-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: add minimum GitHub token permissions for workflows #5072
Merged
LucioFranco
merged 1 commit into
tokio-rs:master
from
ashishkurmi:github_actions_token_permission
Oct 3, 2022
Merged
ci: add minimum GitHub token permissions for workflows #5072
LucioFranco
merged 1 commit into
tokio-rs:master
from
ashishkurmi:github_actions_token_permission
Oct 3, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
LucioFranco
approved these changes
Oct 3, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks!
87 tasks
jonhoo
added a commit
to jonhoo/rust-ci-conf
that referenced
this pull request
Mar 11, 2023
Wasabi375
pushed a commit
to Wasabi375/mut-binary-heap
that referenced
this pull request
Mar 13, 2023
Wasabi375
pushed a commit
to Wasabi375/mut-binary-heap
that referenced
this pull request
Mar 14, 2023
TheGoodall
added a commit
to chromic-lighting/chromic
that referenced
this pull request
Mar 16, 2023
Github CI files taken from https://github.com/jonhoo/rust-ci-conf Squashed commit of the following: commit 5ea59356dc9379a08dff5bf3df3c5016df2ca7f3 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Mar 12 09:40:09 2023 -0700 Remove -Zmiri-tag-raw-pointers as it's now default commit a076ec1cb42e88e6444ae7f573570ec53c149074 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Mar 11 15:08:45 2023 -0800 Minimal token permissions See tokio-rs/tokio#5072 commit 9afb0e111adcd678ef06884cf737aa9e0cf135e7 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Mar 11 15:07:39 2023 -0800 Get rid of most actions-rs bits Given that that project is unmaintained. actions-rs/toolchain#216 commit 90999e1bd1a9dabaecd149697f69e8e26e810562 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Mar 10 21:22:30 2023 -0800 Fix install message for msrv commit 362696ab8007ef1a4779885a398286856cacf555 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Mar 10 21:16:35 2023 -0800 Move to maintained rust installer See actions-rs/toolchain#216 commit d6bd5c67a444a379d70a014de537c29dc77f7711 Merge: 82cbed8 c8a7835 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Dec 9 19:42:59 2022 -0500 Merge pull request #1 from jonhoo/dependabot/github_actions/codecov/codecov-action-3 Bump codecov/codecov-action from 2 to 3 commit c8a7835b2f0b21d9a64e6a8b0ddc10fbc88e2dd1 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Dec 10 00:25:41 2022 +0000 Bump codecov/codecov-action from 2 to 3 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v2...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> commit 82cbed84f82e8538cdfc99dcf1b8b2cbab4fb126 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Dec 9 16:25:21 2022 -0800 Notify if actions themselves are outdated commit cf47d4cad4b241a30245a51aa1ac7e99e7fedf8a Author: Jon Gjengset <jon@thesquareplanet.com> Date: Wed Sep 28 18:23:39 2022 -0700 ignore is a list commit b783cb31ab3c6c27ad826bde44aa917c0d0908da Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Sep 23 08:53:07 2022 -0700 Use dependabot, but only for major versions commit 441dc27e4d1e365bfc9b0c25e736da6cb1d15102 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 14:01:04 2022 -0700 Allow examples and binaries to require features commit ea198cc4991e2f869cd99cb8175652576ef15119 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 13:52:47 2022 -0700 More concise name for scheduled jobs commit 15c1fa2ffcc0f31fabcdcd90cde6a05b54baf8b5 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 12:10:58 2022 -0700 Catch upcoming deprecations commit 56d4398a24f8c7aae0ba4a74eefaf75d1c3db3a8 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 11:52:12 2022 -0700 Merge safety workflows commit 71c2048cc0017a84a294be69d3b1629f55b1c8f0 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 11:44:55 2022 -0700 mv github .github This should make it possible to have rust-ci-conf as a remote you merge from. commit afa25312c9c6cf8748629bd3a5c054a688785dfc Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 11:29:34 2022 -0700 Practice what you preach commit 4859c128823805015dc164d58316dc5b25a69264 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 18:16:21 2022 -0700 Add TODOs from twitter thread commit 87365663b1f49c88c2a3642fece0b2a932001355 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 16:19:55 2022 -0700 Missed a submodule checkout commit 99ddee84ab05f5d5f37ad30a31d18dd7c72050c9 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:47:57 2022 -0700 Standardize on 'main' as branch name commit 0f90a0b77958b3978b6be3997a09ea5cb9b1bd6b Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:47:38 