1
0
Fork 0
forked from lix-project/lix
Commit graph

42 commits

Author SHA1 Message Date
Théophane Hufschmitt 541e10496a Fix the hydra_status CI job 2022-07-05 16:28:39 +02:00
Théophane Hufschmitt 70083218b3 Restrict the permissions of the CI 2022-07-05 16:01:20 +02:00
naveen d31c520f40 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-07-01 00:29:30 +00:00
Théophane Hufschmitt 460117a238 Correctly get the nix version in the docker job
`defaultPackage` doesn't exist anymore, so we can't use it.
Instead just use the new CLI which should be more robust to these
changes

Fix 
2022-06-10 12:09:09 +02:00
dependabot[bot] d1c270431a
Bump zeebe-io/backport-action from 0.0.7 to 0.0.8
Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action) from 0.0.7 to 0.0.8.
- [Release notes](https://github.com/zeebe-io/backport-action/releases)
- [Commits](https://github.com/zeebe-io/backport-action/compare/v0.0.7...v0.0.8)

---
updated-dependencies:
- dependency-name: zeebe-io/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-23 22:01:52 +00:00
dependabot[bot] c060e93b3c
Bump docker/login-action from 1 to 2
Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-09 22:01:15 +00:00
dependabot[bot] dc9510c8d7
Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-13 12:10:29 +00:00
dependabot[bot] 5fc73c276b
build(deps): bump cachix/install-nix-action from 16 to 17
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 16 to 17.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v16...v17)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-11 22:01:20 +00:00
regnat 7bd85a3bf6 Use the nix command (and flakes) in the CI
Apart from a slight simplification and a bit of dogfooding, this also
make the cache behavior more predictable.
For example `nix build .` and `nix build nix/$(git rev-parse HEAD)` will
yield the exact same path, while their “intuitive” non-flake equivalents
(`nix-build` and
`nix-build https://github.com/nixos/nix/archives/$(git rev-parse HEAD).tar.gz`)
don’t.

This was a pain for example in https://github.com/NixOS/nix/pull/5059

Also, the `bar-with-logs` log format is imho nicer (even in an
non-interactive context) because prefixing each log line with the name
of the derivation that produced it makes it much easier to follow what’s
going on.
2022-01-26 16:41:37 +01:00
Rok Garbas c79087eb2a
also tagging with latest commit with a master tag 2022-01-21 14:40:34 +01:00
Rok Garbas 2267c773f0
Push docker image (only x86_64-linux right now) to hub.docker.com 2022-01-11 18:51:58 +01:00
Rok Garbas 9aa486c4be
Rename github workflow from Tests to CI 2022-01-11 18:51:34 +01:00
regnat 5f64b69d23 Add a github cron to check the hydra status
Add a regular github action that will check the status of the latest
hydra evaluation.

Things aren’t ideal right now because this job will only notify “the
user who last modified the cron syntax in the workflow file” (so myself
atm). But at least that’ll give a notification for failing hydra jobs
2021-11-30 17:54:25 +01:00
dependabot[bot] 5be8fbd740
Bump cachix/install-nix-action from 15 to 16
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 15 to 16.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v15...v16)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-22 22:01:42 +00:00
Eelco Dolstra 72e67c4b2d
Merge pull request from NixOS/dependabot/github_actions/cachix/install-nix-action-15
Bump cachix/install-nix-action from 14.1 to 15
2021-11-18 12:32:06 +01:00
dependabot[bot] 3771f931bf
Bump zeebe-io/backport-action from 0.0.5 to 0.0.7
Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action) from 0.0.5 to 0.0.7.
- [Release notes](https://github.com/zeebe-io/backport-action/releases)
- [Commits](https://github.com/zeebe-io/backport-action/compare/v0.0.5...v0.0.7)

