neilnaveen
356c1f8336
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
2022-06-07 14:32:11 +01:00
Khaled Hosny
e045dbf617
[ci] Upgrade pip on MSVC job
...
To avoid bad pre-installed version.
2022-02-10 04:06:20 +02:00
Khaled Hosny
02a737e532
Revert "[ci] Downgrade pip on MSVC jobs"
...
This reverts commit c4cf5ddb27
.
2022-02-08 21:45:42 +02:00
Khaled Hosny
c4cf5ddb27
[ci] Downgrade pip on MSVC jobs
...
Turns out, pip 22.0 is the source of the breakage:
https://github.com/mesonbuild/meson/issues/9955#issuecomment-1030843844
https://github.com/pypa/pip/issues/10875
2022-02-06 18:13:16 +02:00
Khaled Hosny
3160789701
[ci] windows-2016 image is going away in a bit
...
https://github.com/actions/virtual-environments/issues/4312
windows-latest is the same as windows-2019, but we are using explicit
windows-2019 image for when they become different.
2021-11-24 02:05:28 +02:00
Garret Rieger
f3e031539f
Revert "[ci] Bin FontTools version due to recent COLRv1 changes"
...
This reverts commit 163748b505
.
2021-07-28 11:36:34 -06:00
Khaled Hosny
163748b505
[ci] Bin FontTools version due to recent COLRv1 changes
...
Should be reverted once HarfBuzz updated to match FontTools.
2021-07-26 23:32:48 +02:00
Khaled Hosny
fa432a121e
Rename various references to master branch
2021-06-05 04:18:52 +02:00
Khaled Hosny
ff86c72e09
[ci] Avoid duplicate builds on pull requests
...
Don’t run GitHub Actions on pushing to branches other than master. This
was already the case for the linux-ci workflow.
2021-03-16 01:11:12 +02:00
Christoph Reiter
93aea76a25
Fix the GHA msvc build
...
Use the 'ilammy/msvc-dev-cmd' action for setting up the msvc env,
so we can use powershell everywhere.
Remove a directory from PATH which was interfering with the meson build
by providing an unrelated pkg-config.exe.
2020-07-18 19:52:45 +02:00
Ebrahim Byagowi
3a46ae5127
Use GitHub Actions for msvc bots
2020-07-18 19:15:53 +02:00