2022 -0700 Make everything use checkout@v3 commit 2de2235ad3803a978e150fca8d38182eb6ed7a9e Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:46:13 2022 -0700 Merge another test workflow commit 971c3fd9eb5f7d80088caaf5647a74b82d40b860 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:42:52 2022 -0700 Merge another test workflow commit 0910d977fc68082220d493bef07bc9d5f2265fc7 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:42:25 2022 -0700 Merge another test workflow commit 8953a88abecc66ea7811766b46aff6a5fd767124 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:42:10 2022 -0700 Add first test workflow commit 3bd8b12ec08910b2609cdfc843474d5b83ff7dbc Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:41:57 2022 -0700 Merge another style workflow commit fe460400ed2259af7e17f5ff51742137623e9e8e Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:41:00 2022 -0700 Merge another style workflow commit bc3f55118617b5ffe1ea479c4f6d7d2167b86d36 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:40:29 2022 -0700 Add first style workflow commit 05dd4680bf90603c70cb7cd406299675441fe59d Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:39:59 2022 -0700 Merge another os-check workflow commit 92379c862376607f7caca04e470c09671922f238 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:39:09 2022 -0700 Add first os-check workflow commit c74ee968a1aafec9e839dee907f0137e6356feff Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:38:56 2022 -0700 Add (only) no-std workflow commit e6ef8e3166b93c22af938872a547e104f2601587 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:38:01 2022 -0700 Merge another msrv workflow commit 1113c895d862ce860c82596cac973ad075ef1ac6 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:37:31 2022 -0700 Merge another msrv workflow commit b60aa5589ac569446a5128453983dee9bb504666 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:37:03 2022 -0700 Merge another msrv workflow commit 9b48ae326374d8d8609a65649026fa09f8a68c7f Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:36:43 2022 -0700 Add first msrv workflow commit 77079d77cb4aa288bda667917667cfaee87bd361 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:36:29 2022 -0700 Add (only) miri workflow commit c65a7c4f87be9ddea9e34eb254f3b6d5933db4ef Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:35:09 2022 -0700 Add first minial workflow commit bf66d94f15b7288f417cfae0eab6542e2e100daf Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:34:43 2022 -0700 Add (only) LSAN workflow commit f67cad0f915deebcdf7ceb89ffdd0925bc910153 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:34:34 2022 -0700 Add (only) loom workflow commit d8c8a99dea99b437eefc56e5b873a863a4446c51 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:33:48 2022 -0700 Merge another features workflow commit 043eb24611b5272a04082d63566837a9efbc71e9 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:32:58 2022 -0700 Merge another features workflow commit 922692a2977a4c93786a0ecbe11fc01501361aad Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:32:32 2022 -0700 Merge another features workflow commit 225ad3978688c093f4670ec04352d465076f39d3 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:31:58 2022 -0700 Add first features workflow commit 1fe2a6d008275efaff56200b8fba5ecc252aa970 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:31:17 2022 -0700 Merge another coverage.yml commit fe6ba380bd39c665e9d9a2153b2dc5287fe25cae Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:29:55 2022 -0700 Merge another coverage.yml commit bbdbd96ec709e3cc83a081cf821fdfffce85ecb5 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:27:38 2022 -0700 Add first coverage workflow commit 11027d3f75ced20536b99225edccf34f286dd4e0 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:27:27 2022 -0700 Add (only) ASAN workflow commit 126c9a3a35d5ac428c22883d36f0aac69d2e20e9 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:25:23 2022 -0700 Place codecov config under .github commit b32648cabb5862b0814ab0abd6d5c81498758270 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:24:02 2022 -0700 Merge another codecov commit 510b69615dd47cb63584976512cb95b265cb22bf Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:23:03 2022 -0700 Merge another codecov commit 7f34f791c0a5c3f2c2ce2ed7e43ff12ed123c62c Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:22:18 2022 -0700 Merge another codecov commit 1b8c3056e6a015949896ca20815719930ec48051 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:21:57 2022 -0700 Merge another codecov commit 1c486b2c73cb2ae896dd77e0f0ec060a47f15cd7 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:10:07 2022 -0700 Add one codecov
