Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: add minimum GitHub token permissions for workflows #5072

Merged

Conversation

ashishkurmi
Copy link
Contributor

Description

This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflows using secure-workflows.

The GitHub Actions workflow has a GITHUB_TOKEN with write access to multiple scopes. Here is an example of the permissions in one of the workflow runs:
https://github.com/tokio-rs/tokio/actions/runs/3169751968/jobs/5161876737#step:1:19

After this change, the scopes will be reduced to the minimum needed for the following workflows:

  • audit.yml
  • ci.yml
  • labeler.yml
  • loom.yml
  • pr-audit.yml
  • stress-test.yml

Motivation and Context

  • This is a security best practice, so if the GITHUB_TOKEN is compromised due to a vulnerability or compromised Action, the damage will be reduced.
  • GitHub recommends defining minimum GITHUB_TOKEN permissions.
  • The Open Source Security Foundation (OpenSSF) Scorecards also treats not setting token permissions as a high-risk issue. This change will help increase the Scorecard score for this repository.

Signed-off-by: Ashish Kurmi akurmi@stepsecurity.io

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
Copy link
Member

@LucioFranco LucioFranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks!

@LucioFranco LucioFranco merged commit b821e43 into tokio-rs:master Oct 3, 2022
jonhoo added a commit to jonhoo/rust-ci-conf that referenced this pull request Mar 11, 2023
Wasabi375 pushed a commit to Wasabi375/mut-binary-heap that referenced this pull request Mar 13, 2023
Wasabi375 pushed a commit to Wasabi375/mut-binary-heap that referenced this pull request Mar 14, 2023
TheGoodall added a commit to chromic-lighting/chromic that referenced this pull request Mar 16, 2023
Github CI files taken from https://github.com/jonhoo/rust-ci-conf

Squashed commit of the following:

commit 5ea59356dc9379a08dff5bf3df3c5016df2ca7f3
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Mar 12 09:40:09 2023 -0700

    Remove -Zmiri-tag-raw-pointers as it's now default

commit a076ec1cb42e88e6444ae7f573570ec53c149074
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Mar 11 15:08:45 2023 -0800

    Minimal token permissions

    See tokio-rs/tokio#5072

commit 9afb0e111adcd678ef06884cf737aa9e0cf135e7
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Mar 11 15:07:39 2023 -0800

    Get rid of most actions-rs bits

    Given that that project is unmaintained.

    actions-rs/toolchain#216

commit 90999e1bd1a9dabaecd149697f69e8e26e810562
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Mar 10 21:22:30 2023 -0800

    Fix install message for msrv

commit 362696ab8007ef1a4779885a398286856cacf555
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Mar 10 21:16:35 2023 -0800

    Move to maintained rust installer

    See actions-rs/toolchain#216

commit d6bd5c67a444a379d70a014de537c29dc77f7711
Merge: 82cbed8 c8a7835
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Dec 9 19:42:59 2022 -0500

    Merge pull request #1 from jonhoo/dependabot/github_actions/codecov/codecov-action-3

    Bump codecov/codecov-action from 2 to 3

commit c8a7835b2f0b21d9a64e6a8b0ddc10fbc88e2dd1
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Sat Dec 10 00:25:41 2022 +0000

    Bump codecov/codecov-action from 2 to 3

    Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3.
    - [Release notes](https://github.com/codecov/codecov-action/releases)
    - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
    - [Commits](codecov/codecov-action@v2...v3)

    ---
    updated-dependencies:
    - dependency-name: codecov/codecov-action
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 82cbed84f82e8538cdfc99dcf1b8b2cbab4fb126
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Dec 9 16:25:21 2022 -0800

    Notify if actions themselves are outdated

commit cf47d4cad4b241a30245a51aa1ac7e99e7fedf8a
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Wed Sep 28 18:23:39 2022 -0700

    ignore is a list

commit b783cb31ab3c6c27ad826bde44aa917c0d0908da
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Sep 23 08:53:07 2022 -0700

