Default to `permissions: read-all` in all workflows and then add
additional permissions as needed at the job level
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit follows up on e808ccfxy and completes the pinning of *all*
GitHub Actions to SHAs, including GitHub-owned `actions/*` actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit updates all GitHub Actions workflows to use specific
SHAs for the actions when they're not GitHub owned (`actions/*`)
instead of using tag-based versioning since tags are mutable.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This reverts commit 3ba4c98a1d.
A repo from microsoft was not available, that lead to ci
actions failing. This hat been fixed, so this workaround
is no longer needed.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Update Github actions to their latest versions to fix the following
warnings on runs:
```
Node.js 16 actions are deprecated. Please update the following actions
to use Node.js 20: actions/checkout@v3, actions/cache@v3,
actions/upload-artifact@v3. For more information see:
https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
```
`actions/checkout` and `actions/cache` are straight Node version
upgrades, `actions/upload-artifact` and `actions/download-artifact` have
breaking changes, but don't appear to affect our usage.
https://github.com/actions/upload-artifact
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
This commit updates the CI workflows to use the `zephyrproject-rtos`
organisation-level AWS secrets instead of the repository-level secrets.
Using organisation-level secrets allows more centralised management of
the access keys used throughout the GitHub Actions CI infrastructure.
Note that the `AWS_*_ACCESS_KEY_ID` is now stored in plaintext as a
variable instead of a secret because it is equivalent to username and
needs to be identifiable for management and audit purposes.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the CI workflows to use the AWS
configure-aws-credentials action v2, which is based on node.js 16 and
@actions/core 1.10.0, in preparation for the upcoming removal of the
deprecated GitHub features.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the CI workflows to use the GitHub Ubuntu 22.04
virtual environment for running jobs.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Fix all thruthy errors detected by yamllint:
yamllint -f parsable -c .yamllint $( find -regex '.*\.y[a]*ml' ) | \
grep '(truthy)'
This only accepts true/false for boolean properties. Seems like python
takes all sort of formats:
https://github.com/yaml/pyyaml/blob/master/lib/yaml/constructor.py#L224-L235
But the current specs only mention "true" or "false"
https://yaml.org/spec/1.2.2/#10212-boolean
Which is the standard yamllint config.
Excluding codeconv and workflow files, as some are using yes/no instead
in the respective documentation.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
This commit updates the issue count tracker workflow to use a specific
upload-artifact action version, v3, instead of the latest master branch
in order to prevent any potential breakages due to the newer commits.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the issue count tracker workflow to use a specific
runner image version, ubuntu-20.04, instead of the latest version in
order to prevent any potential breakages due to the 'latest' version
change by GitHub.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit fixes a stale reference to the 'master' branch when
downloading the issue report configuration file.
Note that the 'master' branch is no longer the default
branch -- 'main' is.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Make sure sources are up-to-date before installing any package. This is
causing failures on some workflows.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Do not run workflow on each issue change, instead run every 10 minutes.
Running this on every issue open/close/label will cause reaching API
call limit very fast when issues are automatically created from coverity
or during bug triaging sessions.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