TheGoodall
added a commit
to chromic-lighting/chromic
that referenced
this pull request
Mar 16, 2023
Github CI files taken from https://github.com/jonhoo/rust-ci-conf Squashed commit of the following: commit 5ea59356dc9379a08dff5bf3df3c5016df2ca7f3 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Mar 12 09:40:09 2023 -0700 Remove -Zmiri-tag-raw-pointers as it's now default commit a076ec1cb42e88e6444ae7f573570ec53c149074 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Mar 11 15:08:45 2023 -0800 Minimal token permissions See tokio-rs/tokio#5072 commit 9afb0e111adcd678ef06884cf737aa9e0cf135e7 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Mar 11 15:07:39 2023 -0800 Get rid of most actions-rs bits Given that that project is unmaintained. actions-rs/toolchain#216 commit 90999e1bd1a9dabaecd149697f69e8e26e810562 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Mar 10 21:22:30 2023 -0800 Fix install message for msrv commit 362696ab8007ef1a4779885a398286856cacf555 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Mar 10 21:16:35 2023 -0800 Move to maintained rust installer See actions-rs/toolchain#216 commit d6bd5c67a444a379d70a014de537c29dc77f7711 Merge: 82cbed8 c8a7835 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Dec 9 19:42:59 2022 -0500 Merge pull request #1 from jonhoo/dependabot/github_actions/codecov/codecov-action-3 Bump codecov/codecov-action from 2 to 3 commit c8a7835b2f0b21d9a64e6a8b0ddc10fbc88e2dd1 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Dec 10 00:25:41 2022 +0000 Bump codecov/codecov-action from 2 to 3 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v2...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> commit 82cbed84f82e8538cdfc99dcf1b8b2cbab4fb126 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Dec 9 16:25:21 2022 -0800 Notify if actions themselves are outdated commit cf47d4cad4b241a30245a51aa1ac7e99e7fedf8a Author: Jon Gjengset <jon@thesquareplanet.com> Date: Wed Sep 28 18:23:39 2022 -0700 ignore is a list commit b783cb31ab3c6c27ad826bde44aa917c0d0908da Author: Jon Gjengset <jon@thesquareplanet.com> Date: Fri Sep 23 08:53:07 2022 -0700 Use dependabot, but only for major versions commit 441dc27e4d1e365bfc9b0c25e736da6cb1d15102 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 14:01:04 2022 -0700 Allow examples and binaries to require features commit ea198cc4991e2f869cd99cb8175652576ef15119 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 13:52:47 2022 -0700 More concise name for scheduled jobs commit 15c1fa2ffcc0f31fabcdcd90cde6a05b54baf8b5 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 12:10:58 2022 -0700 Catch upcoming deprecations commit 56d4398a24f8c7aae0ba4a74eefaf75d1c3db3a8 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 11:52:12 2022 -0700 Merge safety workflows commit 71c2048cc0017a84a294be69d3b1629f55b1c8f0 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 11:44:55 2022 -0700 mv github .github This should make it possible to have rust-ci-conf as a remote you merge from. commit afa25312c9c6cf8748629bd3a5c054a688785dfc Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sun Sep 18 11:29:34 2022 -0700 Practice what you preach commit 4859c128823805015dc164d58316dc5b25a69264 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 18:16:21 2022 -0700 Add TODOs from twitter thread commit 87365663b1f49c88c2a3642fece0b2a932001355 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 16:19:55 2022 -0700 Missed a submodule checkout commit 99ddee84ab05f5d5f37ad30a31d18dd7c72050c9 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:47:57 2022 -0700 Standardize on 'main' as branch name commit 0f90a0b77958b3978b6be3997a09ea5cb9b1bd6b Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:47:38 2022 -0700 Make everything use checkout@v3 commit 2de2235ad3803a978e150fca8d38182eb6ed7a9e Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:46:13 2022 -0700 Merge another test workflow commit 971c3fd9eb5f7d80088caaf5647a74b82d40b860 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:42:52 2022 -0700 Merge another test workflow commit 0910d977fc68082220d493bef07bc9d5f2265fc7 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:42:25 2022 -0700 Merge another test workflow commit 8953a88abecc66ea7811766b46aff6a5fd767124 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:42:10 2022 -0700 Add first test workflow commit 