1
0
Fork 0
Commit Graph

75 Commits (vmjoseph/audit-fix-2)

Author SHA1 Message Date
Vallie Joseph ba96334e72 upgrading typescript; fixing audit issues 2023-07-28 05:43:32 +00:00
Ferenc Hammerl c26f803662
Merge pull request #1300 from actions/fhammerl/setup-node-latest
Use newest version of actions
2023-01-19 16:16:02 +01:00
Sampark Sharma b2d865f180
Cache package release for compression change in windows with symlink fix (#1291)
* Cache package release for compression change in windows

This reverts commit 86fe4abd8e.

* Add env variable to enable windows symlinks

* Add cross os opt-in functionality for cache on windows

* Fix test

* Address review comments

* Fix test

* Fix tests

* Fix tests

* Fix tests

* Address review comments

* Address review comments

* Fix tests

* Fix tests

* Add npm version

* Add release details
2023-01-04 12:16:25 +05:30
Ferenc Hammerl 56146a6713 Bump actions to newer versions 2023-01-03 16:59:01 +01:00
Ferenc Hammerl 74f24b41d1 Use most recent setup-node 2023-01-03 16:43:09 +01:00
Ferenc Hammerl 5e9bcaca7c Update title with hint 2023-01-03 13:36:38 +01:00
Ferenc Hammerl af2d2ff198 Remove allow-list from audit
Releases can be made or PRs can be merged even if the workflow is failing
2023-01-03 13:34:55 +01:00
Ferenc Hammerl 2afea665ed
Try sequential jest tests 2022-12-20 16:32:59 +01:00
Ferenc Hammerl 4abb5a2ae0 Quote workflows for windows 2022-12-14 01:30:49 +01:00
Ferenc Hammerl e1a991ffb7 Run workflows on 16 2022-12-14 01:19:05 +01:00
Brian Cristante 91b7bf978c
Move @actions/http-client into the toolkit (#1062)
💡 See https://github.com/actions/toolkit/pull/1064 for a better diff!

https://github.com/actions/toolkit contains a variety of packages used for building actions.  https://github.com/actions/http-client is one such package, but lives outside of the toolkit.  Moving it inside of the toolkit will improve discoverability and reduce the number of repos we have to keep track of for maintenance tasks (such as github/c2c-actions-service#2937).

I checked with @bryanmacfarlane on the historical decision here.  Apparently it was just inertia from before we released the toolkit as multiple packages.

The benefits here are:
- Have one fewer repo to keep track of
- Signal that this is an HTTP client meant for building actions, not for general use.

## Notes
- `@actions/http-client` will continue to be released as its own package.
- Bumping the package version to **2.0.0**.  Since we're compiling in strict mode now, there are some breaking changes to the exported types.  This is an improvement because the null-unsafe version of`http-client` is currently breaking the safety of null-safe consumers.
- I'm not updating the other packages to use the new version in this PR.  I plan to do that in a follow-up.  We'll hold off on publishing `http-client` v2 to NPM until that's done just in case other changes shake out of it.
2022-05-03 11:10:13 -04:00
Zoran Regvart 37f5a85219
fix: drop support for named pipes on Windows (#962)
Seems that folk are having issues with uploading 0-byte files from
Windows agents. This effectively removes the support for Windows for
uploading from named files that, due to `isFIFO` returning `false` on
Windows for named pipes created using MSYS2's `mkfifo` command, resorted
to checking if the file size is 0 - a common trait of named pipes.

See https://github.com/actions/upload-artifact/issues/281
2021-12-14 15:50:50 -05:00
Konrad Pabjan d1a6612b14
Update releases.yml (#960) 2021-12-07 10:38:25 -05:00
Brian Cristante 9167ce1f3a
Resolve vulnerabilities found by `npm audit` (#846) 2021-06-16 09:20:08 -04:00
Thomas Boop 51dc07a106
Only run codeql on main branch pushes (#826) 2021-06-01 10:11:52 -04:00
Thomas Boop 0d74e9080a
Re-enable the audit tools step and update dependencies (#815)
* update package versions

* run audit

* fix eslint config

* linter updates

* re-enable audit

* update timeouts test

* pass done into callback

* fix format
2021-05-21 09:19:40 -04:00
Thomas Boop a6966e3148
fix deploy pipeline (#763) 2021-04-06 14:41:33 -04:00
Thomas Boop 92488b8ab2
Update releases.yml (#762) 2021-04-06 14:08:29 -04:00
eric sciple ea2465fe63
Update and rename deno.yml to rename.yml (#721)
* Create process to release packages via actions


Co-authored-by: Thomas Boop <52323235+thboop@users.noreply.github.com>
Co-authored-by: Konrad Pabjan <konradpabjan@github.com>
2021-04-06 13:37:17 -04:00
Thomas Boop de122731f3
Run update octokit on workflow_dispatch 2021-04-02 12:08:46 -04:00
Konrad Pabjan 383ec9fb03
Update deno.yml 2021-02-18 17:18:59 +01:00
Konrad Pabjan c3478210af
Create deno.yml 2021-02-18 17:14:38 +01:00
Robin Neatherway 85f6235ca9
Add on: pull_request trigger to CodeQL workflow (#689)
From February 2021, in order to provide feedback on pull requests, Code Scanning workflows must be configured with both `push` and `pull_request` triggers. This is because Code Scanning compares the results from a pull request against the results for the base branch to tell you only what has changed between the two.

