Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

fix: fixed the token-permission and pinned-dependencies issue #6168

Merged
merged 1 commit into from
Aug 19, 2024
Merged

fix: fixed the token-permission and pinned-dependencies issue #6168

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 10 additions & 7 deletions .github/workflows/build-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,26 +12,29 @@ on:
- 'build-image/**'
- '.github/workflows/build-image.yml'

permissions:
contents: read

jobs:
build:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
name: Checkout
with:
fetch-depth: 0

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1

- name: Save image
run: make save-multiarch-build-image

- name: Upload Docker Images Artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: build-image
path: |
Expand All @@ -44,21 +47,21 @@ jobs:
if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) && github.repository == 'cortexproject/cortex'
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
name: Checkout
with:
fetch-depth: 0

- name: Download Docker Images Artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-image

- name: Load image
run: make load-multiarch-build-image

- name: Login to Quay.io
uses: docker/#-action@v3
uses: docker/#-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: quay.io
username: ${{secrets.QUAY_REGISTRY_USER}}
Expand Down
36 changes: 18 additions & 18 deletions .github/workflows/test-build-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Git safe.directory
run: |
echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively."
Expand Down Expand Up @@ -49,7 +49,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Git safe.directory
run: |
echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively."
Expand All @@ -71,19 +71,19 @@ jobs:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
with:
languages: go

- name: Autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2


build:
Expand All @@ -92,7 +92,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Git safe.directory
run: |
echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively."
Expand All @@ -113,7 +113,7 @@ jobs:
touch build-image/.uptodate
make BUILD_IN_CONTAINER=false web-build
- name: Upload Website Artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: website public
path: website/public/
Expand All @@ -125,7 +125,7 @@ jobs:
- name: Create Docker Images Archive
run: tar -cvf images.tar /tmp/images
- name: Upload Docker Images Artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: Docker Images
path: ./images.tar
Expand All @@ -146,19 +146,19 @@ jobs:
- integration_query_fuzz
steps:
- name: Upgrade golang
uses: actions/setup-go@v2
uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0
with:
go-version: 1.22.5
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Install Docker Client
run: sudo ./.github/workflows/scripts/install-docker.sh
- name: Sym Link Expected Path to Workspace
run: |
sudo mkdir -p /go/src/github.com/cortexproject/cortex
sudo ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex
- name: Download Docker Images Artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: Docker Images
- name: Extract Docker Images Archive
Expand Down Expand Up @@ -209,11 +209,11 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Install Docker Client
run: sudo ./.github/workflows/scripts/install-docker.sh
- name: Download Docker Images Artifact
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: Docker Images
- name: Extract Docker Images Archive
Expand All @@ -233,7 +233,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
with:
# web-deploy script expects repo to be cloned with ssh for some commands to work
ssh-key: ${{ secrets.WEBSITE_DEPLOY_SSH_PRIVATE_KEY }}
Expand All @@ -247,7 +247,7 @@ jobs:
mkdir -p /go/src/github.com/cortexproject/cortex
ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex
- name: Download Website Artifact
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: website public
path: website/public
Expand Down Expand Up @@ -275,7 +275,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Git safe.directory
run: |
echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively."
Expand All @@ -288,7 +288,7 @@ jobs:
mkdir -p /go/src/github.com/cortexproject/cortex
ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex
- name: Download Docker Images Artifact
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: Docker Images
- name: Extract Docker Images Archive
Expand Down
Loading