3bd8b12ec08910b2609cdfc843474d5b83ff7dbc Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:41:57 2022 -0700 Merge another style workflow commit fe460400ed2259af7e17f5ff51742137623e9e8e Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:41:00 2022 -0700 Merge another style workflow commit bc3f55118617b5ffe1ea479c4f6d7d2167b86d36 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:40:29 2022 -0700 Add first style workflow commit 05dd4680bf90603c70cb7cd406299675441fe59d Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:39:59 2022 -0700 Merge another os-check workflow commit 92379c862376607f7caca04e470c09671922f238 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:39:09 2022 -0700 Add first os-check workflow commit c74ee968a1aafec9e839dee907f0137e6356feff Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:38:56 2022 -0700 Add (only) no-std workflow commit e6ef8e3166b93c22af938872a547e104f2601587 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:38:01 2022 -0700 Merge another msrv workflow commit 1113c895d862ce860c82596cac973ad075ef1ac6 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:37:31 2022 -0700 Merge another msrv workflow commit b60aa5589ac569446a5128453983dee9bb504666 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:37:03 2022 -0700 Merge another msrv workflow commit 9b48ae326374d8d8609a65649026fa09f8a68c7f Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:36:43 2022 -0700 Add first msrv workflow commit 77079d77cb4aa288bda667917667cfaee87bd361 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:36:29 2022 -0700 Add (only) miri workflow commit c65a7c4f87be9ddea9e34eb254f3b6d5933db4ef Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:35:09 2022 -0700 Add first minial workflow commit bf66d94f15b7288f417cfae0eab6542e2e100daf Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:34:43 2022 -0700 Add (only) LSAN workflow commit f67cad0f915deebcdf7ceb89ffdd0925bc910153 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:34:34 2022 -0700 Add (only) loom workflow commit d8c8a99dea99b437eefc56e5b873a863a4446c51 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:33:48 2022 -0700 Merge another features workflow commit 043eb24611b5272a04082d63566837a9efbc71e9 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:32:58 2022 -0700 Merge another features workflow commit 922692a2977a4c93786a0ecbe11fc01501361aad Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:32:32 2022 -0700 Merge another features workflow commit 225ad3978688c093f4670ec04352d465076f39d3 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:31:58 2022 -0700 Add first features workflow commit 1fe2a6d008275efaff56200b8fba5ecc252aa970 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:31:17 2022 -0700 Merge another coverage.yml commit fe6ba380bd39c665e9d9a2153b2dc5287fe25cae Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:29:55 2022 -0700 Merge another coverage.yml commit bbdbd96ec709e3cc83a081cf821fdfffce85ecb5 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:27:38 2022 -0700 Add first coverage workflow commit 11027d3f75ced20536b99225edccf34f286dd4e0 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:27:27 2022 -0700 Add (only) ASAN workflow commit 126c9a3a35d5ac428c22883d36f0aac69d2e20e9 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:25:23 2022 -0700 Place codecov config under .github commit b32648cabb5862b0814ab0abd6d5c81498758270 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:24:02 2022 -0700 Merge another codecov commit 510b69615dd47cb63584976512cb95b265cb22bf Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:23:03 2022 -0700 Merge another codecov commit 7f34f791c0a5c3f2c2ce2ed7e43ff12ed123c62c Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:22:18 2022 -0700 Merge another codecov commit 1b8c3056e6a015949896ca20815719930ec48051 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:21:57 2022 -0700 Merge another codecov commit 1c486b2c73cb2ae896dd77e0f0ec060a47f15cd7 Author: Jon Gjengset <jon@thesquareplanet.com> Date: Sat Sep 17 12:10:07 2022 -0700 Add one codecov
simonrw
pushed a commit
to simonrw/rynamodb
that referenced
this pull request
Mar 16, 2023
Wasabi375
pushed a commit
to Wasabi375/mut-binary-heap
that referenced
this pull request
Mar 18, 2023
Wasabi375
pushed a commit
to Wasabi375/mut-binary-heap
that referenced
this pull request
Mar 18, 2023
Wasabi375
pushed a commit
to Wasabi375/mut-binary-heap
that referenced
this pull request
Mar 18, 2023
Wasabi375
pushed a commit
to Wasabi375/mut-binary-heap
that referenced
this pull request
Mar 18, 2023
CyberHoward
