From c2c75c04f6819bc9a872f95a5d4483d4fead72cd Mon Sep 17 00:00:00 2001 From: Dilum Aluthge Date: Sat, 28 May 2022 23:54:51 -0400 Subject: [PATCH 1/3] Add a GitHub Actions CI job to this repo that verifies all of the signatures --- .github/workflows/backport.yml | 8 ++++++++ .github/workflows/fast_forward.yml | 7 +++++++ .github/workflows/verify.yml | 25 +++++++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 .github/workflows/verify.yml diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 3a8ed9dd..74b5a260 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -4,6 +4,14 @@ on: types: - closed - labeled +concurrency: + # Skip intermediate builds: all builds except for builds on the `main` branch + # Cancel intermediate builds: only pull request builds + group: ${{ github.workflow }}-${{ github.ref }}-${{ github.ref != 'refs/heads/main' || github.run_number }} + cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }} +permissions: + contents: write + pull-requests: write jobs: backport: runs-on: ubuntu-latest diff --git a/.github/workflows/fast_forward.yml b/.github/workflows/fast_forward.yml index 1632782e..7066d34b 100644 --- a/.github/workflows/fast_forward.yml +++ b/.github/workflows/fast_forward.yml @@ -8,6 +8,13 @@ on: following_branch: description: '' required: true +concurrency: + # Skip intermediate builds: all builds except for builds on the `main` branch + # Cancel intermediate builds: only pull request builds + group: ${{ github.workflow }}-${{ github.ref }}-${{ github.ref != 'refs/heads/master' || github.run_number }} + cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }} +permissions: + contents: write jobs: fast_forward: runs-on: ubuntu-latest diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml new file mode 100644 index 00000000..88a4a79f --- /dev/null +++ b/.github/workflows/verify.yml @@ -0,0 +1,25 @@ +name: Verify Signatures +on: + pull_request: + branches: + - main + push: + branches: + - main + tags: '*' + workflow_dispatch: +concurrency: + # Skip intermediate builds: all builds except for builds on the `main` branch + # Cancel intermediate builds: only pull request builds + group: ${{ github.workflow }}-${{ github.ref }}-${{ github.ref != 'refs/heads/main' || github.run_number }} + cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }} +permissions: + contents: read +jobs: + verify: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + persist-credentials: false + - run: make verify_treehashes From 00e32e292942d70adb75e218f3564db480f33e3f Mon Sep 17 00:00:00 2001 From: Dilum Aluthge Date: Sat, 28 May 2022 23:57:14 -0400 Subject: [PATCH 2/3] Update verify.yml --- .github/workflows/verify.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 88a4a79f..a733cf6a 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -22,4 +22,9 @@ jobs: - uses: actions/checkout@v2 with: persist-credentials: false + - run: | + git clone https://github.com/staticfloat/cryptic-buildkite-plugin.git + cd cryptic-buildkite-plugin + git checkout sf/group_capable + cd .. - run: make verify_treehashes From af08b1d73bd30dc1ce2ccb2e8bae7a4e86e75c0a Mon Sep 17 00:00:00 2001 From: Dilum Aluthge Date: Sat, 28 May 2022 23:58:32 -0400 Subject: [PATCH 3/3] Update verify.yml --- .github/workflows/verify.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index a733cf6a..de4ab368 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -22,6 +22,8 @@ jobs: - uses: actions/checkout@v2 with: persist-credentials: false + - name: Install dependencies (shyaml) + run: pip install shyaml - run: | git clone https://github.com/staticfloat/cryptic-buildkite-plugin.git cd cryptic-buildkite-plugin