    Use dependabot, but only for major versions

commit 441dc27e4d1e365bfc9b0c25e736da6cb1d15102
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 14:01:04 2022 -0700

    Allow examples and binaries to require features

commit ea198cc4991e2f869cd99cb8175652576ef15119
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 13:52:47 2022 -0700

    More concise name for scheduled jobs

commit 15c1fa2ffcc0f31fabcdcd90cde6a05b54baf8b5
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 12:10:58 2022 -0700

    Catch upcoming deprecations

commit 56d4398a24f8c7aae0ba4a74eefaf75d1c3db3a8
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 11:52:12 2022 -0700

    Merge safety workflows

commit 71c2048cc0017a84a294be69d3b1629f55b1c8f0
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 11:44:55 2022 -0700

    mv github .github

    This should make it possible to have rust-ci-conf as a remote you merge
    from.

commit afa25312c9c6cf8748629bd3a5c054a688785dfc
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 11:29:34 2022 -0700

    Practice what you preach

commit 4859c128823805015dc164d58316dc5b25a69264
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 18:16:21 2022 -0700

    Add TODOs from twitter thread

commit 87365663b1f49c88c2a3642fece0b2a932001355
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 16:19:55 2022 -0700

    Missed a submodule checkout

commit 99ddee84ab05f5d5f37ad30a31d18dd7c72050c9
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:47:57 2022 -0700

    Standardize on 'main' as branch name

commit 0f90a0b77958b3978b6be3997a09ea5cb9b1bd6b
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:47:38 2022 -0700

    Make everything use checkout@v3

commit 2de2235ad3803a978e150fca8d38182eb6ed7a9e
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:46:13 2022 -0700

    Merge another test workflow

commit 971c3fd9eb5f7d80088caaf5647a74b82d40b860
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:42:52 2022 -0700

    Merge another test workflow

commit 0910d977fc68082220d493bef07bc9d5f2265fc7
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:42:25 2022 -0700

    Merge another test workflow

commit 8953a88abecc66ea7811766b46aff6a5fd767124
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:42:10 2022 -0700

    Add first test workflow

commit 3bd8b12ec08910b2609cdfc843474d5b83ff7dbc
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:41:57 2022 -0700

    Merge another style workflow

commit fe460400ed2259af7e17f5ff51742137623e9e8e
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:41:00 2022 -0700

    Merge another style workflow

commit bc3f55118617b5ffe1ea479c4f6d7d2167b86d36
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:40:29 2022 -0700

    Add first style workflow

commit 05dd4680bf90603c70cb7cd406299675441fe59d
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:39:59 2022 -0700

    Merge another os-check workflow

commit 92379c862376607f7caca04e470c09671922f238
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:39:09 2022 -0700

    Add first os-check workflow

commit c74ee968a1aafec9e839dee907f0137e6356feff
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:38:56 2022 -0700

    Add (only) no-std workflow

commit e6ef8e3166b93c22af938872a547e104f2601587
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:38:01 2022 -0700

    Merge another msrv workflow

commit 1113c895d862ce860c82596cac973ad075ef1ac6
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:37:31 2022 -0700

    Merge another msrv workflow

commit b60aa5589ac569446a5128453983dee9bb504666
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:37:03 2022 -0700

    Merge another msrv workflow

commit 9b48ae326374d8d8609a65649026fa09f8a68c7f
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:36:43 2022 -0700

    Add first msrv workflow

commit 77079d77cb4aa288bda667917667cfaee87bd361
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:36:29 2022 -0700

    Add (only) miri workflow

commit c65a7c4f87be9ddea9e34eb254f3b6d5933db4ef
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:35:09 2022 -0700

    Add first minial workflow

commit bf66d94f15b7288f417cfae0eab6542e2e100daf
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:34:43 2022 -0700