Early in the beta period we supported displaying results on pull requests for workflows with only `push` triggers, but have discontinued support as this proved to be less robust.

See https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#scanning-pull-requests for more information on how best to configure your Code Scanning workflows.
2021-01-15 12:22:00 +01:00
Thomas Boop 4f7fb6513a
swap to file commands (#587)
* swap to file commands

* swap to require
2020-09-30 15:46:54 +02:00
Thomas Boop e3c6237940
Update audit.yml 2020-08-03 16:55:53 -04:00
Thomas Boop ccad19055e
Set main as the default branch (#527)
* set main as the default branch

* revert change to tool-cache default branch

* use versions where applicable
2020-07-21 11:33:05 -04:00
Thomas Boop 7e1c59c51e
Update email in octokit upgrade job (#516) 2020-07-14 16:46:07 -04:00
David Hadka 4964b0cc7c
Use Azure storage SDK to download cache (#497)
* Adds option to download using AzCopy

* Bump version number and add release notes

* Ensure we use at least v10

* Negate env var so it disables AzCopy

* Use Azure storage SDK to download cache

* Use same level of parallelism as AzCopy

* Fix naming of variable

* React to feedback

* Bump Node types to Node 12

* Make linter happy

* Pass options into restoreCache method

* Fix tests

* Restructure files and add tests

* Add method to get the default download and upload options

* Include breaking changes in RELEASES.md

Co-authored-by: Josh Gross <joshmgross@github.com>
2020-07-10 17:09:32 +02:00
David Hadka 9e2d61e548
Delete cache folders prior to restore in tests (#486)
* Delete cache folders prior to restore in tests

* Update cache-tests.yml
2020-06-19 14:43:38 -04:00
Thomas Boop 8e14ff9f0a
Setup Weekly Automation to Update @actions/github (#498)
* create automation to update Octokit for actions toolkit

Co-authored-by: Dependency Update Bot <bot@github.com>
Co-authored-by: Shohei Ueda <30958501+peaceiris@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2020-06-19 14:35:19 -04:00
Sora Morimoto 8ae8acce72
Update unit-tests.yml (#477) 2020-05-27 10:32:54 -04:00
Thomas Boop 2c693984a8
Update Bug Report Template (#466) 2020-05-19 13:43:20 -04:00
Aiqiao Yan a67b91ea15
Merge pull request #448 from actions/users/aiyan/cache-package
Initial commit to create @actions/cache package
2020-05-15 13:41:32 -04:00
Aiqiao Yan d2b2399bd2 React to feedback 2020-05-15 12:26:42 -04:00
Konrad Pabjan 628f82f221
Correctly reset chunk during artifact upload on retry (#458)
* Correctly reset chunk during artifact upload on retry

* Update workflow

* Implementation details around the passthrough stream
2020-05-14 22:18:21 +02:00
Aiqiao Yan 1413cd0e32 Add cache upload options and pull from latest actions/cache master 2020-05-12 12:53:45 -04:00
Aiqiao Yan c534ad2cbd Add docs and tests 2020-05-12 12:02:19 -04:00
eric sciple 83dd3ef0f1
separate audit workflow (#450) 2020-05-07 11:39:38 -04:00
Thomas Boop a5ff692285
Redirect general feedback to the Community Forums (#447) 2020-05-07 10:24:11 -04:00
Justin Hutchings 11dcc8b313
Add CodeQL Analysis workflow (#434)
* Add CodeQL Analysis workflow

* Rename .github/workflows/workflows/codeql.yml to .github/workflows/codeql.yml

* Remove autobuilder

* Add back autobuilder

* Disable c# analysis
2020-05-06 12:58:36 -04:00
Konrad Pabjan 1688b117e1
E2E tests for the @actions/artifact package (#421)
* End-to-end artifact tests

* E2E tests for artifact package
2020-04-23 20:52:53 +02:00
Thomas Boop 12f30111a0
Update Contributing.md and add information about ADR's (#383)
* Updating Contributing.md + add adr details
2020-03-17 11:57:32 -04:00
eric sciple ab5bd9d696
octokit client should follow proxy settings (#314) 2020-01-18 14:28:37 -05:00
eric sciple 461fc2b9c9
bump checkout to v2, pin setup-node to v1 (#277) 2020-01-14 11:19:06 -05:00
sullis c514e7481a GitHub Actions checkout v2 (#303) 2020-01-14 10:48:34 -05:00
Bryan MacFarlane bfd29dcef8
only audit on ubuntu-latest (#283) 2020-01-04 14:08:05 -05:00
Bryan MacFarlane 803934eca0
audit security vulnerabilities as part of ci (#280) 2020-01-03 17:54:10 -05:00
Josh Gross 60d3096c71 Only run CI on PRs and pushes to master (#275) 2019-12-26 17:00:18 -05:00
Peter Evans be9f18b69f Fix documentation links (#217) 2019-12-10 09:11:03 -05:00
eric sciple 5c894298f2
toolrunner should which tool before invoking (#220) 2019-11-18 16:20:01 -05:00