pushed a commit
to AbstractSDK/apps
that referenced
this pull request
Mar 24, 2023
c-git
pushed a commit
to wykies/rust-ci-conf
that referenced
this pull request
Sep 3, 2023
carloskiki
added a commit
to carloskiki/leptos-icons
that referenced
this pull request
Oct 8, 2023
* Add one codecov * Merge another codecov * Merge another codecov * Merge another codecov * Merge another codecov * Place codecov config under .github * Add (only) ASAN workflow * Add first coverage workflow * Merge another coverage.yml * Merge another coverage.yml * Add first features workflow * Merge another features workflow * Merge another features workflow * Merge another features workflow * Add (only) loom workflow * Add (only) LSAN workflow * Add first minial workflow * Add (only) miri workflow * Add first msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Add (only) no-std workflow * Add first os-check workflow * Merge another os-check workflow * Add first style workflow * Merge another style workflow * Merge another style workflow * Add first test workflow * Merge another test workflow * Merge another test workflow * Merge another test workflow * Make everything use checkout@v3 * Standardize on 'main' as branch name * Missed a submodule checkout * Add TODOs from twitter thread * Practice what you preach * mv github .github This should make it possible to have rust-ci-conf as a remote you merge from. * Merge safety workflows * Catch upcoming deprecations * More concise name for scheduled jobs * Allow examples and binaries to require features * Use dependabot, but only for major versions * ignore is a list * Notify if actions themselves are outdated * Bump codecov/codecov-action from 2 to 3 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v2...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Move to maintained rust installer See actions-rs/toolchain#216 * Fix install message for msrv * Get rid of most actions-rs bits Given that that project is unmaintained. actions-rs/toolchain#216 * Minimal token permissions See tokio-rs/tokio#5072 * Remove -Zmiri-tag-raw-pointers as it's now default * Unbreak cargo hack for non-libraries (#4) * Add action to run doctest. (#3) `cargo test --all-features` does not run doc-tests. For more information see rust-lang/cargo#6669. * chore: automatically cancel superseded Actions runs (#5) * [sanity] More robust injection of opt-level 1 (#9) Fixes #8 * Quote MSRV version to avoid float parsing (#11) Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float? Putting in quotes seems to do the right thing here * Install Openssl for Windows (#12) * Don't install OpenSSL on Windows by default * Bump actions/checkout from 3 to 4 (#13) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jon Gjengset <jon@thesquareplanet.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tudyx <56633664+Tudyx@users.noreply.github.com> Co-authored-by: Burkhard Mittelbach <wasabi37a@googlemail.com> Co-authored-by: Simen Bekkhus <sbekkhus91@gmail.com> Co-authored-by: James Chacon <chacon.james@gmail.com> Co-authored-by: Rod Elias <rodiney@gmail.com>
0x61nas
pushed a commit
to 0x61nas/lqth
that referenced
this pull request
Dec 12, 2023
0x61nas
added a commit
to 0x61nas/lqth
that referenced
this pull request
Dec 12, 2023
* Add one codecov * Merge another codecov * Merge another codecov * Merge another codecov * Merge another codecov * Place codecov config under .github * Add (only) ASAN workflow * Add first coverage workflow * Merge another coverage.yml * Merge another coverage.yml * Add first features workflow * Merge another features workflow * Merge another features workflow * Merge another features workflow * Add (only) loom workflow * Add (only) LSAN workflow * Add first minial workflow * Add (only) miri workflow * Add first msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Add (only) no-std workflow * Add first os-check workflow * Merge another os-check workflow * Add first style workflow * Merge another style workflow * Merge another style workflow * Add first test workflow * Merge another test workflow * Merge another test workflow * Merge another test workflow * Make everything use checkout@v3 * Standardize on 'main' as branch name * Missed a submodule checkout * Add TODOs from twitter thread * Practice what you preach * mv github .github This should make it possible to have rust-ci-conf as a remote you merge from. * Merge safety workflows * Catch upcoming deprecations * More concise name for scheduled jobs * Allow examples and binaries to require features * Use dependabot, but only for major versions * ignore is a list * Notify if actions themselves are outdated * Bump codecov/codecov-action from 2 to 3 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v2...