    Add (only) LSAN workflow

commit f67cad0f915deebcdf7ceb89ffdd0925bc910153
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:34:34 2022 -0700

    Add (only) loom workflow

commit d8c8a99dea99b437eefc56e5b873a863a4446c51
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:33:48 2022 -0700

    Merge another features workflow

commit 043eb24611b5272a04082d63566837a9efbc71e9
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:32:58 2022 -0700

    Merge another features workflow

commit 922692a2977a4c93786a0ecbe11fc01501361aad
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:32:32 2022 -0700

    Merge another features workflow

commit 225ad3978688c093f4670ec04352d465076f39d3
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:31:58 2022 -0700

    Add first features workflow

commit 1fe2a6d008275efaff56200b8fba5ecc252aa970
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:31:17 2022 -0700

    Merge another coverage.yml

commit fe6ba380bd39c665e9d9a2153b2dc5287fe25cae
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:29:55 2022 -0700

    Merge another coverage.yml

commit bbdbd96ec709e3cc83a081cf821fdfffce85ecb5
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:27:38 2022 -0700

    Add first coverage workflow

commit 11027d3f75ced20536b99225edccf34f286dd4e0
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:27:27 2022 -0700

    Add (only) ASAN workflow

commit 126c9a3a35d5ac428c22883d36f0aac69d2e20e9
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:25:23 2022 -0700

    Place codecov config under .github

commit b32648cabb5862b0814ab0abd6d5c81498758270
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:24:02 2022 -0700

    Merge another codecov

commit 510b69615dd47cb63584976512cb95b265cb22bf
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:23:03 2022 -0700

    Merge another codecov

commit 7f34f791c0a5c3f2c2ce2ed7e43ff12ed123c62c
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:22:18 2022 -0700

    Merge another codecov

commit 1b8c3056e6a015949896ca20815719930ec48051
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:21:57 2022 -0700

    Merge another codecov

commit 1c486b2c73cb2ae896dd77e0f0ec060a47f15cd7
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:10:07 2022 -0700

    Add one codecov
TheGoodall added a commit to chromic-lighting/chromic that referenced this pull request Mar 16, 2023
Github CI files taken from https://github.com/jonhoo/rust-ci-conf

Squashed commit of the following:

commit 5ea59356dc9379a08dff5bf3df3c5016df2ca7f3
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Mar 12 09:40:09 2023 -0700

    Remove -Zmiri-tag-raw-pointers as it's now default

commit a076ec1cb42e88e6444ae7f573570ec53c149074
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Mar 11 15:08:45 2023 -0800

    Minimal token permissions

    See tokio-rs/tokio#5072

commit 9afb0e111adcd678ef06884cf737aa9e0cf135e7
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Mar 11 15:07:39 2023 -0800

    Get rid of most actions-rs bits

    Given that that project is unmaintained.

    actions-rs/toolchain#216

commit 90999e1bd1a9dabaecd149697f69e8e26e810562
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Mar 10 21:22:30 2023 -0800

    Fix install message for msrv

commit 362696ab8007ef1a4779885a398286856cacf555
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Mar 10 21:16:35 2023 -0800

    Move to maintained rust installer

    See actions-rs/toolchain#216

commit d6bd5c67a444a379d70a014de537c29dc77f7711
Merge: 82cbed8 c8a7835
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Dec 9 19:42:59 2022 -0500

    Merge pull request #1 from jonhoo/dependabot/github_actions/codecov/codecov-action-3

    Bump codecov/codecov-action from 2 to 3

commit c8a7835b2f0b21d9a64e6a8b0ddc10fbc88e2dd1
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Sat Dec 10 00:25:41 2022 +0000

    Bump codecov/codecov-action from 2 to 3

    Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3.
    - [Release notes](https://github.com/codecov/codecov-action/releases)
    - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
    - [Commits](codecov/codecov-action@v2...v3)

