Skip to content

Commit 4fbbd94

Browse files
authored
ci: Add actionci.yml (#1578)
* Add zizmor and frizbee CI checks
1 parent a0e8aa1 commit 4fbbd94

4 files changed

Lines changed: 44 additions & 18 deletions

File tree

.github/workflows/actionci.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
name: Action CI
2+
3+
on:
4+
push:
5+
tags-ignore:
6+
- 'v*'
7+
branches:
8+
- "master"
9+
pull_request:
10+
workflow_call:
11+
12+
concurrency:
13+
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
14+
cancel-in-progress: true
15+
16+
jobs:
17+
actionci:
18+
permissions:
19+
contents: read
20+
security-events: write
21+
uses: smallstep/workflows/.github/workflows/actionci.yml@main
22+
secrets: inherit

.github/workflows/actionlint.yml

Lines changed: 0 additions & 17 deletions
This file was deleted.

.github/workflows/release.yml

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ on:
66
tags:
77
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
88

9+
permissions:
10+
contents: write
11+
912
jobs:
1013
ci:
1114
permissions:
@@ -17,6 +20,8 @@ jobs:
1720

1821
create_release:
1922
name: Create Release
23+
permissions:
24+
contents: write
2025
needs: ci
2126
runs-on: ubuntu-latest
2227
env:
@@ -31,9 +36,11 @@ jobs:
3136
steps:
3237
- name: Is Pre-release
3338
id: is_prerelease
39+
env:
40+
REF: ${{ github.ref }}
3441
run: |
3542
set +e
36-
echo ${{ github.ref }} | grep "\-rc.*"
43+
echo "${REF}" | grep "\-rc.*"
3744
OUT=$?
3845
if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi
3946
echo "IS_PRERELEASE=${IS_PRERELEASE}" >> "${GITHUB_OUTPUT}"
@@ -106,6 +113,8 @@ jobs:
106113

107114
update_reference_docs:
108115
name: Update Reference Docs
116+
permissions:
117+
contents: read
109118
runs-on: ubuntu-latest
110119
needs: create_release
111120
if: needs.create_release.outputs.is_prerelease == 'false'

.github/zizmor.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
rules:
2+
unpinned-uses:
3+
config:
4+
policies:
5+
"smallstep/*": ref-pin
6+
secrets-inherit:
7+
disable: true
8+
ref-confusion:
9+
disable: true
10+
dangerous-triggers:
11+
ignore:
12+
- triage.yml

0 commit comments

Comments
 (0)