mirror of
https://github.com/coder/coder.git
synced 2025-07-10 23:53:15 +00:00
chore: use commit sha for GitHub actions (#15019)
Use specific commit SHAs for GitHub actions across various workflows to enhance reliability and reproducibility. This change ensures that actions run against a known version, reducing the risk of unexpected issues due to updates in the third-party action repositories. This contributes to improving the score in #14879
This commit is contained in:
committed by
GitHub
parent
208ed1efd7
commit
57a65c15bf
2
.github/actions/setup-go/action.yaml
vendored
2
.github/actions/setup-go/action.yaml
vendored
@ -9,7 +9,7 @@ runs:
|
|||||||
using: "composite"
|
using: "composite"
|
||||||
steps:
|
steps:
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: actions/setup-go@v5
|
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
||||||
with:
|
with:
|
||||||
go-version: ${{ inputs.version }}
|
go-version: ${{ inputs.version }}
|
||||||
|
|
||||||
|
8
.github/actions/setup-node/action.yaml
vendored
8
.github/actions/setup-node/action.yaml
vendored
@ -11,16 +11,16 @@ runs:
|
|||||||
using: "composite"
|
using: "composite"
|
||||||
steps:
|
steps:
|
||||||
- name: Install pnpm
|
- name: Install pnpm
|
||||||
uses: pnpm/action-setup@v3
|
uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
|
||||||
with:
|
|
||||||
version: 9.6
|
|
||||||
- name: Setup Node
|
- name: Setup Node
|
||||||
uses: actions/setup-node@v4.0.3
|
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
|
||||||
with:
|
with:
|
||||||
node-version: 20.16.0
|
node-version: 20.16.0
|
||||||
# See https://github.com/actions/setup-node#caching-global-packages-data
|
# See https://github.com/actions/setup-node#caching-global-packages-data
|
||||||
cache: "pnpm"
|
cache: "pnpm"
|
||||||
cache-dependency-path: ${{ inputs.directory }}/pnpm-lock.yaml
|
cache-dependency-path: ${{ inputs.directory }}/pnpm-lock.yaml
|
||||||
|
|
||||||
- name: Install root node_modules
|
- name: Install root node_modules
|
||||||
shell: bash
|
shell: bash
|
||||||
run: ./scripts/pnpm_install.sh
|
run: ./scripts/pnpm_install.sh
|
||||||
|
2
.github/actions/setup-sqlc/action.yaml
vendored
2
.github/actions/setup-sqlc/action.yaml
vendored
@ -5,6 +5,6 @@ runs:
|
|||||||
using: "composite"
|
using: "composite"
|
||||||
steps:
|
steps:
|
||||||
- name: Setup sqlc
|
- name: Setup sqlc
|
||||||
uses: sqlc-dev/setup-sqlc@v4
|
uses: sqlc-dev/setup-sqlc@c0209b9199cd1cce6a14fc27cabcec491b651761 # v4.0.0
|
||||||
with:
|
with:
|
||||||
sqlc-version: "1.25.0"
|
sqlc-version: "1.25.0"
|
||||||
|
2
.github/actions/setup-tf/action.yaml
vendored
2
.github/actions/setup-tf/action.yaml
vendored
@ -5,7 +5,7 @@ runs:
|
|||||||
using: "composite"
|
using: "composite"
|
||||||
steps:
|
steps:
|
||||||
- name: Install Terraform
|
- name: Install Terraform
|
||||||
uses: hashicorp/setup-terraform@v3
|
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
|
||||||
with:
|
with:
|
||||||
terraform_version: 1.9.2
|
terraform_version: 1.9.2
|
||||||
terraform_wrapper: false
|
terraform_wrapper: false
|
||||||
|
3
.github/actions/upload-datadog/action.yaml
vendored
3
.github/actions/upload-datadog/action.yaml
vendored
@ -1,5 +1,6 @@
|
|||||||
name: Upload tests to datadog
|
name: Upload tests to datadog
|
||||||
if: always()
|
description: |
|
||||||
|
Uploads the test results to datadog.
