Mirrored_Repos/DarkflameServer
1
0
Fork 0
mirror of https://github.com/DarkflameUniverse/DarkflameServer.git synced 2026-06-06 23:04:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: update GitHub Actions workflows with version pinning and permission adjustments

Browse Source
This commit is contained in:
Aaron Kimbrell
2026-05-28 14:16:29 -05:00
parent bba8d33719
commit ae20819e22
5 changed files with 24 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/build-and-push-docker.yml vendored
View File

@@ -25,16 +25,16 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
submodules: recursive submodules: recursive
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
- name: Log in to the Container registry - name: Log in to the Container registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/login-action@v3 uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -42,7 +42,7 @@ jobs:
- name: Extract metadata (tags, labels) for Docker - name: Extract metadata (tags, labels) for Docker
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: | tags: |
@@ -55,7 +55,7 @@ jobs:
- name: Build and push Docker image - name: Build and push Docker image
id: push id: push
uses: docker/build-push-action@v6 uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with: with:
context: . context: .
push: ${{ github.event_name != 'pull_request' }} push: ${{ github.event_name != 'pull_request' }}
@@ -66,7 +66,7 @@ jobs:
- name: Generate artifact attestation - name: Generate artifact attestation
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: actions/attest-build-provenance@v2 uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with: with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }} subject-digest: ${{ steps.push.outputs.digest }}

14
.github/workflows/build-and-test.yml vendored
View File

@@ -12,18 +12,18 @@ jobs:
build-and-test: build-and-test:
name: Build & Test (${{ matrix.os }}) name: Build & Test (${{ matrix.os }})
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
continue-on-error: true continue-on-error: ${{ github.event_name != 'push' || !startsWith(github.ref, 'refs/tags/v') }}
strategy: strategy:
matrix: matrix:
os: [ windows-2022, ubuntu-22.04, macos-15-intel ] os: [ windows-2022, ubuntu-22.04, macos-15-intel ]
steps: steps:
- uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 - uses: actions/checkout@v4
with: with:
submodules: true submodules: true
- name: Add msbuild to PATH (Windows only) - name: Add msbuild to PATH (Windows only)
if: ${{ matrix.os == 'windows-2022' }} if: ${{ matrix.os == 'windows-2022' }}
uses: microsoft/setup-msbuild@767f00a3f09872d96a0cb9fcd5e6a4ff33311330 uses: microsoft/setup-msbuild@30375c66a4eea26614e0d39710365f22f8b0af57 # v3
with: with:
vs-version: '[17,18)' vs-version: '[17,18)'
msbuild-architecture: x64 msbuild-architecture: x64
@@ -33,15 +33,15 @@ jobs:
brew install openssl@3 brew install openssl@3
sudo xcode-select -s /Applications/Xcode_15.2.app/Contents/Developer sudo xcode-select -s /Applications/Xcode_15.2.app/Contents/Developer
- name: Get CMake 3.x - name: Get CMake 3.x
uses: lukka/get-cmake@28983e0d3955dba2bb0a6810caae0c6cf268ec0c uses: lukka/get-cmake@591817e96fcad43505fb4eae36172462abb3a42e # v4.3.3
with: with:
cmakeVersion: "~3.25.0" # <--= optional, use most recent 3.25.x version cmakeVersion: "~3.25.0"
- name: cmake - name: cmake
uses: lukka/run-cmake@67c73a83a46f86c4e0b96b741ac37ff495478c38 uses: lukka/run-cmake@5d55ea7949e25f69f0ecb516d8d572297e03a956 # v10.9
with: with:
workflowPreset: "ci-${{matrix.os}}" workflowPreset: "ci-${{matrix.os}}"
- name: artifacts - name: artifacts
uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47 uses: actions/upload-artifact@v4
with: with:
name: build-${{matrix.os}} name: build-${{matrix.os}}
path: | path: |

8
.github/workflows/canary.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha }} ref: ${{ github.event.workflow_run.head_sha }}
@@ -29,7 +29,7 @@ jobs:
echo "tag=$tag" >> "$GITHUB_OUTPUT" echo "tag=$tag" >> "$GITHUB_OUTPUT"
- name: Generate changelog since last release tag - name: Generate changelog since last release tag
uses: orhun/git-cliff-action@v4 uses: orhun/git-cliff-action@f50e11560dce63f7c33227798f90b924471a88b5 # v4.8.0
id: cliff id: cliff
with: with:
config: cliff.toml config: cliff.toml
@@ -51,7 +51,7 @@ jobs:
printf "%b" "$header" | cat - CHANGES.md > CHANGES.tmp && mv CHANGES.tmp CHANGES.md printf "%b" "$header" | cat - CHANGES.md > CHANGES.tmp && mv CHANGES.tmp CHANGES.md
- name: Download artifacts from CI run - name: Download artifacts from CI run
uses: dawidd6/action-download-artifact@v6 uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
with: with:
run_id: ${{ github.event.workflow_run.id }} run_id: ${{ github.event.workflow_run.id }}
path: artifacts/ path: artifacts/
@@ -78,7 +78,7 @@ jobs:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create canary pre-release - name: Create canary pre-release
uses: ncipollo/release-action@v1 uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0
with: with:
tag: canary tag: canary
name: "Canary ${{ steps.last_tag.outputs.tag }}+${{ github.event.workflow_run.head_sha }}" name: "Canary ${{ steps.last_tag.outputs.tag }}+${{ github.event.workflow_run.head_sha }}"

2
.github/workflows/pr-title-check.yml vendored
View File

@@ -5,7 +5,7 @@ on:
types: [opened, edited, synchronize, reopened] types: [opened, edited, synchronize, reopened]
permissions: permissions:
pull-requests: read pull-requests: write
jobs: jobs:
check-title: check-title:

11
.github/workflows/release.yml vendored
View File

@@ -12,20 +12,21 @@ permissions:
jobs: jobs:
release: release:
name: Create Release name: Create Release
# Only run when CI completed successfully on a version tag # Only run when CI completed successfully on a tag push (not a PR branch named like a version)
if: | if: |
github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.event == 'push' &&
startsWith(github.event.workflow_run.head_branch, 'v') startsWith(github.event.workflow_run.head_branch, 'v')
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha }} ref: ${{ github.event.workflow_run.head_sha }}
- name: Generate changelog - name: Generate changelog
uses: orhun/git-cliff-action@v4 uses: orhun/git-cliff-action@f50e11560dce63f7c33227798f90b924471a88b5 # v4.8.0
id: cliff id: cliff
with: with:
config: cliff.toml config: cliff.toml
@@ -35,7 +36,7 @@ jobs:
GITHUB_REPO: ${{ github.repository }} GITHUB_REPO: ${{ github.repository }}
- name: Download artifacts from CI run - name: Download artifacts from CI run
uses: dawidd6/action-download-artifact@v6 uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
with: with:
run_id: ${{ github.event.workflow_run.id }} run_id: ${{ github.event.workflow_run.id }}
path: artifacts/ path: artifacts/
@@ -57,7 +58,7 @@ jobs:
ls -lh *.zip ls -lh *.zip
- name: Create GitHub Release - name: Create GitHub Release
uses: ncipollo/release-action@v1 uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0
with: with:
tag: ${{ github.event.workflow_run.head_branch }} tag: ${{ github.event.workflow_run.head_branch }}
name: ${{ github.event.workflow_run.head_branch }} name: ${{ github.event.workflow_run.head_branch }}