Default to `permissions: read-all` in all workflows and then add
additional permissions as needed at the job level
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit follows up on e808ccfxy and completes the pinning of *all*
GitHub Actions to SHAs, including GitHub-owned `actions/*` actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit updates all GitHub Actions workflows to use specific
SHAs for the actions when they're not GitHub owned (`actions/*`)
instead of using tag-based versioning since tags are mutable.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Update Github actions to their latest versions to fix the following
warnings on runs:
```
Node.js 16 actions are deprecated. Please update the following actions
to use Node.js 20: actions/checkout@v3, actions/cache@v3,
actions/upload-artifact@v3. For more information see:
https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
```
`actions/checkout` and `actions/cache` are straight Node version
upgrades, `actions/upload-artifact` and `actions/download-artifact` have
breaking changes, but don't appear to affect our usage.
https://github.com/actions/upload-artifact
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
This commit updates the CI workflows to use the GitHub Ubuntu 22.04
virtual environment for running jobs.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Fix all thruthy errors detected by yamllint:
yamllint -f parsable -c .yamllint $( find -regex '.*\.y[a]*ml' ) | \
grep '(truthy)'
This only accepts true/false for boolean properties. Seems like python
takes all sort of formats:
https://github.com/yaml/pyyaml/blob/master/lib/yaml/constructor.py#L224-L235
But the current specs only mention "true" or "false"
https://yaml.org/spec/1.2.2/#10212-boolean
Which is the standard yamllint config.
Excluding codeconv and workflow files, as some are using yes/no instead
in the respective documentation.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
This commit updates the CI workflows to use the latest "checkout"
action v3, which is based on Node.js 16.
Note that Node.js 12-based actions are now deprecated by GitHub and may
stop working in the near future.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the workflow to use the output parameter file
(`GITHUB_OUTPUT`) instead of the stdout-based output parameter setting,
which is now deprecated by GitHub and will be removed in the near
future.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
RC releases clutter the release page, there's no reason for keeping them
after the release is done, filter them out from the workflow so they
don't get created in the first place..
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Change the release process documentation to only use the overview of the
release notes for GitHub releases rather than the full file.
The current instructions of copying the full content are broken (the
file does not fit anyway and the formatting is incompatible) and result
in a cluttered page anyway (the UI is not really meant for long release
notes).
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
This commit updates the "Create a release" workflow to use a specific
upload-artifact action version, v3, instead of the latest master branch
in order to prevent any potential breakages due to the newer commits.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the "Create a Release" workflow to use a specific
runner image version, ubuntu-20.04, instead of the latest version in
order to prevent any potential breakages due to the 'latest' version
change by GitHub.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Action to create release when tag is pushed. This will additionally
create an SPDX file and the changelog since the last tag.
The release is created as a draft and will have to be modified by the
release engineer and published when ready.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