|
||||||
inputs:
|
inputs:
|
||||||
api-key:
|
api-key:
|
||||||
description: "Datadog API key"
|
description: "Datadog API key"
|
||||||
|
72
.github/workflows/ci.yaml
vendored
72
.github/workflows/ci.yaml
vendored
@ -43,12 +43,12 @@ jobs:
|
|||||||
tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
|
tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
# For pull requests it's not necessary to checkout the code
|
# For pull requests it's not necessary to checkout the code
|
||||||
- name: check changed files
|
- name: check changed files
|
||||||
uses: dorny/paths-filter@v3
|
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
|
||||||
id: filter
|
id: filter
|
||||||
with:
|
with:
|
||||||
filters: |
|
filters: |
|
||||||
@ -125,7 +125,7 @@ jobs:
|
|||||||
# runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
|
# runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
|
||||||
# steps:
|
# steps:
|
||||||
# - name: Checkout
|
# - name: Checkout
|
||||||
# uses: actions/checkout@v4
|
# uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
# with:
|
# with:
|
||||||
# fetch-depth: 1
|
# fetch-depth: 1
|
||||||
# # See: https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
|
# # See: https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
|
||||||
@ -138,7 +138,7 @@ jobs:
|
|||||||
# run: ./scripts/update-flake.sh
|
# run: ./scripts/update-flake.sh
|
||||||
|
|
||||||
# # auto update flake for dependabot
|
# # auto update flake for dependabot
|
||||||
# - uses: stefanzweifel/git-auto-commit-action@v5
|
# - uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
|
||||||
# if: github.actor == 'dependabot[bot]'
|
# if: github.actor == 'dependabot[bot]'
|
||||||
# with:
|
# with:
|
||||||
# # Allows dependabot to still rebase!
|
# # Allows dependabot to still rebase!
|
||||||
@ -158,7 +158,7 @@ jobs:
|
|||||||
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
|
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -176,7 +176,7 @@ jobs:
|
|||||||
echo "LINT_CACHE_DIR=$dir" >> $GITHUB_ENV
|
echo "LINT_CACHE_DIR=$dir" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: golangci-lint cache
|
- name: golangci-lint cache
|
||||||
uses: actions/cache@v4
|
uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0
|
||||||
with:
|
with:
|
||||||
path: |
|
path: |
|
||||||
${{ env.LINT_CACHE_DIR }}
|
${{ env.LINT_CACHE_DIR }}
|
||||||
@ -186,7 +186,7 @@ jobs:
|
|||||||
|
|
||||||
# Check for any typos
|
# Check for any typos
|
||||||
- name: Check for typos
|
- name: Check for typos
|
||||||
uses: crate-ci/typos@v1.26.0
|
uses: crate-ci/typos@6802cc60d4e7f78b9d5454f6cf3935c042d5e1e3 # v1.26.0
|
||||||
with:
|
with:
|
||||||
config: .github/workflows/typos.toml
|
config: .github/workflows/typos.toml
|
||||||
|
|
||||||
@ -199,7 +199,7 @@ jobs:
|
|||||||
|
|
||||||
# Needed for helm chart linting
|
# Needed for helm chart linting
|
||||||
- name: Install helm
|
- name: Install helm
|
||||||
uses: azure/setup-helm@v4
|
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
|
||||||
with:
|
with:
|
||||||
version: v3.9.2
|
version: v3.9.2
|
||||||
|
|
||||||
@ -220,7 +220,7 @@ jobs:
|
|||||||
if: needs.changes.outputs.docs-only == 'false' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
|
if: needs.changes.outputs.docs-only == 'false' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -269,7 +269,7 @@ jobs:
|
|||||||
timeout-minutes: 7
|
timeout-minutes: 7
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -305,7 +305,7 @@ jobs:
|
|||||||
- windows-2022
|
- windows-2022
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -359,7 +359,7 @@ jobs:
|
|||||||
timeout-minutes: 25
|
timeout-minutes: 25
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -399,7 +399,7 @@ jobs:
|
|||||||
timeout-minutes: 25
|
timeout-minutes: 25
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -431,7 +431,7 @@ jobs:
|
|||||||
timeout-minutes: 25
|
timeout-minutes: 25
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -467,7 +467,7 @@ jobs:
|
|||||||
timeout-minutes: 20
|
timeout-minutes: 20
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -488,7 +488,7 @@ jobs:
|
|||||||
timeout-minutes: 20
|
timeout-minutes: 20
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -515,7 +515,7 @@ jobs:
|
|||||||
name: ${{ matrix.variant.name }}
|
name: ${{ matrix.variant.name }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
@ -556,7 +556,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Upload Playwright Failed Tests
|
- name: Upload Playwright Failed Tests
|
||||||
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
|
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
|
||||||
with:
|
with:
|
||||||
name: failed-test-videos${{ matrix.variant.enterprise && '-enterprise' || '-agpl' }}
|
name: failed-test-videos${{ matrix.variant.enterprise && '-enterprise' || '-agpl' }}
|
||||||
path: ./site/test-results/**/*.webm
|
path: ./site/test-results/**/*.webm
|
||||||
@ -564,7 +564,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Upload pprof dumps
|
- name: Upload pprof dumps
|
||||||
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
|
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
|
||||||
with:
|
with:
|
||||||
name: debug-pprof-dumps${{ matrix.variant.enterprise && '-enterprise' || '-agpl' }}
|
name: debug-pprof-dumps${{ matrix.variant.enterprise && '-enterprise' || '-agpl' }}
|
||||||
path: ./site/test-results/**/debug-pprof-*.txt
|
path: ./site/test-results/**/debug-pprof-*.txt
|
||||||
@ -577,7 +577,7 @@ jobs:
|
|||||||
if: needs.changes.outputs.ts == 'true' || needs.changes.outputs.ci == 'true'
|
if: needs.changes.outputs.ts == 'true' || needs.changes.outputs.ci == 'true'
