Software-Mac/spacedrive
Software-Mac/spacedrive
1
0
Fork 0
mirror of https://github.com/spacedriveapp/spacedrive synced 2024-07-02 10:03:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential github action smells (#2412)

Browse source 
* Fix gha smells:
 - Avoid executing  scheduled workflows on forks
 - Use names for run steps
 - Define permissions for workflows with external actions
 - Steps should only perform a single command
 - Use commit hash instead of tags for action versions

* Fix commit hashes for actions and typo in name
This commit is contained in:
Cedric 2024-04-29 22:48:16 +02:00 committed by GitHub
parent 9126332df1
commit 662740692c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 50 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.github/workflows/cache-factory.yaml vendored
View file

@ -52,10 +52,13 @@ jobs:
# target: armv7-unknown-linux-gnueabihf
name: 'Make Cache'
runs-on: ${{ matrix.settings.host }}
if: github.repository == 'spacedriveapp/spacedrive'
permissions: {}
timeout-minutes: 150 # 2.5 hours
steps:
- name: Maximize build space
if: ${{ runner.os == 'Linux' }}
uses: easimon/maximize-build-space@master
uses: easimon/maximize-build-space@fc881a613ad2a34aca9c9624518214ebc21dfc0c # master
with:
swap-size-mb: 4096
root-reserve-mb: 6144
@ -65,13 +68,17 @@ jobs:
remove-docker-images: 'true'
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
- name: Symlink target to C:\
if: ${{ runner.os == 'Windows' }}
shell: powershell
run: |
New-Item -ItemType Directory -Force -Path C:\spacedrive_target
- name: Symlink target to C:\
if: ${{ runner.os == 'Windows' }}
shell: powershell
run: |
New-Item -Path target -ItemType Junction -Value C:\spacedrive_target
- name: Setup System and Rust

59
.github/workflows/ci.yml vendored
View file

@ -21,10 +21,12 @@ concurrency:
jobs:
typescript:
name: TypeScript
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
timeout-minutes: 3
permissions: {}
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
- name: Setup Node.js, pnpm and dependencies
uses: ./.github/actions/setup-pnpm
@ -36,10 +38,12 @@ jobs:
eslint:
name: ESLint
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
permissions: {}
timeout-minutes: 5
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
- name: Setup Node.js, pnpm and dependencies
uses: ./.github/actions/setup-pnpm
@ -52,9 +56,11 @@ jobs:
cypress:
name: Cypress
runs-on: macos-14
timeout-minutes: 30
permissions: {}
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
- name: Setup System and Rust
uses: ./.github/actions/setup-system
@ -75,7 +81,7 @@ jobs:
ln -sf /Users/runner/Library/Caches/Cypress /Users/runner/.cache/Cypress
- name: Setup Cypress
uses: cypress-io/github-action@v6
uses: cypress-io/github-action@1b70233146622b69e789ccdd4f9452adc638d25a # v6
with:
runTests: false
working-directory: .
@ -84,21 +90,22 @@ jobs:
run: pnpm test-data small
- name: E2E test
uses: cypress-io/github-action@v6
uses: cypress-io/github-action@1b70233146622b69e789ccdd4f9452adc638d25a # v6
with:
build: npx cypress info
install: false
command: env CI=true pnpm test:e2e
working-directory: apps/web
- uses: actions/upload-artifact@v4
if: always()
- name: Upload cypress screenshots
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
with:
name: cypress-screenshots
path: apps/web/cypress/screenshots
if-no-files-found: ignore
- uses: actions/upload-artifact@v4
- name: Upload cypress video's
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
if: always()
with:
name: cypress-videos
@ -107,11 +114,14 @@ jobs:
rustfmt:
name: Rust Formatting
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
steps:
- name: Maximize build space
if: ${{ runner.os == 'Linux' }}
uses: easimon/maximize-build-space@master
uses: easimon/maximize-build-space@fc881a613ad2a34aca9c9624518214ebc21dfc0c # master
with:
swap-size-mb: 3072
root-reserve-mb: 6144
@ -125,12 +135,17 @@ jobs:
shell: powershell
run: |
New-Item -ItemType Directory -Force -Path C:\spacedrive_target
- name: Symlink target to C:\
if: ${{ runner.os == 'Windows' }}
shell: powershell
run: |
New-Item -Path target -ItemType Junction -Value C:\spacedrive_target
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
- uses: dorny/paths-filter@v3
- name: Check if files have changed
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
continue-on-error: true
id: filter
with:
@ -163,10 +178,13 @@ jobs:
strategy:
matrix:
platform: [ubuntu-20.04, macos-14, windows-latest]
permissions:
contents: read
timeout-minutes: 45
steps:
- name: Maximize build space
if: ${{ runner.os == 'Linux' }}
uses: easimon/maximize-build-space@master
uses: easimon/maximize-build-space@fc881a613ad2a34aca9c9624518214ebc21dfc0c # master
with:
swap-size-mb: 3072
root-reserve-mb: 6144
@ -180,12 +198,17 @@ jobs:
shell: powershell
run: |
New-Item -ItemType Directory -Force -Path C:\spacedrive_target
- name: Symlink target to C:\
if: ${{ runner.os == 'Windows' }}
shell: powershell
run: |
New-Item -Path target -ItemType Junction -Value C:\spacedrive_target
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
- uses: dorny/paths-filter@v3
- name: Find files that have changed
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
continue-on-error: true
id: filter
with:
@ -212,7 +235,7 @@ jobs:
- name: Run Clippy
if: steps.filter.outcome != 'success' || steps.filter.outputs.changes == 'true'
uses: actions-rs-plus/clippy-check@v2
uses: actions-rs-plus/clippy-check@30fef0f891edb491831cd248156cfb18d7d12fda # v2
with:
args: --workspace --all-features --locked