Skip to content

Commit ea743e2

Browse files
laurentsimonlaurentsimon
authored
Merge branch 'main' into feat/passscorenote
2 parents 2218961 + 2bbbce7 commit ea743e2

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

45 files changed

+1112
-146
lines changed

.github/workflows/codeql-analysis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ jobs:
5050

5151
steps:
5252
- name: Harden Runner
53-
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
53+
uses: step-security/harden-runner@9b0655f430fba8c7001d4e38f8d4306db5c6e0ab # v1
5454
with:
5555
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
5656

.github/workflows/docker.yml

Lines changed: 42 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -29,13 +29,18 @@ jobs:
2929
permissions:
3030
contents: read
3131
steps:
32+
- name: Harden Runner
33+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
34+
with:
35+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
36+
3237
- name: Install Protoc
3338
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
3439
with:
3540
version: 3.17.3
3641
- name: Cache builds
3742
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
38-
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed #v2.1.7
43+
uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 #v2.1.7
3944
with:
4045
# In order:
4146
# * Module download cache
@@ -66,13 +71,18 @@ jobs:
6671
permissions:
6772
contents: read
6873
steps:
74+
- name: Harden Runner
75+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
76+
with:
77+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
78+
6979
- name: Install Protoc
7080
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
7181
with:
7282
version: 3.17.3
7383
- name: Cache builds
7484
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
75-
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed #v2.1.7
85+
uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 #v2.1.7
7686
with:
7787
# In order:
7888
# * Module download cache
@@ -103,13 +113,18 @@ jobs:
103113
permissions:
104114
contents: read
105115
steps:
116+
- name: Harden Runner
117+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
118+
with:
119+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
120+
106121
- name: Install Protoc
107122
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
108123
with:
109124
version: 3.17.3
110125
- name: Cache builds
111126
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
112-
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed #v2.1.7
127+
uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 #v2.1.7
113128
with:
114129
# In order:
115130
# * Module download cache
@@ -140,13 +155,18 @@ jobs:
140155
permissions:
141156
contents: read
142157
steps:
158+
- name: Harden Runner
159+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
160+
with:
161+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
162+
143163
- name: Install Protoc
144164
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
145165
with:
146166
version: 3.17.3
147167
- name: Cache builds
148168
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
149-
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed #v2.1.7
169+
uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 #v2.1.7
150170
with:
151171
# In order:
152172
# * Module download cache
@@ -177,13 +197,18 @@ jobs:
177197
permissions:
178198
contents: read
179199
steps:
200+
- name: Harden Runner
201+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
202+
with:
203+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
204+
180205
- name: Install Protoc
181206
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
182207
with:
183208
version: 3.17.3
184209
- name: Cache builds
185210
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
186-
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed #v2.1.7
211+
uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 #v2.1.7
187212
with:
188213
# In order:
189214
# * Module download cache
@@ -214,13 +239,18 @@ jobs:
214239
permissions:
215240
contents: read
216241
steps:
242+
- name: Harden Runner
243+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
244+
with:
245+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
246+
217247
- name: Install Protoc
218248
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
219249
with:
220250
version: 3.17.3
221251
- name: Cache builds
222252
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
223-
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed #v2.1.7
253+
uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 #v2.1.7
224254
with:
225255
# In order:
226256
# * Module download cache
@@ -251,13 +281,18 @@ jobs:
251281
permissions:
252282
contents: read
253283
steps:
284+
- name: Harden Runner
285+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
286+
with:
287+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
288+
254289
- name: Install Protoc
255290
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
256291
with:
257292
version: 3.17.3
258293
- name: Cache builds
259294
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
260-
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed #v2.1.7
295+
uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 #v2.1.7
261296
with:
262297
# In order:
263298
# * Module download cache

.github/workflows/goreleaser.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,11 @@ jobs:
2525
permissions:
2626
contents: write
2727
steps:
28+
- name: Harden Runner
29+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
30+
with:
31+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
32+
2833
-
2934
name: Checkout
3035
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4

.github/workflows/integration.yml

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,11 @@ jobs:
2424
approve:
2525
runs-on: ubuntu-latest
2626
steps:
27+
- name: Harden Runner
28+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
29+
with:
30+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
31+
2732
- name: approve
2833
run: echo For security reasons, all pull requests need to be approved before running integration tests.
2934

@@ -32,6 +37,11 @@ jobs:
3237
environment: integration-test
3338
needs: [approve]
3439
steps:
40+
- name: Harden Runner
41+
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
42+
with:
43+
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
44+
3545
- name: pull_request actions/checkout
3646
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
3747
with:
@@ -44,7 +54,7 @@ jobs:
4454

4555
- name: Cache builds
4656
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
47-
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed #v2.1.7
57+
uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 #v2.1.7
4858
with:
4959
# In order:
5060
# * Module download cache
@@ -81,15 +91,15 @@ jobs:
8191
verbose: true
8292

8393
- name: find comment
84-
uses: peter-evans/find-comment@d2dae40ed151c634e4189471272b57e76ec19ba8 # v1.2.0
94+
uses: peter-evans/find-comment@1769778a0c5bd330272d749d12c036d65e70d39d # v1.2.0
8595
id: fc
8696
with:
8797
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
8898
comment-author: 'github-actions[bot]'
8999
body-includes: Integration tests ran for
90100

91101
- name: create or update comment
92-
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
102+
uses: peter-evans/create-or-update-comment@c9fcb64660bc90ec1cc535646af190c992007c32 # v1.4.5
93103
with:
94104
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
95105
comment-id: ${{ steps.fc.outputs.comment-id }}

0 commit comments

Comments
 (0)