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
# Required by Chromatic for build-over-build history, otherwise we
|
# Required by Chromatic for build-over-build history, otherwise we
|
||||||
# only get 1 commit on shallow checkout.
|
# only get 1 commit on shallow checkout.
|
||||||
@ -591,7 +591,7 @@ jobs:
|
|||||||
# the check to pass. This is desired in PRs, but not in mainline.
|
# the check to pass. This is desired in PRs, but not in mainline.
|
||||||
- name: Publish to Chromatic (non-mainline)
|
- name: Publish to Chromatic (non-mainline)
|
||||||
if: github.ref != 'refs/heads/main' && github.repository_owner == 'coder'
|
if: github.ref != 'refs/heads/main' && github.repository_owner == 'coder'
|
||||||
uses: chromaui/action@v10
|
uses: chromaui/action@30b6228aa809059d46219e0f556752e8672a7e26 # v11.11.0
|
||||||
env:
|
env:
|
||||||
NODE_OPTIONS: "--max_old_space_size=4096"
|
NODE_OPTIONS: "--max_old_space_size=4096"
|
||||||
STORYBOOK: true
|
STORYBOOK: true
|
||||||
@ -622,7 +622,7 @@ jobs:
|
|||||||
# infinitely "in progress" in mainline unless we re-review each build.
|
# infinitely "in progress" in mainline unless we re-review each build.
|
||||||
- name: Publish to Chromatic (mainline)
|
- name: Publish to Chromatic (mainline)
|
||||||
if: github.ref == 'refs/heads/main' && github.repository_owner == 'coder'
|
if: github.ref == 'refs/heads/main' && github.repository_owner == 'coder'
|
||||||
uses: chromaui/action@v10
|
uses: chromaui/action@30b6228aa809059d46219e0f556752e8672a7e26 # v11.11.0
|
||||||
env:
|
env:
|
||||||
NODE_OPTIONS: "--max_old_space_size=4096"
|
NODE_OPTIONS: "--max_old_space_size=4096"
|
||||||
STORYBOOK: true
|
STORYBOOK: true
|
||||||
@ -649,7 +649,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
# 0 is required here for version.sh to work.
|
# 0 is required here for version.sh to work.
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
@ -750,12 +750,12 @@ jobs:
|
|||||||
IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
|
IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: GHCR Login
|
- name: GHCR Login
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
@ -830,7 +830,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Prune old images
|
- name: Prune old images
|
||||||
if: github.ref == 'refs/heads/main'
|
if: github.ref == 'refs/heads/main'
|
||||||
uses: vlaurin/action-ghcr-prune@v0.6.0
|
uses: vlaurin/action-ghcr-prune@0cf7d39f88546edd31965acba78cdcb0be14d641 # v0.6.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
organization: coder
|
organization: coder
|
||||||
@ -845,7 +845,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Upload build artifacts
|
- name: Upload build artifacts
|
||||||
if: github.ref == 'refs/heads/main'
|
if: github.ref == 'refs/heads/main'
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
|
||||||
with:
|
with:
|
||||||
name: coder
|
name: coder
|
||||||
path: |
|
path: |
|
||||||
@ -869,27 +869,27 @@ jobs:
|
|||||||
id-token: write
|
id-token: write
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Authenticate to Google Cloud
|
- name: Authenticate to Google Cloud
|
||||||
uses: google-github-actions/auth@v2
|
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
|
||||||
with:
|
with:
|
||||||
workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
|
workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
|
||||||
service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
|
service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
|
||||||
|
|
||||||
- name: Set up Google Cloud SDK
|
- name: Set up Google Cloud SDK
|
||||||
uses: google-github-actions/setup-gcloud@v2
|
uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1
|
||||||
|
|
||||||
- name: Set up Flux CLI
|
- name: Set up Flux CLI
|
||||||
uses: fluxcd/flux2/action@main
|
uses: fluxcd/flux2/action@9b3958825a314eb79495c6993ef397ddbf87f32f # v2.2.1
|
||||||
with:
|
with:
|
||||||
# Keep this up to date with the version of flux installed in dogfood cluster
|
# Keep this and the github action up to date with the version of flux installed in dogfood cluster
|
||||||
version: "2.2.1"
|
version: "2.2.1"
|
||||||
|
|
||||||
- name: Get Cluster Credentials
|
- name: Get Cluster Credentials
|
||||||
uses: "google-github-actions/get-gke-credentials@v2"
|
uses: google-github-actions/get-gke-credentials@6051de21ad50fbb1767bc93c11357a49082ad116 # v2.2.1
|
||||||
with:
|
with:
|
||||||
cluster_name: dogfood-v2
|
cluster_name: dogfood-v2
|
||||||
location: us-central1-a
|
location: us-central1-a
|
||||||
