GHA: clarify workflows permissions, set least possible privilege

Set top-level permissions to None on all workflows, setting per-job
permissions. This avoids that new jobs inherit unwant

GHA: clarify workflows permissions, set least possible privilege

Set top-level permissions to None on all workflows, setting per-job
permissions. This avoids that new jobs inherit unwanted permissions.

Discussion: https://curl.se/mail/lib-2022-11/0028.html

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>

Closes #9928

show more ...

CI/GHA: cancel outdated CI runs on new PR changes

Avoid letting outdated CI runs continue if a PR receives
new changes. Outside a PR we let them continue running
by tying the concurr

CI/GHA: cancel outdated CI runs on new PR changes

Avoid letting outdated CI runs continue if a PR receives
new changes. Outside a PR we let them continue running
by tying the concurrency to the commit hash instead.

Also only let one CodeQL or Hacktoberfest job run at a time.

Other CI platforms we use have this build in, but GitHub
unfortunately neither by default nor with a simple option.

This saves CI resources and therefore a little energy.

Approved-by: Daniel Stenberg
Approved-by: Max Dymond
Closes #9533

show more ...

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

GHA: align all install, configure and build steps again

First step towards more unified build steps on GitHub Actions.

Closes #8873

ci: update github actions

- bump actions/checkout from 2 to 3
- bump actions/upload-artifact from 1 to 3
- bump github/codeql-actions from 1 to 2
- use version tag for actions/ch

ci: update github actions

- bump actions/checkout from 2 to 3
- bump actions/upload-artifact from 1 to 3
- bump github/codeql-actions from 1 to 2
- use version tag for actions/checkout

Closes #8843

show more ...

codeql: fix error "Resource not accessible by integration"

- Enable codeql writing security-events.

GitHub set the default permissions to read, apparently since earlier
this yea

codeql: fix error "Resource not accessible by integration"

- Enable codeql writing security-events.

GitHub set the default permissions to read, apparently since earlier
this year.

Ref: https://github.com/github/codeql-action/issues/464
Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/

Fixes https://github.com/curl/curl/issues/7575
Closes https://github.com/curl/curl/pull/7576

show more ...

GHA: add a linux-hyper job

Closes #7206

github/workflow: add "security-extended" to codeql-analysis.yml

Extends the CodeQL code scan.

Closes #6815

CI: fix warning with the latest versions

`git checkout HEAD^2` is no longer needed

Closes #6369

workflows: limit what branches to run CodeQL on

Align CodeQL action with existing CI actions:
- Update branch filter to avoid duplicate CI runs.
- Shorten workflow name due to inform

workflows: limit what branches to run CodeQL on

Align CodeQL action with existing CI actions:
- Update branch filter to avoid duplicate CI runs.
- Shorten workflow name due to informative job name.

Reviewed-by: Daniel Stenberg

Closes #5660

show more ...

codeql-analysis.yml: fix the 'languages' setting

It needs a 'with:' in front of it.

gtihub: codeql-analysis.yml

enables code security scanning with github actions