    ---
    updated-dependencies:
    - dependency-name: codecov/codecov-action
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 82cbed84f82e8538cdfc99dcf1b8b2cbab4fb126
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Dec 9 16:25:21 2022 -0800

    Notify if actions themselves are outdated

commit cf47d4cad4b241a30245a51aa1ac7e99e7fedf8a
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Wed Sep 28 18:23:39 2022 -0700

    ignore is a list

commit b783cb31ab3c6c27ad826bde44aa917c0d0908da
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Fri Sep 23 08:53:07 2022 -0700

    Use dependabot, but only for major versions

commit 441dc27e4d1e365bfc9b0c25e736da6cb1d15102
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 14:01:04 2022 -0700

    Allow examples and binaries to require features

commit ea198cc4991e2f869cd99cb8175652576ef15119
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 13:52:47 2022 -0700

    More concise name for scheduled jobs

commit 15c1fa2ffcc0f31fabcdcd90cde6a05b54baf8b5
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 12:10:58 2022 -0700

    Catch upcoming deprecations

commit 56d4398a24f8c7aae0ba4a74eefaf75d1c3db3a8
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 11:52:12 2022 -0700

    Merge safety workflows

commit 71c2048cc0017a84a294be69d3b1629f55b1c8f0
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 11:44:55 2022 -0700

    mv github .github

    This should make it possible to have rust-ci-conf as a remote you merge
    from.

commit afa25312c9c6cf8748629bd3a5c054a688785dfc
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sun Sep 18 11:29:34 2022 -0700

    Practice what you preach

commit 4859c128823805015dc164d58316dc5b25a69264
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 18:16:21 2022 -0700

    Add TODOs from twitter thread

commit 87365663b1f49c88c2a3642fece0b2a932001355
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 16:19:55 2022 -0700

    Missed a submodule checkout

commit 99ddee84ab05f5d5f37ad30a31d18dd7c72050c9
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:47:57 2022 -0700

    Standardize on 'main' as branch name

commit 0f90a0b77958b3978b6be3997a09ea5cb9b1bd6b
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:47:38 2022 -0700

    Make everything use checkout@v3

commit 2de2235ad3803a978e150fca8d38182eb6ed7a9e
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:46:13 2022 -0700

    Merge another test workflow

commit 971c3fd9eb5f7d80088caaf5647a74b82d40b860
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:42:52 2022 -0700

    Merge another test workflow

commit 0910d977fc68082220d493bef07bc9d5f2265fc7
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:42:25 2022 -0700

    Merge another test workflow

commit 8953a88abecc66ea7811766b46aff6a5fd767124
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:42:10 2022 -0700

    Add first test workflow

commit 3bd8b12ec08910b2609cdfc843474d5b83ff7dbc
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:41:57 2022 -0700

    Merge another style workflow

commit fe460400ed2259af7e17f5ff51742137623e9e8e
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:41:00 2022 -0700

    Merge another style workflow

commit bc3f55118617b5ffe1ea479c4f6d7d2167b86d36
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:40:29 2022 -0700

    Add first style workflow

commit 05dd4680bf90603c70cb7cd406299675441fe59d
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:39:59 2022 -0700

    Merge another os-check workflow

commit 92379c862376607f7caca04e470c09671922f238
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:39:09 2022 -0700

    Add first os-check workflow

commit c74ee968a1aafec9e839dee907f0137e6356feff
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:38:56 2022 -0700

    Add (only) no-std workflow

commit e6ef8e3166b93c22af938872a547e104f2601587
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:38:01 2022 -0700

    Merge another msrv workflow

commit 1113c895d862ce860c82596cac973ad075ef1ac6
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:37:31 2022 -0700

    Merge another msrv workflow

commit b60aa5589ac569446a5128453983dee9bb504666
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:37:03 2022 -0700

    Merge another msrv workflow

commit 9b48ae326374d8d8609a65649026fa09f8a68c7f
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:36:43 2022 -0700