@ -926,12 +926,12 @@ jobs:
|
|||||||
if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
|
if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Setup flyctl
|
- name: Setup flyctl
|
||||||
uses: superfly/flyctl-actions/setup-flyctl@master
|
uses: superfly/flyctl-actions/setup-flyctl@fc53c09e1bc3be6f54706524e3b82c4f462f77be # v1.5
|
||||||
|
|
||||||
- name: Deploy workspace proxies
|
- name: Deploy workspace proxies
|
||||||
run: |
|
run: |
|
||||||
@ -956,7 +956,7 @@ jobs:
|
|||||||
if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
|
if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
# We need golang to run the migration main.go
|
# We need golang to run the migration main.go
|
||||||
|
6
.github/workflows/contrib.yaml
vendored
6
.github/workflows/contrib.yaml
vendored
@ -28,7 +28,7 @@ jobs:
|
|||||||
pull-requests: write
|
pull-requests: write
|
||||||
steps:
|
steps:
|
||||||
- name: auto-approve dependabot
|
- name: auto-approve dependabot
|
||||||
uses: hmarr/auto-approve-action@v4
|
uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
|
||||||
if: github.actor == 'dependabot[bot]'
|
if: github.actor == 'dependabot[bot]'
|
||||||
|
|
||||||
cla:
|
cla:
|
||||||
@ -36,7 +36,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- name: cla
|
- name: cla
|
||||||
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
|
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
|
||||||
uses: contributor-assistant/github-action@v2.6.1
|
uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
# the below token should have repo scope and must be manually added by you in the repository's secret
|
# the below token should have repo scope and must be manually added by you in the repository's secret
|
||||||
@ -57,7 +57,7 @@ jobs:
|
|||||||
if: ${{ github.event_name == 'pull_request_target' && !github.event.pull_request.draft }}
|
if: ${{ github.event_name == 'pull_request_target' && !github.event.pull_request.draft }}
|
||||||
steps:
|
steps:
|
||||||
- name: release-labels
|
- name: release-labels
|
||||||
uses: actions/github-script@v7
|
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
||||||
with:
|
with:
|
||||||
# This script ensures PR title and labels are in sync:
|
# This script ensures PR title and labels are in sync:
|
||||||
#
|
#
|
||||||
|
8
.github/workflows/docker-base.yaml
vendored
8
.github/workflows/docker-base.yaml
vendored
@ -37,10 +37,10 @@ jobs:
|
|||||||
if: github.repository_owner == 'coder'
|
if: github.repository_owner == 'coder'
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
|
|
||||||
- name: Docker login
|
- name: Docker login
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
@ -50,11 +50,11 @@ jobs:
|
|||||||
run: mkdir base-build-context
|
run: mkdir base-build-context
|
||||||
|
|
||||||
- name: Install depot.dev CLI
|
- name: Install depot.dev CLI
|
||||||
uses: depot/setup-action@v1
|
uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
|
||||||
|
|
||||||
# This uses OIDC authentication, so no auth variables are required.
|
# This uses OIDC authentication, so no auth variables are required.
|
||||||
- name: Build base Docker image via depot.dev
|
- name: Build base Docker image via depot.dev
|
||||||
uses: depot/build-push-action@v1
|
uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
|
||||||
with:
|
with:
|
||||||
project: wl5hnrrkns
|
project: wl5hnrrkns
|
||||||
context: base-build-context
|
context: base-build-context
|
||||||
|
18
.github/workflows/dogfood.yaml
vendored
18
.github/workflows/dogfood.yaml
vendored
@ -27,11 +27,11 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
|
|
||||||
- name: Get branch name
|
- name: Get branch name
|
||||||
id: branch-name
|
id: branch-name
|
||||||
uses: tj-actions/branch-names@v8
|
uses: tj-actions/branch-names@6871f53176ad61624f978536bbf089c574dc19a2 # v8.0.1
|
||||||
|
|
||||||
- name: "Branch name to Docker tag name"
|
- name: "Branch name to Docker tag name"
|
||||||
id: docker-tag-name
|
id: docker-tag-name
|
||||||
@ -42,20 +42,20 @@ jobs:
|
|||||||
echo "tag=${tag}" >> $GITHUB_OUTPUT
|
echo "tag=${tag}" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Set up Depot CLI
|
- name: Set up Depot CLI
|
||||||
uses: depot/setup-action@v1
|
uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
|
||||||
|
|
||||||
- name: Login to DockerHub
|
- name: Login to DockerHub
|
||||||
if: github.ref == 'refs/heads/main'
|
if: github.ref == 'refs/heads/main'
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||||
|
|
||||||
- name: Build and push Non-Nix image
|