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Move to maintained rust installer See actions-rs/toolchain#216 * Fix install message for msrv * Get rid of most actions-rs bits Given that that project is unmaintained. actions-rs/toolchain#216 * Minimal token permissions See tokio-rs/tokio#5072 * Remove -Zmiri-tag-raw-pointers as it's now default * Unbreak cargo hack for non-libraries (#4) * Add action to run doctest. (#3) `cargo test --all-features` does not run doc-tests. For more information see rust-lang/cargo#6669. * chore: automatically cancel superseded Actions runs (#5) * [sanity] More robust injection of opt-level 1 (#9) Fixes #8 * Quote MSRV version to avoid float parsing (#11) Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float? Putting in quotes seems to do the right thing here * Install Openssl for Windows (#12) * Don't install OpenSSL on Windows by default * Bump actions/checkout from 3 to 4 (#13) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: Add documentation based on the youtube video (#10) * Nit: Selecting direct minimal versions flag is -Zdirect-minimal-versions (#16) * Add one codecov * Merge another codecov * Merge another codecov * Merge another codecov * Merge another codecov * Place codecov config under .github * Add (only) ASAN workflow * Add first coverage workflow * Merge another coverage.yml * Merge another coverage.yml * Add first features workflow * Merge another features workflow * Merge another features workflow * Merge another features workflow * Add (only) loom workflow * Add (only) LSAN workflow * Add first minial workflow * Add (only) miri workflow * Add first msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Merge another msrv workflow * Add (only) no-std workflow * Add first os-check workflow * Merge another os-check workflow * Add first style workflow * Merge another style workflow * Merge another style workflow * Add first test workflow * Merge another test workflow * Merge another test workflow * Merge another test workflow * Make everything use checkout@v3 * Standardize on 'main' as branch name * Missed a submodule checkout * Add TODOs from twitter thread * Practice what you preach * mv github .github This should make it possible to have rust-ci-conf as a remote you merge from. * Merge safety workflows * Catch upcoming deprecations * More concise name for scheduled jobs * Allow examples and binaries to require features * Use dependabot, but only for major versions * ignore is a list * Notify if actions themselves are outdated * Bump codecov/codecov-action from 2 to 3 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v2...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Move to maintained rust installer See actions-rs/toolchain#216 * Fix install message for msrv * Get rid of most actions-rs bits Given that that project is unmaintained. actions-rs/toolchain#216 * Minimal token permissions See tokio-rs/tokio#5072 * Remove -Zmiri-tag-raw-pointers as it's now default * Unbreak cargo hack for non-libraries (#4) * Add action to run doctest. (#3) `cargo test --all-features` does not run doc-tests. For more information see rust-lang/cargo#6669. * chore: automatically cancel superseded Actions runs (#5) * [sanity] More robust injection of opt-level 1 (#9) Fixes #8 * Quote MSRV version to avoid float parsing (#11) Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float? Putting in quotes seems to do the right thing here * Install Openssl for Windows (#12) * Don't install OpenSSL on Windows by default * Bump actions/checkout from 3 to 4 (#13) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: Add documentation based on the youtube video (#10) * Nit: Selecting direct minimal versions flag is -Zdirect-minimal-versions (#16) * chore(github): create the code owners file * chore(github): add the funding methods * chore(github): create the issue templates * chore(github): create the PR template * chore(mergify): create `mergify` config * chore(github): remove the `nostd` workflow * chore(github): remove the `os-check` step and updated the branch name * chore(github): create the CI workflow * chore(github): update the branch name * fix(workflow): disable the loom step for now * fix(minimal-versions): set the minimal versoin of `thiserror` at 1.0.2 * fix(workflow): update the minimal rust version * chore(codespell): create the codespell ignore file * fix(workflow): don't try to build on windows or macos * docs: fix typos * chore(codespell): ignore `crate` * fix(workflow): install X11 * fix(workflow): fix typos * chore(mergify): disable the Dbpndabot rule * chore(github): remove the CI workflow * chore(github): add lint step to the test workflow --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jon Gjengset <jon@thesquareplanet.