Commit graph

93 commits

Author SHA1 Message Date
naveen
1331b65023 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-07 14:34:59 +02:00
Fabian Homborg
648fdc18f8 Remove CodeQL
I don't think we've had a lot of actionable errors or warnings from it, and it takes 30 minutes per push to master.
2022-06-02 16:45:05 +02:00
Fabian Homborg
7dce2c0607 Disable ASAN test
The current Github Actions ubuntu-latest image crashes in the
autosuggest_suggest_special test with ASAN.

We have not been able to reproduce this locally, and this is getting
in the way.

I have no idea how to disable this test on ASAN specifically, all my
attempts have failed. So the only recourse I know is to disable the
ASAN tests on GA entirely.
2022-04-18 10:06:25 +02:00
Fabian Homborg
e3c4cde042 Enable LSAN_OPTIONS
Whyyyyy does this not tell me what's broken by *default*?
2022-04-17 13:57:52 +02:00
ridiculousfish
06666f3d1d CI: Set CMAKE_BUILD_PARALLEL_LEVEL to 4.
This speeds up the CI build, since before it was effectively 1.
Build times on ubuntu-latest are reduced by slightly over 2 minutes.

Note Linux CI runners are defined to have 2 cores and Mac runners 3.
2022-01-02 18:01:54 -08:00
Aaron Gyes
124dac4781
Update main.yml 2021-12-02 05:54:29 -08:00
Aaron Gyes
1df7e9802f
CodeQL on master pushes
LGTM uses CodeQL and gives us green lights on PRs. This should live at https://github.com/fish-shell/fish-shell/security/code-scanning.
2021-12-02 04:23:09 -08:00
Kid
03f9c3d2e6 Give tests a more generic name 2021-11-16 12:06:55 +01:00
Aaron Gyes
1261b53d96
Revert 2021-11-07 01:06:57 -07:00
Aaron Gyes
61ccf87cee Revert! These were for my repo. Oh no.
Revert "Move the file - it was trying to triggr stuff."

This reverts commit 108560ff55.

Revert "fixup"

This reverts commit fdc0f2f6a7.

Revert "configure more analyzers, skip vendored stuff."

This reverts commit 023f6683f0.

Revert "Update codeql-analysis.yml"

This reverts commit ea25db544e.
2021-11-06 23:06:01 -07:00
Aaron Gyes
108560ff55 Move the file - it was trying to triggr stuff. 2021-11-06 22:52:29 -07:00
Aaron Gyes
fdc0f2f6a7 fixup 2021-11-06 22:18:19 -07:00
Aaron Gyes
023f6683f0 configure more analyzers, skip vendored stuff. 2021-11-06 22:16:28 -07:00
Aaron Gyes
ea25db544e
Update codeql-analysis.yml 2021-11-06 20:09:08 -07:00
Aaron Gyes
39a7f904b4
Update codeql-analysis.yml 2021-11-06 16:34:10 -07:00
Aaron Gyes
2cdc6002d9
Create codeql-analysis.yml 2021-11-06 16:27:00 -07:00
Fabian Homborg
fcb74f236a Lock enhancements and RFCs again
The point here is to let issues be *done*, and have any *new*
discussions happen in *new* issues so you can decouple the context.

This revert pending further discussion.
2021-11-02 18:15:30 +01:00
Aaron Gyes
e53c284753
Update lockthreads.yml
exclude RFCs, enhancement requests, have it run weekly.
2021-11-02 09:43:47 -07:00
Aaron Gyes
e30b6c47f0 Adjust the GitHub thread locker script.
Set locked thread inactivity count to default 365.

Add 'needs more info' as an obvious on its face exception.

The default seems quite an inconventient, very strict thing t do:
it will lock threads that are closed and quiet because they have
been quiet and closed. This seems to make it hard to talk about
issues after they are closed or contribute. I can as a fish-shell
contributor, but that's not really the point.