- name: Build and push Non-Nix image
|
||||||
uses: depot/build-push-action@v1
|
uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
|
||||||
with:
|
with:
|
||||||
project: b4q6ltmpzh
|
project: b4q6ltmpzh
|
||||||
token: ${{ secrets.DEPOT_TOKEN }}
|
token: ${{ secrets.DEPOT_TOKEN }}
|
||||||
@ -67,7 +67,7 @@ jobs:
|
|||||||
tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest"
|
tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest"
|
||||||
|
|
||||||
- name: Build and push Nix image
|
- name: Build and push Nix image
|
||||||
uses: depot/build-push-action@v1
|
uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
|
||||||
with:
|
with:
|
||||||
project: b4q6ltmpzh
|
project: b4q6ltmpzh
|
||||||
token: ${{ secrets.DEPOT_TOKEN }}
|
token: ${{ secrets.DEPOT_TOKEN }}
|
||||||
@ -84,13 +84,13 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
|
|
||||||
- name: Setup Terraform
|
- name: Setup Terraform
|
||||||
uses: ./.github/actions/setup-tf
|
uses: ./.github/actions/setup-tf
|
||||||
|
|
||||||
- name: Authenticate to Google Cloud
|
- name: Authenticate to Google Cloud
|
||||||
uses: google-github-actions/auth@v2
|
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
|
||||||
with:
|
with:
|
||||||
workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
|
workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
|
||||||
service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
|
service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
|
||||||
|
4
.github/workflows/nightly-gauntlet.yaml
vendored
4
.github/workflows/nightly-gauntlet.yaml
vendored
@ -17,7 +17,7 @@ jobs:
|
|||||||
timeout-minutes: 240
|
timeout-minutes: 240
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
|
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: ./.github/actions/setup-go
|
uses: ./.github/actions/setup-go
|
||||||
@ -44,7 +44,7 @@ jobs:
|
|||||||
timeout-minutes: 10
|
timeout-minutes: 10
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
|
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: ./.github/actions/setup-go
|
uses: ./.github/actions/setup-go
|
||||||
|
2
.github/workflows/pr-auto-assign.yaml
vendored
2
.github/workflows/pr-auto-assign.yaml
vendored
@ -14,4 +14,4 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Assign author
|
- name: Assign author
|
||||||
uses: toshimaru/auto-author-assign@v2.1.1
|
uses: toshimaru/auto-author-assign@16f0022cf3d7970c106d8d1105f75a1165edb516 # v2.1.1
|
||||||
|
2
.github/workflows/pr-cleanup.yaml
vendored
2
.github/workflows/pr-cleanup.yaml
vendored
@ -26,7 +26,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Delete image
|
- name: Delete image
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
uses: bots-house/ghcr-delete-image-action@v1.1.0
|
uses: bots-house/ghcr-delete-image-action@3827559c68cb4dcdf54d813ea9853be6d468d3a4 # v1.1.0
|
||||||
with:
|
with:
|
||||||
owner: coder
|
owner: coder
|
||||||
name: coder-preview
|
name: coder-preview
|
||||||
|
20
.github/workflows/pr-deploy.yaml
vendored
20
.github/workflows/pr-deploy.yaml
vendored
@ -40,7 +40,7 @@ jobs:
|
|||||||
PR_OPEN: ${{ steps.check_pr.outputs.pr_open }}
|
PR_OPEN: ${{ steps.check_pr.outputs.pr_open }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
|
|
||||||
- name: Check if PR is open
|
- name: Check if PR is open
|
||||||
id: check_pr
|
id: check_pr
|
||||||
@ -70,7 +70,7 @@ jobs:
|
|||||||
runs-on: "ubuntu-latest"
|
runs-on: "ubuntu-latest"
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
@ -119,7 +119,7 @@ jobs:
|
|||||||
echo "NEW=$NEW" >> $GITHUB_OUTPUT
|
echo "NEW=$NEW" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Check changed files
|
- name: Check changed files
|
||||||
uses: dorny/paths-filter@v3
|
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
|
||||||
id: filter
|
id: filter
|
||||||
with:
|
with:
|
||||||
base: ${{ github.ref }}
|
base: ${{ github.ref }}
|
||||||
@ -163,7 +163,7 @@ jobs:
|
|||||||
runs-on: "ubuntu-latest"
|
runs-on: "ubuntu-latest"
|
||||||
steps:
|
steps:
|
||||||
- name: Find Comment
|
- name: Find Comment
|
||||||
uses: peter-evans/find-comment@v3
|
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
|
||||||
id: fc
|
id: fc
|
||||||
with:
|
with:
|
||||||
issue-number: ${{ needs.get_info.outputs.PR_NUMBER }}
|
issue-number: ${{ needs.get_info.outputs.PR_NUMBER }}
|
||||||
@ -173,7 +173,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Comment on PR
|
- name: Comment on PR
|
||||||
id: comment_id
|
id: comment_id
|
||||||
uses: peter-evans/create-or-update-comment@v4
|
