Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Chris Farhood
|
6c9a4acb7f | ||
|
Chris Farhood
|
f4e8472cb3 |
@@ -1,3 +1,2 @@
|
||||
self-hosted-runner:
|
||||
labels:
|
||||
- runners-privilegedescalation
|
||||
labels: []
|
||||
|
||||
@@ -7,7 +7,7 @@ on:
|
||||
|
||||
jobs:
|
||||
health-check:
|
||||
runs-on: runners-privilegedescalation
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
|
||||
@@ -11,7 +11,7 @@ permissions:
|
||||
|
||||
jobs:
|
||||
test-detection-logic:
|
||||
runs-on: runners-privilegedescalation
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 2
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -21,7 +21,7 @@ jobs:
|
||||
run: bash scripts/test-detect-pipeline.sh
|
||||
|
||||
detect-pipeline:
|
||||
runs-on: runners-privilegedescalation
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 5
|
||||
outputs:
|
||||
pipeline-type: ${{ steps.detect.outputs.pipeline-type }}
|
||||
|
||||
@@ -11,7 +11,7 @@ on:
|
||||
|
||||
jobs:
|
||||
ci:
|
||||
runs-on: runners-privilegedescalation
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 10
|
||||
|
||||
steps:
|
||||
|
||||
@@ -35,7 +35,7 @@ concurrency:
|
||||
|
||||
jobs:
|
||||
check-secrets:
|
||||
runs-on: runners-privilegedescalation
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
ready: ${{ steps.check.outputs.ready }}
|
||||
steps:
|
||||
@@ -61,7 +61,7 @@ jobs:
|
||||
check-token-permissions:
|
||||
needs: check-secrets
|
||||
if: needs.check-secrets.outputs.ready == 'true'
|
||||
runs-on: runners-privilegedescalation
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
has_write: ${{ steps.check.outputs.has_write }}
|
||||
steps:
|
||||
@@ -101,7 +101,7 @@ jobs:
|
||||
check-tag:
|
||||
needs: check-secrets
|
||||
if: needs.check-secrets.outputs.ready == 'true'
|
||||
runs-on: runners-privilegedescalation
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
skip: ${{ steps.check.outputs.skip }}
|
||||
steps:
|
||||
@@ -121,7 +121,7 @@ jobs:
|
||||
release:
|
||||
needs: [ci, check-tag, check-secrets, check-token-permissions]
|
||||
if: needs.check-secrets.outputs.ready == 'true' && needs.check-tag.outputs.skip != 'true' && needs.check-token-permissions.outputs.has_write == 'true'
|
||||
runs-on: runners-privilegedescalation
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 10
|
||||
|
||||
steps:
|
||||
@@ -310,6 +310,13 @@ jobs:
|
||||
git push origin "$BRANCH"
|
||||
git push origin "refs/tags/v${VERSION}"
|
||||
|
||||
- name: Generate GitHub App token
|
||||
id: app-token
|
||||
uses: actions/create-github-app-token@v3
|
||||
with:
|
||||
app-id: ${{ secrets.RELEASE_APP_ID }}
|
||||
private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
|
||||
|
||||
- name: Create GitHub Release
|
||||
uses: softprops/action-gh-release@v2
|
||||
with:
|
||||
@@ -318,14 +325,7 @@ jobs:
|
||||
fail_on_unmatched_files: false
|
||||
generate_release_notes: true
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Generate GitHub App token
|
||||
id: app-token
|
||||
uses: actions/create-github-app-token@v3
|
||||
with:
|
||||
app-id: ${{ secrets.RELEASE_APP_ID }}
|
||||
private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
|
||||
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
|
||||
|
||||
- name: Install GitHub CLI
|
||||
run: |
|
||||
|
||||
@@ -6,7 +6,7 @@ on:
|
||||
|
||||
jobs:
|
||||
validate:
|
||||
runs-on: runners-privilegedescalation
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 5
|
||||
|
||||
steps:
|
||||
|
||||
Reference in New Issue
Block a user