Merge pull request 'ci: pin actions to node20-safe tags + runner sock pass-through' (#8) from feat/runner-fix-docker-sock-and-node20 into main
This commit is contained in:
commit
3e660534a1
2 changed files with 16 additions and 6 deletions
13
.github/workflows/build-iso.yml
vendored
13
.github/workflows/build-iso.yml
vendored
|
|
@ -30,7 +30,9 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
# Pinned to last v4 tag confirmed to ship on node20. v4.2+ ships
|
||||
# node24 which forgejo-runner v6.4.0 (node20) cannot exec.
|
||||
uses: actions/checkout@v4.1.7
|
||||
|
||||
- name: Free up disk
|
||||
run: |
|
||||
|
|
@ -39,6 +41,9 @@ jobs:
|
|||
df -h
|
||||
|
||||
- name: Run build inside Fedora 43 container
|
||||
# v3 is composite/docker-based — no node runtime in the action
|
||||
# itself. Safe under node20 forgejo-runner. TODO(infra): consider
|
||||
# SHA pinning in a follow-up sweep.
|
||||
uses: addnab/docker-run-action@v3
|
||||
with:
|
||||
image: registry.fedoraproject.org/fedora:43
|
||||
|
|
@ -199,7 +204,8 @@ jobs:
|
|||
|
||||
- name: Publish to ci-latest rolling prerelease
|
||||
if: success() && github.ref == 'refs/heads/main'
|
||||
uses: softprops/action-gh-release@v2
|
||||
# Pinned to last v2 tag confirmed to ship on node20.
|
||||
uses: softprops/action-gh-release@v2.0.4
|
||||
with:
|
||||
tag_name: ci-latest
|
||||
name: "ci-latest (auto)"
|
||||
|
|
@ -233,7 +239,8 @@ jobs:
|
|||
|
||||
- name: Attach to release on tag
|
||||
if: github.event_name == 'release'
|
||||
uses: softprops/action-gh-release@v2
|
||||
# Pinned to last v2 tag confirmed to ship on node20.
|
||||
uses: softprops/action-gh-release@v2.0.4
|
||||
with:
|
||||
files: |
|
||||
build/out/*.iso
|
||||
|
|
|
|||
9
.github/workflows/lint.yml
vendored
9
.github/workflows/lint.yml
vendored
|
|
@ -12,7 +12,8 @@ jobs:
|
|||
container:
|
||||
image: registry.fedoraproject.org/fedora:43
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
# Pinned to last v4 tag confirmed to ship on node20.
|
||||
- uses: actions/checkout@v4.1.7
|
||||
- run: dnf -y install pykickstart
|
||||
- run: ksvalidator kickstart/veilor-os.ks
|
||||
|
||||
|
|
@ -20,7 +21,8 @@ jobs:
|
|||
name: Shell scripts
|
||||
runs-on: ubuntu-24.04
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
# Pinned to last v4 tag confirmed to ship on node20.
|
||||
- uses: actions/checkout@v4.1.7
|
||||
- uses: ludeeus/action-shellcheck@master
|
||||
with:
|
||||
severity: warning
|
||||
|
|
@ -30,7 +32,8 @@ jobs:
|
|||
name: No personal/onyx leaks
|
||||
runs-on: ubuntu-24.04
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
# Pinned to last v4 tag confirmed to ship on node20.
|
||||
- uses: actions/checkout@v4.1.7
|
||||
- name: Grep for leaks
|
||||
run: |
|
||||
set -e
|
||||
|
|
|
|||
Loading…
Reference in a new issue