---
updated-dependencies:
- dependency-name: zeebe-io/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-15 22:01:17 +00:00
dependabot[bot] 4ba355e593
Bump cachix/install-nix-action from 14.1 to 15
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 14.1 to 15.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v14.1...v15)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-15 22:01:13 +00:00
Domen Kožar 1d0bc96c96 Add backport action 2021-11-15 08:41:03 -06:00
dependabot[bot] 732dd90428
Bump actions/checkout from 2.3.5 to 2.4.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-08 22:00:58 +00:00
Domen Kožar b8532c9ff1 install-nix-actionv@v14.1 2021-11-02 08:24:17 -06:00
Eelco Dolstra 19148f1940 Apply a 60-minute timeout to the 'tests' workflow 2021-10-29 14:48:36 +02:00
dependabot[bot] 2400819809
Bump actions/checkout from 2.3.4 to 2.3.5
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-18 22:01:24 +00:00
dependabot[bot] 5052a81bba
Bump cachix/install-nix-action from 13 to 14
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 13 to 14.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v13...v14)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-14 12:57:56 +00:00
Travis A. Everett 0386f0c079 fix CI for users with no installer-test cachix
Closes 
2021-09-01 18:08:38 -05:00
Domen Kožar 9feca5cdf6
github actions: simplify getting the system logic 2021-06-28 23:02:53 +02:00
dependabot[bot] 35faff7325
Bump cachix/cachix-action from v9 to v10
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from v9 to v10.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v9...73e75d1a0cd4330597a571e8f9dedb41faa2fc4e)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-12 05:21:11 +00:00
Domen Kožar 00f00a9954
bump actions 2021-04-03 12:59:44 +02:00
Travis A. Everett 12ec962dd8 simplify changing cachix cache for install tests
- convert cachix cache name from an env into a secret so it (along
  with the token/key) can be set once per fork
- use CACHIX_AUTH_TOKEN in addition to CACHIX_SIGNING_KEY; it looks
  like cachix will try signing key first, then auth token.
2021-02-26 16:14:06 -06:00
Domen Kožar ae4260f0a7
Generate installer script for each PR/push
This works by using Cachix feature of serving a file from
a store path.
2021-02-21 15:51:49 +00:00
dependabot[bot] 0ed7c957be
Bump cachix/install-nix-action from v11 to v12 ()
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from v11 to v12.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v11...07da2520eebede906fbeefa9dd0a2b635323909d)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-09 23:21:55 +00:00
Domen Kožar f1428484be
Update .github/workflows/test.yml 2020-09-28 21:08:24 +03:00
Domen Kožar c89fa3f644
Update .github/workflows/test.yml 2020-09-28 21:08:14 +03:00
dependabot[bot] 095a91f55a
Bump cachix/install-nix-action from v10 to v11
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from v10 to v11.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v10...95a8068e317b8def9482980abe762f36c77ccc99)

Signed-off-by: dependabot[bot] <support@github.com>
2020-09-28 05:37:07 +00:00
Domen Kožar f38fe24346
speed up CI 2020-08-30 22:52:34 +02:00
Eelco Dolstra 54712aaf8a Merge remote-tracking branch 'origin/master' into flakes 2020-07-06 16:40:10 +02:00
dependabot[bot] 9937f4ed37
Bump cachix/install-nix-action from v8 to v10
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from v8 to v10.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v8...63cf434de4e4292c6960639d56c5dd550e789d77)

Signed-off-by: dependabot[bot] <support@github.com>
2020-06-28 06:02:57 +00:00
Eelco Dolstra 17ca997fc6 Merge remote-tracking branch 'origin/master' into flakes 2020-05-28 12:55:24 +02:00
Domen Kožar 546b179d0a
actions: use latest OS 2020-05-15 10:06:26 +02:00
Eelco Dolstra 073650db01 Do a deep fetch
Currently the build fails with

  warning: reject refs/heads/HEAD because shallow roots are not allowed to be updated
  error: Could not read 0c2088d438
  fatal: Failed to traverse parents of commit ea1803efdc
  error: program 'git' failed with exit code 128
2020-03-13 17:25:47 +01:00
Eelco Dolstra ea1803efdc Run checks 2020-03-13 17:13:54 +01:00
Eelco Dolstra 90b805ef25
Remove build and binaryTarball since they're included in installerScript 2020-03-13 15:56:25 +01:00
Domen Kožar 30962d21be
Add CI with github actions 2020-03-13 15:41:16 +01:00