    Add first msrv workflow

commit 77079d77cb4aa288bda667917667cfaee87bd361
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:36:29 2022 -0700

    Add (only) miri workflow

commit c65a7c4f87be9ddea9e34eb254f3b6d5933db4ef
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:35:09 2022 -0700

    Add first minial workflow

commit bf66d94f15b7288f417cfae0eab6542e2e100daf
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:34:43 2022 -0700

    Add (only) LSAN workflow

commit f67cad0f915deebcdf7ceb89ffdd0925bc910153
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:34:34 2022 -0700

    Add (only) loom workflow

commit d8c8a99dea99b437eefc56e5b873a863a4446c51
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:33:48 2022 -0700

    Merge another features workflow

commit 043eb24611b5272a04082d63566837a9efbc71e9
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:32:58 2022 -0700

    Merge another features workflow

commit 922692a2977a4c93786a0ecbe11fc01501361aad
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:32:32 2022 -0700

    Merge another features workflow

commit 225ad3978688c093f4670ec04352d465076f39d3
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:31:58 2022 -0700

    Add first features workflow

commit 1fe2a6d008275efaff56200b8fba5ecc252aa970
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:31:17 2022 -0700

    Merge another coverage.yml

commit fe6ba380bd39c665e9d9a2153b2dc5287fe25cae
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:29:55 2022 -0700

    Merge another coverage.yml

commit bbdbd96ec709e3cc83a081cf821fdfffce85ecb5
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:27:38 2022 -0700

    Add first coverage workflow

commit 11027d3f75ced20536b99225edccf34f286dd4e0
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:27:27 2022 -0700

    Add (only) ASAN workflow

commit 126c9a3a35d5ac428c22883d36f0aac69d2e20e9
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:25:23 2022 -0700

    Place codecov config under .github

commit b32648cabb5862b0814ab0abd6d5c81498758270
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:24:02 2022 -0700

    Merge another codecov

commit 510b69615dd47cb63584976512cb95b265cb22bf
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:23:03 2022 -0700

    Merge another codecov

commit 7f34f791c0a5c3f2c2ce2ed7e43ff12ed123c62c
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:22:18 2022 -0700

    Merge another codecov

commit 1b8c3056e6a015949896ca20815719930ec48051
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:21:57 2022 -0700

    Merge another codecov

commit 1c486b2c73cb2ae896dd77e0f0ec060a47f15cd7
Author: Jon Gjengset <jon@thesquareplanet.com>
Date:   Sat Sep 17 12:10:07 2022 -0700

    Add one codecov
simonrw pushed a commit to simonrw/rynamodb that referenced this pull request Mar 16, 2023
Wasabi375 pushed a commit to Wasabi375/mut-binary-heap that referenced this pull request Mar 18, 2023
Wasabi375 pushed a commit to Wasabi375/mut-binary-heap that referenced this pull request Mar 18, 2023
Wasabi375 pushed a commit to Wasabi375/mut-binary-heap that referenced this pull request Mar 18, 2023
Wasabi375 pushed a commit to Wasabi375/mut-binary-heap that referenced this pull request Mar 18, 2023
CyberHoward pushed a commit to AbstractSDK/apps that referenced this pull request Mar 24, 2023
c-git pushed a commit to wykies/rust-ci-conf that referenced this pull request Sep 3, 2023
carloskiki added a commit to carloskiki/leptos-icons that referenced this pull request Oct 8, 2023
* Add one codecov