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
|
||||||
with:
|
with:
|
||||||
comment-id: ${{ steps.fc.outputs.comment-id }}
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
||||||
issue-number: ${{ needs.get_info.outputs.PR_NUMBER }}
|
issue-number: ${{ needs.get_info.outputs.PR_NUMBER }}
|
||||||
@ -199,7 +199,7 @@ jobs:
|
|||||||
CODER_IMAGE_TAG: ${{ needs.get_info.outputs.CODER_IMAGE_TAG }}
|
CODER_IMAGE_TAG: ${{ needs.get_info.outputs.CODER_IMAGE_TAG }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
@ -213,7 +213,7 @@ jobs:
|
|||||||
uses: ./.github/actions/setup-sqlc
|
uses: ./.github/actions/setup-sqlc
|
||||||
|
|
||||||
- name: GHCR Login
|
- name: GHCR Login
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
@ -294,7 +294,7 @@ jobs:
|
|||||||
kubectl create namespace "pr${{ env.PR_NUMBER }}"
|
kubectl create namespace "pr${{ env.PR_NUMBER }}"
|
||||||
|
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
|
|
||||||
- name: Check and Create Certificate
|
- name: Check and Create Certificate
|
||||||
if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
|
if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
|
||||||
@ -441,7 +441,7 @@ jobs:
|
|||||||
echo "Slack notification sent"
|
echo "Slack notification sent"
|
||||||
|
|
||||||
- name: Find Comment
|
- name: Find Comment
|
||||||
uses: peter-evans/find-comment@v3
|
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
|
||||||
id: fc
|
id: fc
|
||||||
with:
|
with:
|
||||||
issue-number: ${{ env.PR_NUMBER }}
|
issue-number: ${{ env.PR_NUMBER }}
|
||||||
@ -450,7 +450,7 @@ jobs:
|
|||||||
direction: last
|
direction: last
|
||||||
|
|
||||||
- name: Comment on PR
|
- name: Comment on PR
|
||||||
uses: peter-evans/create-or-update-comment@v4
|
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
|
||||||
env:
|
env:
|
||||||
STATUS: ${{ needs.get_info.outputs.NEW == 'true' && 'Created' || 'Updated' }}
|
STATUS: ${{ needs.get_info.outputs.NEW == 'true' && 'Created' || 'Updated' }}
|
||||||
with:
|
with:
|
||||||
|
2
.github/workflows/release-validation.yaml
vendored
2
.github/workflows/release-validation.yaml
vendored
@ -11,7 +11,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Run Schmoder CI
|
- name: Run Schmoder CI
|
||||||
uses: benc-uk/workflow-dispatch@v1.2.4
|
uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4
|
||||||
with:
|
with:
|
||||||
workflow: ci.yaml
|
workflow: ci.yaml
|
||||||
repo: coder/schmoder
|
repo: coder/schmoder
|
||||||
|
26
.github/workflows/release.yaml
vendored
26
.github/workflows/release.yaml
vendored
@ -47,7 +47,7 @@ jobs:
|
|||||||
version: ${{ steps.version.outputs.version }}
|
version: ${{ steps.version.outputs.version }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
@ -116,7 +116,7 @@ jobs:
|
|||||||
cat "$CODER_RELEASE_NOTES_FILE"
|
cat "$CODER_RELEASE_NOTES_FILE"
|
||||||
|
|
||||||
- name: Docker Login
|
- name: Docker Login
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
@ -130,7 +130,7 @@ jobs:
|
|||||||
|
|
||||||
# Necessary for signing Windows binaries.
|
# Necessary for signing Windows binaries.
|
||||||
- name: Setup Java
|
- name: Setup Java
|
||||||
uses: actions/setup-java@v4
|
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
|
||||||
with:
|
with:
|
||||||
distribution: "zulu"
|
distribution: "zulu"
|
||||||
java-version: "11.0"
|
java-version: "11.0"
|
||||||
@ -185,14 +185,14 @@ jobs:
|
|||||||
# Setup GCloud for signing Windows binaries.
|
# Setup GCloud for signing Windows binaries.
|
||||||
- name: Authenticate to Google Cloud
|
- name: Authenticate to Google Cloud
|
||||||
id: gcloud_auth
|
id: gcloud_auth
|
||||||
uses: google-github-actions/auth@v2
|
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
|
||||||
with:
|
with:
|
||||||
workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
|
workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
|
||||||
service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
|
service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
|
||||||
token_format: "access_token"
|
token_format: "access_token"
|
||||||
|
|
||||||
- name: Setup GCloud SDK
|
- name: Setup GCloud SDK
|
||||||
uses: "google-github-actions/setup-gcloud@v2"
|
uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1
|
||||||
|
|
||||||
- name: Build binaries
|
- name: Build binaries
|
||||||
run: |
|
run: |
|
||||||
@ -245,12 +245,12 @@ jobs:
|
|||||||
|
|
||||||
- name: Install depot.dev CLI
|
- name: Install depot.dev CLI
|
||||||
if: steps.image-base-tag.outputs.tag != ''
|
if: steps.image-base-tag.outputs.tag != ''