Practically, right now to reply to any PR or any issue fixed in
July, well you can't.
2021-10-24 04:50:25 -07:00
Mahmoud Al-Qudsi
aa25c4eccc Run tests serially under CI 2021-08-29 08:56:12 +02:00
Fabian Homborg
4c90ed0e0d Generate french locale
To keep myself honest, we're not gonna choose german
2021-07-29 17:20:20 +02:00
Johannes Altmanninger
28b17879c7 Install tmux to run tmux-tests on MacOS CI
Also install them explicitly on Linux, for better discoverability.
2021-05-01 22:51:35 +02:00
David Adam
fd184cb4ea GitHub Actions: drop UBSan suppressions
These were only needed on Travis, and only worked there in this form.
2021-04-07 20:29:54 +08:00
David Adam
a1f55b1b73 GitHub Actions: run tests against all branches 2021-04-07 20:27:58 +08:00
Fabian Homborg
e19a2f9f85 Github: Force using vendored pcre2
It seems an update to the ubuntu image github uses included pcre2, but
only the 64-bit version.

So since we now force a 32-bit fish but don't force the vendored pcre,
it complains.

Simply force the vendored pcre as well as I don't believe it's worth
it to change the pcre2 detection in this case.
2021-04-01 22:58:25 +02:00
Mahmoud Al-Qudsi
070e6e41ca Remove homebrew dependency in macOS CI workflow
The GitHub documentation states that python3 w/ pip3 is already
installed, and homebrew is slow as molasses (and when it finally runs it
gives a warning about python already being installed and up to date).
2021-02-22 20:35:56 -06:00
ridiculousfish
96f2de9d15 Revert "Disable Github Actions tsan"
This reverts commit 432f005859.

Thread Sanitizer issues have been sorted, so bravely re-enable
this test.
2021-02-07 10:59:10 -08:00
Fabian Homborg
432f005859 Disable Github Actions tsan
This was updated and now always fails, but it always did so - you can
test it with 3.1.2 as well, it's just not happy with the iothread
stuff.

Because it's super easy to test this locally this disables the github
actions test so it doesn't complain *constantly*.

See #7681
2021-02-06 21:32:42 +01:00
Fabian Homborg
32c65aa32c Lock threads only once a day
This ran hourly, and that's really not necessary anymore.
2021-01-11 21:03:10 +01:00
Fabian Homborg
17ceb71169 Increase issue lock time to half a year
Sometimes three months is quite soon, let's see how half a year works out.
2020-12-26 19:36:55 +01:00
ridiculousfish
c1cfefa057 Attempt to fix the ubuntu 32 bit vendored PCRE build
Use 'apt update' and see what happens
2020-12-19 18:22:10 -08:00
Fabian Homborg
6ceada8aa1 CI: Add sanitizer builds 2020-11-11 17:55:03 +01:00
Fabian Homborg
afa57619a8 CI: Add 32bit Ubuntu build with vendored pcre2
From Travis
2020-11-11 17:53:18 +01:00
Fabian Homborg
6e3537dbde CI: Add CXXFLAGS from Travis
This errored for some Warnings to match OBS
2020-11-11 17:43:24 +01:00
Fabian Homborg
bff1f1aeea Actually run the tests on Github Actions Ubuntu
Oops
2020-11-07 07:55:47 +01:00
Fabian Homborg
811ba586ea Github Actions: Try macOS again
Once more into the breach!

See #7447.
2020-11-02 21:04:36 +01:00
Fabian Homborg
92b987145e Disable macos tests on github again
Yeah, just *much* too slow to not be super flaky.
2020-06-19 23:13:21 +02:00
Fabian Homborg
56a9e698d0 Github Actions: Work around macos codesigning
We can't use gettext and we won't use system pcre2.
2020-06-18 17:27:07 +02:00
Fabian Homborg
89622eb6f3 Github actions: Try macos again
This might possibly use pexpect
2020-06-18 17:20:27 +02:00
Fabian Homborg
298073f08c github: Use pexpect 2020-06-18 17:10:09 +02:00
Fabian Homborg
d2cc59dc73 github actions: Disable macOS for now
This just fails left and right. Once we've merged the pexpect stuff
and remove the too-tight tests we can try enabling it again.
2020-04-18 10:31:22 +02:00
Fabian Homborg
6669240f81 Automatically lock closed issues/prs after 90 days
We've been getting a bunch of comments on old closed issues. Instead
people should create new ones.

This adds a github "workflow" that should lock closed issues/prs after
90 days, except those labelled "question".

Let's see how it works out.
2020-04-16 18:54:38 +02:00
Fabian Homborg
66b0fa72aa Add github actions CI 2020-04-04 13:31:48 +02:00