* Merge another codecov

* Merge another codecov

* Merge another codecov

* Merge another codecov

* Place codecov config under .github

* Add (only) ASAN workflow

* Add first coverage workflow

* Merge another coverage.yml

* Merge another coverage.yml

* Add first features workflow

* Merge another features workflow

* Merge another features workflow

* Merge another features workflow

* Add (only) loom workflow

* Add (only) LSAN workflow

* Add first minial workflow

* Add (only) miri workflow

* Add first msrv workflow

* Merge another msrv workflow

* Merge another msrv workflow

* Merge another msrv workflow

* Add (only) no-std workflow

* Add first os-check workflow

* Merge another os-check workflow

* Add first style workflow

* Merge another style workflow

* Merge another style workflow

* Add first test workflow

* Merge another test workflow

* Merge another test workflow

* Merge another test workflow

* Make everything use checkout@v3

* Standardize on 'main' as branch name

* Missed a submodule checkout

* Add TODOs from twitter thread

* Practice what you preach

* mv github .github

This should make it possible to have rust-ci-conf as a remote you merge
from.

* Merge safety workflows

* Catch upcoming deprecations

* More concise name for scheduled jobs

* Allow examples and binaries to require features

* Use dependabot, but only for major versions

* ignore is a list

* Notify if actions themselves are outdated

* Bump codecov/codecov-action from 2 to 3

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v2...v3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Move to maintained rust installer

See actions-rs/toolchain#216

* Fix install message for msrv

* Get rid of most actions-rs bits

Given that that project is unmaintained.

actions-rs/toolchain#216

* Minimal token permissions

See tokio-rs/tokio#5072

* Remove -Zmiri-tag-raw-pointers as it's now default

* Unbreak cargo hack for non-libraries (#4)

* Add action to run doctest. (#3)

`cargo test --all-features` does not run doc-tests. For more information
see rust-lang/cargo#6669.

* chore: automatically cancel superseded Actions runs (#5)

* [sanity] More robust injection of opt-level 1 (#9)

Fixes #8

* Quote MSRV version to avoid float parsing (#11)

Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float?

Putting in quotes seems to do the right thing here

* Install Openssl for Windows (#12)

* Don't install OpenSSL on Windows by default

* Bump actions/checkout from 3 to 4 (#13)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jon Gjengset <jon@thesquareplanet.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tudyx <56633664+Tudyx@users.noreply.github.com>
Co-authored-by: Burkhard Mittelbach <wasabi37a@googlemail.com>
Co-authored-by: Simen Bekkhus <sbekkhus91@gmail.com>
Co-authored-by: James Chacon <chacon.james@gmail.com>
Co-authored-by: Rod Elias <rodiney@gmail.com>
0x61nas pushed a commit to 0x61nas/lqth that referenced this pull request Dec 12, 2023
0x61nas added a commit to 0x61nas/lqth that referenced this pull request Dec 12, 2023
* Add one codecov

* Merge another codecov

* Merge another codecov

* Merge another codecov

* Merge another codecov

* Place codecov config under .github

* Add (only) ASAN workflow

* Add first coverage workflow

* Merge another coverage.yml

* Merge another coverage.yml

* Add first features workflow

* Merge another features workflow

* Merge another features workflow

* Merge another features workflow

* Add (only) loom workflow

* Add (only) LSAN workflow

* Add first minial workflow

* Add (only) miri workflow

* Add first msrv workflow

* Merge another msrv workflow

* Merge another msrv workflow

* Merge another msrv workflow

* Add (only) no-std workflow

* Add first os-check workflow

* Merge another os-check workflow

* Add first style workflow

* Merge another style workflow

* Merge another style workflow

* Add first test workflow

* Merge another test workflow

* Merge another test workflow

* Merge another test workflow

* Make everything use checkout@v3

* Standardize on 'main' as branch name

* Missed a submodule checkout

* Add TODOs from twitter thread

* Practice what you preach

* mv github .github

This should make it possible to have rust-ci-conf as a remote you merge
from.