|
||||||
uses: depot/setup-action@v1
|
uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
|
||||||
|
|
||||||
# This uses OIDC authentication, so no auth variables are required.
|
# This uses OIDC authentication, so no auth variables are required.
|
||||||
- name: Build base Docker image via depot.dev
|
- name: Build base Docker image via depot.dev
|
||||||
if: steps.image-base-tag.outputs.tag != ''
|
if: steps.image-base-tag.outputs.tag != ''
|
||||||
uses: depot/build-push-action@v1
|
uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
|
||||||
with:
|
with:
|
||||||
project: wl5hnrrkns
|
project: wl5hnrrkns
|
||||||
context: base-build-context
|
context: base-build-context
|
||||||
@ -358,13 +358,13 @@ jobs:
|
|||||||
CODER_GPG_RELEASE_KEY_BASE64: ${{ secrets.GPG_RELEASE_KEY_BASE64 }}
|
CODER_GPG_RELEASE_KEY_BASE64: ${{ secrets.GPG_RELEASE_KEY_BASE64 }}
|
||||||
|
|
||||||
- name: Authenticate to Google Cloud
|
- name: Authenticate to Google Cloud
|
||||||
uses: google-github-actions/auth@v2
|
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
|
||||||
with:
|
with:
|
||||||
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }}
|
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }}
|
||||||
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
|
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
|
||||||
|
|
||||||
- name: Setup GCloud SDK
|
- name: Setup GCloud SDK
|
||||||
uses: "google-github-actions/setup-gcloud@v2"
|
uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # 2.1.1
|
||||||
|
|
||||||
- name: Publish Helm Chart
|
- name: Publish Helm Chart
|
||||||
if: ${{ !inputs.dry_run }}
|
if: ${{ !inputs.dry_run }}
|
||||||
@ -383,7 +383,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Upload artifacts to actions (if dry-run)
|
- name: Upload artifacts to actions (if dry-run)
|
||||||
if: ${{ inputs.dry_run }}
|
if: ${{ inputs.dry_run }}
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
|
||||||
with:
|
with:
|
||||||
name: release-artifacts
|
name: release-artifacts
|
||||||
path: |
|
path: |
|
||||||
@ -398,7 +398,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Send repository-dispatch event
|
- name: Send repository-dispatch event
|
||||||
if: ${{ !inputs.dry_run }}
|
if: ${{ !inputs.dry_run }}
|
||||||
uses: peter-evans/repository-dispatch@v3
|
uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.CDRCI_GITHUB_TOKEN }}
|
token: ${{ secrets.CDRCI_GITHUB_TOKEN }}
|
||||||
repository: coder/packages
|
repository: coder/packages
|
||||||
@ -491,7 +491,7 @@ jobs:
|
|||||||
GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }}
|
GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
@ -571,7 +571,7 @@ jobs:
|
|||||||
if: ${{ !inputs.dry_run }}
|
if: ${{ !inputs.dry_run }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
|
4
.github/workflows/scorecard.yml
vendored
4
.github/workflows/scorecard.yml
vendored
@ -34,7 +34,7 @@ jobs:
|
|||||||
|
|
||||||
# Upload the results as artifacts.
|
# Upload the results as artifacts.
|
||||||
- name: "Upload artifact"
|
- name: "Upload artifact"
|
||||||
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
|
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
|
||||||
with:
|
with:
|
||||||
name: SARIF file
|
name: SARIF file
|
||||||
path: results.sarif
|
path: results.sarif
|
||||||
@ -42,6 +42,6 @@ jobs:
