@@ -53,7 +48,7 @@ jobs:
git add -A . git add -A .
- -
name: Create PR name: Create PR
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with: with:
base: master base: master
branch: bot/upx-releases-json branch: bot/upx-releases-json

13
.github/workflows/validate.yml vendored
View File

@@ -4,7 +4,6 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions: permissions:
contents: read contents: read
@@ -21,15 +20,15 @@ jobs:
prepare: prepare:
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
targets: ${{ steps.generate.outputs.targets }} matrix: ${{ steps.generate.outputs.matrix }}
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: List targets name: Generate matrix
id: generate id: generate
uses: docker/bake-action/subaction/list-targets@v6 uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
with: with:
target: validate target: validate
@@ -40,10 +39,10 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
target: ${{ fromJson(needs.prepare.outputs.targets) }} include: ${{ fromJson(needs.prepare.outputs.matrix) }}
steps: steps:
- -
name: Validate name: Validate
uses: docker/bake-action@v6 uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
with: with:
targets: ${{ matrix.target }} targets: ${{ matrix.target }}

27
.github/workflows/zizmor.yml vendored Normal file
View File

@@ -0,0 +1,27 @@
name: zizmor
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
on:
workflow_dispatch:
push:
branches:
- 'master'
- 'releases/v*'
pull_request:
jobs:
run:
uses: crazy-max/.github/.github/workflows/zizmor.yml@bbd31df64ee0f097a02f12495f541f9236f18c46 # v1.2.0
permissions:
contents: read
security-events: write
with:
min-severity: medium
min-confidence: medium
persona: pedantic

4
.github/zizmor.yml vendored Normal file
View File

@@ -0,0 +1,4 @@
# https://docs.zizmor.sh/configuration/
rules:
secrets-outside-env:
disable: true