* Merge safety workflows

* Catch upcoming deprecations

* More concise name for scheduled jobs

* Allow examples and binaries to require features

* Use dependabot, but only for major versions

* ignore is a list

* Notify if actions themselves are outdated

* Bump codecov/codecov-action from 2 to 3

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v2...v3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Move to maintained rust installer

See actions-rs/toolchain#216

* Fix install message for msrv

* Get rid of most actions-rs bits

Given that that project is unmaintained.

actions-rs/toolchain#216

* Minimal token permissions

See tokio-rs/tokio#5072

* Remove -Zmiri-tag-raw-pointers as it's now default

* Unbreak cargo hack for non-libraries (#4)

* Add action to run doctest. (#3)

`cargo test --all-features` does not run doc-tests. For more information
see rust-lang/cargo#6669.

* chore: automatically cancel superseded Actions runs (#5)

* [sanity] More robust injection of opt-level 1 (#9)

Fixes #8

* Quote MSRV version to avoid float parsing (#11)

Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float?

Putting in quotes seems to do the right thing here

* Install Openssl for Windows (#12)

* Don't install OpenSSL on Windows by default

* Bump actions/checkout from 3 to 4 (#13)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* docs: Add documentation based on the youtube video (#10)

* Nit: Selecting direct minimal versions flag is -Zdirect-minimal-versions (#16)

* Add one codecov

* Merge another codecov

* Merge another codecov

* Merge another codecov

* Merge another codecov

* Place codecov config under .github

* Add (only) ASAN workflow

* Add first coverage workflow

* Merge another coverage.yml

* Merge another coverage.yml

* Add first features workflow

* Merge another features workflow

* Merge another features workflow

* Merge another features workflow

* Add (only) loom workflow

* Add (only) LSAN workflow

* Add first minial workflow

* Add (only) miri workflow

* Add first msrv workflow

* Merge another msrv workflow

* Merge another msrv workflow

* Merge another msrv workflow

* Add (only) no-std workflow

* Add first os-check workflow

* Merge another os-check workflow

* Add first style workflow

* Merge another style workflow

* Merge another style workflow

* Add first test workflow

* Merge another test workflow

* Merge another test workflow

* Merge another test workflow

* Make everything use checkout@v3

* Standardize on 'main' as branch name

* Missed a submodule checkout

* Add TODOs from twitter thread

* Practice what you preach

* mv github .github

This should make it possible to have rust-ci-conf as a remote you merge
from.

* Merge safety workflows

* Catch upcoming deprecations

* More concise name for scheduled jobs

* Allow examples and binaries to require features

* Use dependabot, but only for major versions

* ignore is a list

* Notify if actions themselves are outdated

* Bump codecov/codecov-action from 2 to 3

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v2...v3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Move to maintained rust installer

See actions-rs/toolchain#216

* Fix install message for msrv

* Get rid of most actions-rs bits

Given that that project is unmaintained.

actions-rs/toolchain#216

* Minimal token permissions

See tokio-rs/tokio#5072

* Remove -Zmiri-tag-raw-pointers as it's now default

* Unbreak cargo hack for non-libraries (#4)

* Add action to run doctest. (#3)

`cargo test --all-features` does not run doc-tests. For more information
see rust-lang/cargo#6669.

* chore: automatically cancel superseded Actions runs (#5)

* [sanity] More robust injection of opt-level 1 (#9)

Fixes #8

* Quote MSRV version to avoid float parsing (#11)

Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float?

Putting in quotes seems to do the right thing here

* Install Openssl for Windows (#12)

* Don't install OpenSSL on Windows by default

* Bump actions/checkout from 3 to 4 (#13)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* docs: Add documentation based on the youtube video (#10)

* Nit: Selecting direct minimal versions flag is -Zdirect-minimal-versions (#16)