|
|||||||
|
|
||||||
# Upload the results to GitHub's code scanning dashboard.
|
# Upload the results to GitHub's code scanning dashboard.
|
||||||
- name: "Upload to code-scanning"
|
- name: "Upload to code-scanning"
|
||||||
uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
|
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
|
||||||
with:
|
with:
|
||||||
sarif_file: results.sarif
|
sarif_file: results.sarif
|
||||||
|
12
.github/workflows/security.yaml
vendored
12
.github/workflows/security.yaml
vendored
@ -26,13 +26,13 @@ jobs:
|
|||||||
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
|
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
|
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: ./.github/actions/setup-go
|
uses: ./.github/actions/setup-go
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@v3
|
uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
|
||||||
with:
|
with:
|
||||||
languages: go, javascript
|
languages: go, javascript
|
||||||
|
|
||||||
@ -42,7 +42,7 @@ jobs:
|
|||||||
rm Makefile
|
rm Makefile
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
- name: Perform CodeQL Analysis
|
||||||
uses: github/codeql-action/analyze@v3
|
uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
|
||||||
|
|
||||||
- name: Send Slack notification on failure
|
- name: Send Slack notification on failure
|
||||||
if: ${{ failure() }}
|
if: ${{ failure() }}
|
||||||
@ -59,7 +59,7 @@ jobs:
|
|||||||
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
|
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
@ -122,13 +122,13 @@ jobs:
|
|||||||
severity: "CRITICAL,HIGH"
|
severity: "CRITICAL,HIGH"
|
||||||
|
|
||||||
- name: Upload Trivy scan results to GitHub Security tab
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
uses: github/codeql-action/upload-sarif@v3
|
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
|
||||||
with:
|
with:
|
||||||
sarif_file: trivy-results.sarif
|
sarif_file: trivy-results.sarif
|
||||||
category: "Trivy"
|
category: "Trivy"
|
||||||
|
|
||||||
- name: Upload Trivy scan results as an artifact
|
- name: Upload Trivy scan results as an artifact
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
|
||||||
with:
|
with:
|
||||||
name: trivy
|
name: trivy
|
||||||
path: trivy-results.sarif
|
path: trivy-results.sarif
|
||||||
|
12
.github/workflows/stale.yaml
vendored
12
.github/workflows/stale.yaml
vendored
@ -13,7 +13,7 @@ jobs:
|
|||||||
actions: write
|
actions: write
|
||||||
steps:
|
steps:
|
||||||
- name: stale
|
- name: stale
|
||||||
uses: actions/stale@v9.0.0
|
uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
|
||||||
with:
|
with:
|
||||||
stale-issue-label: "stale"
|
stale-issue-label: "stale"
|
||||||
stale-pr-label: "stale"
|
stale-pr-label: "stale"
|
||||||
@ -34,7 +34,7 @@ jobs:
|
|||||||
# Start with the oldest issues, always.
|
# Start with the oldest issues, always.
|
||||||
ascending: true
|
ascending: true
|
||||||
- name: "Close old issues labeled likely-no"
|
- name: "Close old issues labeled likely-no"
|
||||||
uses: actions/github-script@v7
|
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
||||||
with:
|
with:
|
||||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
script: |
|
script: |
|
||||||
@ -83,9 +83,9 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
- name: Run delete-old-branches-action
|
- name: Run delete-old-branches-action
|
||||||
uses: beatlabs/delete-old-branches-action@v0.0.10
|
uses: beatlabs/delete-old-branches-action@6e94df089372a619c01ae2c2f666bf474f890911 # v0.0.10
|
||||||
with:
|
with:
|
||||||
repo_token: ${{ github.token }}
|
repo_token: ${{ github.token }}
|
||||||
date: "6 months ago"
|
date: "6 months ago"
|
||||||
@ -97,7 +97,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Delete PR Cleanup workflow runs
|
- name: Delete PR Cleanup workflow runs
|
||||||
uses: Mattraks/delete-workflow-runs@v2
|
uses: Mattraks/delete-workflow-runs@39f0bbed25d76b34de5594dceab824811479e5de # v2.0.6
|
||||||
with:
|
with:
|
||||||
token: ${{ github.token }}
|
token: ${{ github.token }}
|
||||||
repository: ${{ github.repository }}
|
repository: ${{ github.repository }}
|
||||||
@ -106,7 +106,7 @@ jobs:
|
|||||||
delete_workflow_pattern: pr-cleanup.yaml
|
delete_workflow_pattern: pr-cleanup.yaml
|
||||||
|
|
||||||
- name: Delete PR Deploy workflow skipped runs
|
- name: Delete PR Deploy workflow skipped runs
|
||||||
uses: Mattraks/delete-workflow-runs@v2
|
uses: Mattraks/delete-workflow-runs@39f0bbed25d76b34de5594dceab824811479e5de # v2.0.6
|
||||||
with:
|
with:
|
||||||
token: ${{ github.token }}
|
token: ${{ github.token }}
|
||||||
repository: ${{ github.repository }}
|
repository: ${{ github.repository }}
|
||||||
|
4
.github/workflows/weekly-docs.yaml
vendored
4
.github/workflows/weekly-docs.yaml
vendored
@ -15,10 +15,10 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@master
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||||
|
|
||||||
- name: Check Markdown links
|
- name: Check Markdown links
|
||||||
uses: gaurav-nelson/github-action-markdown-link-check@v1
|
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec # v1.0.15
|
||||||
id: markdown-link-check
|
id: markdown-link-check
|
||||||
# checks all markdown files from /docs including all subfolders
|
# checks all markdown files from /docs including all subfolders
|
||||||
with:
|
with:
|
||||||
|
Reference in New Issue
Block a user