From 8b4140aec19a04e71e1db0177327581f09d540e3 Mon Sep 17 00:00:00 2001 From: Torsten Knodt <191793499+torsknod2@users.noreply.github.com> Date: Sun, 26 Jan 2025 16:44:57 +0000 Subject: [PATCH 1/3] Hopefully closes #43 --- .github/workflows/ci.yml | 21 ++++++++++++--------- .github/workflows/dependency-review.yml | 5 +++-- .github/workflows/flawfinder.yml | 5 ++--- .github/workflows/msvc.yml | 3 +-- .github/workflows/ossf-scorecard.yml | 4 ++-- 5 files changed, 20 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9e5e130..f980d52 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,17 +29,19 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref || github.run_id}} cancel-in-progress: true -permissions: - actions: read - checks: write - contents: read - id-token: write - packages: write - pages: write - security-events: write +permissions: {} jobs: build: + permissions: + actions: read + checks: write + contents: read + packages: write + #pages: write + pull-requests: write + security-events: write + strategy: matrix: CMAKE_C_COMPILER: @@ -68,7 +70,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - - name: Set up apt cache + - name: Set up apt cacheactions/upload-artifact uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: | @@ -158,6 +160,7 @@ jobs: uses: mikepenz/action-junit-report@62516aa379bff6370c95fd5894d5a27fb6619d9b if: success() || failure() with: + comment: true report_paths: build/GTestOutputDir/**/*.junit.xml fail_on_failure: true include_passed: true diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 388830f..a4ae417 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -9,11 +9,12 @@ name: 'Dependency Review' on: [pull_request, workflow_dispatch] -permissions: - contents: read +permissions: {} jobs: dependency-review: + permissions: + contents: read runs-on: ubuntu-latest steps: - name: Harden Runner diff --git a/.github/workflows/flawfinder.yml b/.github/workflows/flawfinder.yml index 51bed53..c9fc1e8 100644 --- a/.github/workflows/flawfinder.yml +++ b/.github/workflows/flawfinder.yml @@ -16,13 +16,12 @@ on: - '*' workflow_dispatch: +permissions: {} + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref || github.run_id}} cancel-in-progress: true -permissions: - contents: read - jobs: flawfinder: name: Flawfinder diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index 1d2ea26..b4b59da 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -27,8 +27,7 @@ env: # Path to the CMake build directory. build: '${{ github.workspace }}/build' -permissions: - contents: read +permissions: {} jobs: analyze: diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 1edd8e1..2731e4a 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -10,14 +10,14 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref || github.run_id}} cancel-in-progress: true -permissions: - contents: read +permissions: {} jobs: analysis: name: Scorecard analysis runs-on: ubuntu-latest permissions: + contents: read # Needed for Code scanning upload security-events: write # Needed for GitHub OIDC token if publish_results is true From 4c4355a58a547313f03197d8eca55861d2c9b195 Mon Sep 17 00:00:00 2001 From: Torsten Marco Knodt <191793499+torsknod2@users.noreply.github.com> Date: Sun, 26 Jan 2025 17:52:37 +0100 Subject: [PATCH 2/3] Update .github/workflows/ci.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Signed-off-by: Torsten Marco Knodt <191793499+torsknod2@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f980d52..2649bda 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,7 +70,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - - name: Set up apt cacheactions/upload-artifact + - name: Set up apt cache uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: | From 5347fb9d24df8f9601601debe5cb101452e4aff6 Mon Sep 17 00:00:00 2001 From: Torsten Marco Knodt <191793499+torsknod2@users.noreply.github.com> Date: Sun, 26 Jan 2025 17:53:13 +0100 Subject: [PATCH 3/3] Update .github/workflows/ci.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Signed-off-by: Torsten Marco Knodt <191793499+torsknod2@users.noreply.github.com> --- .github/workflows/ci.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2649bda..a47ffcc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,10 +38,9 @@ jobs: checks: write contents: read packages: write - #pages: write - pull-requests: write + # pages: write + pull-requests: write # Needed for test results comments security-events: write - strategy: matrix: CMAKE_C_COMPILER: