Commit Graph

11 Commits

Author SHA1 Message Date
neilnaveen 356c1f8336 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
2022-06-07 14:32:11 +01:00
Khaled Hosny e045dbf617 [ci] Upgrade pip on MSVC job
To avoid bad pre-installed version.
2022-02-10 04:06:20 +02:00
Khaled Hosny 02a737e532 Revert "[ci] Downgrade pip on MSVC jobs"
This reverts commit c4cf5ddb27.
2022-02-08 21:45:42 +02:00
Khaled Hosny c4cf5ddb27 [ci] Downgrade pip on MSVC jobs
Turns out, pip 22.0 is the source of the breakage:
https://github.com/mesonbuild/meson/issues/9955#issuecomment-1030843844
https://github.com/pypa/pip/issues/10875
2022-02-06 18:13:16 +02:00
Khaled Hosny 3160789701 [ci] windows-2016 image is going away in a bit
https://github.com/actions/virtual-environments/issues/4312

windows-latest is the same as windows-2019, but we are using explicit
windows-2019 image for when they become different.
2021-11-24 02:05:28 +02:00
Garret Rieger f3e031539f Revert "[ci] Bin FontTools version due to recent COLRv1 changes"
This reverts commit 163748b505.
2021-07-28 11:36:34 -06:00
Khaled Hosny 163748b505 [ci] Bin FontTools version due to recent COLRv1 changes
Should be reverted once HarfBuzz updated to match FontTools.
2021-07-26 23:32:48 +02:00
Khaled Hosny fa432a121e Rename various references to master branch 2021-06-05 04:18:52 +02:00
Khaled Hosny ff86c72e09 [ci] Avoid duplicate builds on pull requests
Don’t run GitHub Actions on pushing to branches other than master. This
was already the case for the linux-ci workflow.
2021-03-16 01:11:12 +02:00
Christoph Reiter 93aea76a25 Fix the GHA msvc build
Use the 'ilammy/msvc-dev-cmd' action for setting up the msvc env,
so we can use powershell everywhere.

Remove a directory from PATH which was interfering with the meson build
by providing an unrelated pkg-config.exe.
2020-07-18 19:52:45 +02:00
Ebrahim Byagowi 3a46ae5127 Use GitHub Actions for msvc bots 2020-07-18 19:15:53 +02:00