upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-05-28 04:34:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

address zizmor issues

Browse source
This commit is contained in:
Erica Portnoy 2026-05-01 15:11:20 -07:00
parent ec803c3ef9
commit 23a77ad917
3 changed files with 36 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
.github/workflows/common_deploy_jobs.yml vendored
View file

@ -10,9 +10,19 @@ on:
description: 'snap channel to release to'
required: true
type: string
secrets:
SNAPCRAFTCFG:
required: true
DOCKERHUB_TOKEN:
required: true
permissions:
contents: read
env:
DOCKER_TAG: "${{ inputs.dockerTag }}"
SNAP_RELEASE_CHANNEL: "${{ inputs.snapReleaseChannel }}"
jobs:
# This job relies on credentials used to publish the Certbot snaps. This
# credential file was created by running:
@ -68,7 +78,7 @@ jobs:
run: |-
export SNAPCRAFT_STORE_CREDENTIALS="${{ secrets.SNAPCRAFTCFG }}"
for SNAP_FILE in snap/*.snap; do
tools/retry.sh eval snapcraft upload --release=${{ inputs.snapReleaseChannel }} "${SNAP_FILE}"
tools/retry.sh eval snapcraft upload --release="${SNAP_RELEASE_CHANNEL}" "${SNAP_FILE}"
done
shell: bash
publish_snap_invalid:
@ -123,7 +133,7 @@ jobs:
username: "${{ vars.DOCKERHUB_USERNAME }}"
password: "${{ secrets.DOCKERHUB_TOKEN }}"
- name: Deploy the Docker images by architecture
run: tools/docker/deploy_images.sh ${{ inputs.dockerTag }} ${{ matrix.DOCKER_ARCH }}
run: tools/docker/deploy_images.sh "$DOCKER_TAG" ${{ matrix.DOCKER_ARCH }}
shell: bash
publish_docker_multiarch:
name: Publish docker multiarch
@ -141,5 +151,5 @@ jobs:
username: "${{ vars.DOCKERHUB_USERNAME }}"
password: "${{ secrets.DOCKERHUB_TOKEN }}"
- name: Deploy the Docker multiarch manifests
run: tools/docker/deploy_manifests.sh ${{ inputs.dockerTag }} all
run: tools/docker/deploy_manifests.sh "$DOCKER_TAG" all
shell: bash

21
.github/workflows/nightly.yml vendored
View file

@ -10,23 +10,34 @@ jobs:
# is much nicer if they are instead listed explicitly here.
standard_tests_jobs:
name: Standard tests
permissions:
contents: read
uses: "./.github/workflows/standard_tests_jobs.yml"
extended_tests_jobs:
name: Extended tests
permissions:
contents: read
uses: "./.github/workflows/extended_tests_jobs.yml"
secrets: inherit
secrets:
AWS_TEST_FARM_PEM: "${{ secrets.AWS_TEST_FARM_PEM }}"
AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
docker_packaging_jobs:
name: Docker packaging
permissions:
contents: read
uses: "./.github/workflows/docker_packaging_jobs.yml"
with:
dockerTag: nightly
secrets: inherit
snap_packaging_jobs:
name: Snap packaging
permissions:
contents: read
uses: "./.github/workflows/snap_packaging_jobs.yml"
with:
snapBuildTimeout: 19800
secrets: inherit
secrets:
LAUNCHPAD_CREDENTIALS: "${{ secrets.LAUNCHPAD_CREDENTIALS }}"
changelog_stage:
name: Create changelog
permissions:
@ -42,7 +53,9 @@ jobs:
- docker_packaging_jobs
- snap_packaging_jobs
uses: "./.github/workflows/common_deploy_jobs.yml"
secrets: inherit
secrets:
SNAPCRAFTCFG: "${{ secrets.SNAPCRAFTCFG }}"
DOCKERHUB_TOKEN: "${{ secrets.DOCKERHUB_TOKEN }}"
with:
dockerTag: nightly
snapReleaseChannel: edge

9
.github/workflows/rerun.yml vendored
View file

@ -8,15 +8,18 @@ permissions:
actions: write
checks: write
env:
RUN_ID: "${{ inputs.run_id }}"
jobs:
rerun:
runs-on: ubuntu-latest
steps:
- name: rerun ${{ inputs.run_id }}
- name: rerun "$RUN_ID"
env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
GH_DEBUG: api
run: |
gh run watch ${{ inputs.run_id }} > /dev/null 2>&1
gh run rerun ${{ inputs.run_id }} --failed
gh run watch "$RUN_ID" > /dev/null 2>&1
gh run rerun "$RUN_ID" --failed