neilnaveen
|
356c1f8336
|
chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
|
2022-06-07 14:32:11 +01:00 |
Garret Rieger
|
f3e031539f
|
Revert "[ci] Bin FontTools version due to recent COLRv1 changes"
This reverts commit 163748b505 .
|
2021-07-28 11:36:34 -06:00 |
Khaled Hosny
|
163748b505
|
[ci] Bin FontTools version due to recent COLRv1 changes
Should be reverted once HarfBuzz updated to match FontTools.
|
2021-07-26 23:32:48 +02:00 |
Khaled Hosny
|
fa432a121e
|
Rename various references to master branch
|
2021-06-05 04:18:52 +02:00 |
Khaled Hosny
|
c571a96eb0
|
[ci] Disable Chafa on jobs that enables all auto features
No suitable versions are available on these setups.
|
2021-04-26 12:13:10 -06:00 |
Khaled Hosny
|
ff86c72e09
|
[ci] Avoid duplicate builds on pull requests
Don’t run GitHub Actions on pushing to branches other than master. This
was already the case for the linux-ci workflow.
|
2021-03-16 01:11:12 +02:00 |
Khaled Hosny
|
fb1b29cee4
|
[ci] Fix msys2 breakage
What package manger randomly changes package names without fallback!
|
2021-01-17 23:11:18 +02:00 |
Khaled Hosny
|
296e9d7f33
|
[ci] Install fonttools using pip on msys2
Hopefully fixes the broken package.
|
2020-12-23 01:23:54 +02:00 |
Christoph Reiter
|
d058e56cf1
|
[ci] Update to msys2/setup-msys2@v2
This update introduces better error handling and package caching by default.
|
2020-07-20 23:46:52 +04:30 |
Ebrahim Byagowi
|
8cbdb6fa41
|
[meson] Don't enable benchmark under the conditions ever
As we don't want to make headache for packagers as we don't want to
enable it when --auto-features=enabled is used.
|
2020-07-15 13:33:00 +04:30 |
Christoph Reiter
|
8e7a9b6eeb
|
msys2-ci: clean up
|
2020-07-15 12:11:49 +04:30 |
Christoph Reiter
|
9a4d590eee
|
CI: Port MSYS2 jobs from appveyor to github actions
|
2020-07-15 12:11:49 +04:30 |