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tudyx <56633664+Tudyx@users.noreply.github.com> Co-authored-by: Burkhard Mittelbach <wasabi37a@googlemail.com> Co-authored-by: Simen Bekkhus <sbekkhus91@gmail.com> Co-authored-by: James Chacon <chacon.james@gmail.com> Co-authored-by: Rod Elias <rodiney@gmail.com> Co-authored-by: Josh McKinney <joshka@users.noreply.github.com> Co-authored-by: Mathias Pius <g+github@pius.io>
0x61nas
pushed a commit
to 0x61nas/aarty
that referenced
this pull request
Jan 29, 2024
wfxr
pushed a commit
to wfxr/rlt
that referenced
this pull request
Mar 26, 2024
Merge another codecov Merge another codecov Merge another codecov Merge another codecov Place codecov config under .github Add (only) ASAN workflow Add first coverage workflow Merge another coverage.yml Merge another coverage.yml Add first features workflow Merge another features workflow Merge another features workflow Merge another features workflow Add (only) loom workflow Add (only) LSAN workflow Add first minial workflow Add (only) miri workflow Add first msrv workflow Merge another msrv workflow Merge another msrv workflow Merge another msrv workflow Add (only) no-std workflow Add first os-check workflow Merge another os-check workflow Add first style workflow Merge another style workflow Merge another style workflow Add first test workflow Merge another test workflow Merge another test workflow Merge another test workflow Make everything use checkout@v3 Standardize on 'main' as branch name Missed a submodule checkout Add TODOs from twitter thread Practice what you preach mv github .github This should make it possible to have rust-ci-conf as a remote you merge from. Merge safety workflows Catch upcoming deprecations More concise name for scheduled jobs Allow examples and binaries to require features Use dependabot, but only for major versions ignore is a list Notify if actions themselves are outdated Bump codecov/codecov-action from 2 to 3 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v2...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Move to maintained rust installer See actions-rs/toolchain#216 Fix install message for msrv Get rid of most actions-rs bits Given that that project is unmaintained. actions-rs/toolchain#216 Minimal token permissions See tokio-rs/tokio#5072 Remove -Zmiri-tag-raw-pointers as it's now default Unbreak cargo hack for non-libraries (#4) Add action to run doctest. (#3) `cargo test --all-features` does not run doc-tests. For more information see rust-lang/cargo#6669. chore: automatically cancel superseded Actions runs (#5) [sanity] More robust injection of opt-level 1 (#9) Fixes #8 Quote MSRV version to avoid float parsing (#11) Put 1.70 in there (for instance if you want to pin against OnceLock stabilizing) and it will actually test 1.7 as it appears github auto converts this to a float? Putting in quotes seems to do the right thing here Install Openssl for Windows (#12) Don't install OpenSSL on Windows by default Bump actions/checkout from 3 to 4 (#13) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> docs: Add documentation based on the youtube video (#10) Nit: Selecting direct minimal versions flag is -Zdirect-minimal-versions (#16) chore: fix typos (#17) Remove stray trailing whitespace replace actions-rs/clippy-check with giraffate/clippy-action (#19) Co-authored-by: rtkay123 <dev@kanjala.com> Semi-breaking: update codecov action Note: this requires adding `CODECOV_TOKEN` to your GitHub repository's secrets! See associated comment in the commit content. Uniform capitalization
dougEfresh
pushed a commit
to dougEfresh/fireblocks-sdk-rs
that referenced
this pull request
Apr 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflows using secure-workflows.
The GitHub Actions workflow has a GITHUB_TOKEN with write access to multiple scopes. Here is an example of the permissions in one of the workflow runs:
https://github.com/tokio-rs/tokio/actions/runs/3169751968/jobs/5161876737#step:1:19
After this change, the scopes will be reduced to the minimum needed for the following workflows:
Motivation and Context
Signed-off-by: Ashish Kurmi akurmi@stepsecurity.io