#
a2f5a4ca |
| 16-Nov-2022 |
Diogo Teles Sant'Anna |
GHA: clarify workflows permissions, set least possible privilege Set top-level permissions to None on all workflows, setting per-job permissions. This avoids that new jobs inherit unwant
GHA: clarify workflows permissions, set least possible privilege Set top-level permissions to None on all workflows, setting per-job permissions. This avoids that new jobs inherit unwanted permissions. Discussion: https://curl.se/mail/lib-2022-11/0028.html Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com> Closes #9928
show more ...
|
#
4e689330 |
| 17-Sep-2022 |
Marc Hoersken |
CI/GHA: cancel outdated CI runs on new PR changes Avoid letting outdated CI runs continue if a PR receives new changes. Outside a PR we let them continue running by tying the concurr
CI/GHA: cancel outdated CI runs on new PR changes Avoid letting outdated CI runs continue if a PR receives new changes. Outside a PR we let them continue running by tying the concurrency to the commit hash instead. Also only let one CodeQL or Hacktoberfest job run at a time. Other CI platforms we use have this build in, but GitHub unfortunately neither by default nor with a simple option. This saves CI resources and therefore a little energy. Approved-by: Daniel Stenberg Approved-by: Max Dymond Closes #9533
show more ...
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
#
498ecdfd |
| 17-May-2022 |
Marc Hoersken |
GHA: align all install, configure and build steps again First step towards more unified build steps on GitHub Actions. Closes #8873
|
#
bda0d5fb |
| 14-May-2022 |
Frazer Smith |
ci: update github actions - bump actions/checkout from 2 to 3 - bump actions/upload-artifact from 1 to 3 - bump github/codeql-actions from 1 to 2 - use version tag for actions/ch
ci: update github actions - bump actions/checkout from 2 to 3 - bump actions/upload-artifact from 1 to 3 - bump github/codeql-actions from 1 to 2 - use version tag for actions/checkout Closes #8843
show more ...
|
#
4729c251 |
| 16-Aug-2021 |
Jay Satiro |
codeql: fix error "Resource not accessible by integration" - Enable codeql writing security-events. GitHub set the default permissions to read, apparently since earlier this yea
codeql: fix error "Resource not accessible by integration" - Enable codeql writing security-events. GitHub set the default permissions to read, apparently since earlier this year. Ref: https://github.com/github/codeql-action/issues/464 Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ Fixes https://github.com/curl/curl/issues/7575 Closes https://github.com/curl/curl/pull/7576
show more ...
|
#
b28a8895 |
| 07-Jun-2021 |
Daniel Stenberg |
GHA: add a linux-hyper job Closes #7206
|
Revision tags: curl-7_76_1 |
|
#
2908a823 |
| 30-Mar-2021 |
Anthony Shaw |
github/workflow: add "security-extended" to codeql-analysis.yml Extends the CodeQL code scan. Closes #6815
|
Revision tags: curl-7_76_0, curl-7_75_0 |
|
#
78617b48 |
| 25-Dec-2020 |
XhmikosR |
CI: fix warning with the latest versions `git checkout HEAD^2` is no longer needed Closes #6369
|
Revision tags: curl-7_74_0, curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0 |
|
#
a88fe0fd |
| 12-Jul-2020 |
Marc Hoersken |
workflows: limit what branches to run CodeQL on Align CodeQL action with existing CI actions: - Update branch filter to avoid duplicate CI runs. - Shorten workflow name due to inform
workflows: limit what branches to run CodeQL on Align CodeQL action with existing CI actions: - Update branch filter to avoid duplicate CI runs. - Shorten workflow name due to informative job name. Reviewed-by: Daniel Stenberg Closes #5660
show more ...
|
Revision tags: curl-7_71_1 |
|
#
7de2a4ce |
| 26-Jun-2020 |
Daniel Stenberg |
codeql-analysis.yml: fix the 'languages' setting It needs a 'with:' in front of it.
|
#
7183f5ac |
| 25-Jun-2020 |
Daniel Stenberg |
gtihub: codeql-analysis.yml enables code security scanning with github actions
|