* chore(github): create the code owners file

* chore(github): add the funding methods

* chore(github): create the issue templates

* chore(github): create the PR template

* chore(mergify): create `mergify` config

* chore(github): remove the `nostd` workflow

* chore(github): remove the `os-check` step and updated the branch name

* chore(github): create the CI workflow

* chore(github): update the branch name

* fix(workflow): disable the loom step for now

* fix(minimal-versions): set the minimal versoin of `thiserror` at 1.0.2

* fix(workflow): update the minimal rust version

* chore(codespell): create the codespell ignore file

* fix(workflow): don't try to build on windows or macos

* docs: fix typos

* chore(codespell): ignore `crate`

* fix(workflow): install X11

* fix(workflow): fix typos

* chore(mergify): disable the Dbpndabot rule

* chore(github): remove the CI workflow

* chore(github): add lint step to the test workflow

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jon Gjengset <jon@thesquareplanet.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tudyx <56633664+Tudyx@users.noreply.github.com>
Co-authored-by: Burkhard Mittelbach <wasabi37a@googlemail.com>
Co-authored-by: Simen Bekkhus <sbekkhus91@gmail.com>
Co-authored-by: James Chacon <chacon.james@gmail.com>
Co-authored-by: Rod Elias <rodiney@gmail.com>
Co-authored-by: Josh McKinney <joshka@users.noreply.github.com>
Co-authored-by: Mathias Pius <g+github@pius.io>
0x61nas pushed a commit to 0x61nas/aarty that referenced this pull request Jan 29, 2024
wfxr pushed a commit to wfxr/rlt that referenced this pull request Mar 26, 2024
Merge another codecov

Merge another codecov

Merge another codecov

Merge another codecov

Place codecov config under .github

Add (only) ASAN workflow

Add first coverage workflow

Merge another coverage.yml

Merge another coverage.yml

Add first features workflow

Merge another features workflow

Merge another features workflow

Merge another features workflow

Add (only) loom workflow

Add (only) LSAN workflow

Add first minial workflow

Add (only) miri workflow

Add first msrv workflow

Merge another msrv workflow

Merge another msrv workflow

Merge another msrv workflow

Add (only) no-std workflow

Add first os-check workflow

Merge another os-check workflow

Add first style workflow

Merge another style workflow

Merge another style workflow

Add first test workflow

Merge another test workflow

Merge another test workflow

Merge another test workflow

Make everything use checkout@v3

Standardize on 'main' as branch name

Missed a submodule checkout

Add TODOs from twitter thread

Practice what you preach

mv github .github

This should make it possible to have rust-ci-conf as a remote you merge
from.

Merge safety workflows

Catch upcoming deprecations

More concise name for scheduled jobs

Allow examples and binaries to require features

Use dependabot, but only for major versions

ignore is a list

Notify if actions themselves are outdated

Bump codecov/codecov-action from 2 to 3

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v2...v3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Move to maintained rust installer

See actions-rs/toolchain#216

Fix install message for msrv

Get rid of most actions-rs bits

Given that that project is unmaintained.

actions-rs/toolchain#216

Minimal token permissions

See tokio-rs/tokio#5072

Remove -Zmiri-tag-raw-pointers as it's now default

Unbreak cargo hack for non-libraries (#4)

Add action to run doctest. (#3)

`cargo test --all-features` does not run doc-tests. For more information
see rust-lang/cargo#6669.

chore: automatically cancel superseded Actions runs (#5)

[sanity] More robust injection of opt-level 1 (#9)

Fixes #8

Quote MSRV version to avoid float parsing (#11)

Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float?

Putting in quotes seems to do the right thing here

Install Openssl for Windows (#12)

Don't install OpenSSL on Windows by default

Bump actions/checkout from 3 to 4 (#13)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

docs: Add documentation based on the youtube video (#10)

Nit: Selecting direct minimal versions flag is -Zdirect-minimal-versions (#16)

chore: fix typos (#17)

Remove stray trailing whitespace

replace actions-rs/clippy-check with giraffate/clippy-action (#19)

Co-authored-by: rtkay123 <dev@kanjala.com>

Semi-breaking: update codecov action

Note: this requires adding `CODECOV_TOKEN` to your GitHub repository's
secrets! See associated comment in the commit content.

Uniform capitalization
dougEfresh pushed a commit to dougEfresh/fireblocks-sdk-rs that referenced this pull request Apr 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants