github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-04-04 19:16:12 +00:00
Code Issues Projects Releases Wiki Activity

gha: zizmor: fix "workflow or action definition without a name" error

Browse Source 
This fixes that error everywhere by adding a `name:` field to all jobs that
were missing it. We keep the same name as the job ID to ensure no
disturbance to the required job names.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
This commit is contained in:
Aurélien Bombo
2025-09-25 16:19:48 -05:00
committed by Aurélien Bombo
parent ceb348ad98
commit 10fefb6d63
46 changed files with 89 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/actionlint.yaml vendored
View File

@@ -20,6 +20,7 @@ concurrency:
jobs:
run-actionlint:
name: run-actionlint
env:
GH_TOKEN: ${{ github.token }}
runs-on: ubuntu-24.04

9
.github/workflows/basic-ci-amd64.yaml vendored
View File

@@ -17,6 +17,7 @@ permissions: {}
jobs:
run-containerd-sandboxapi:
name: run-containerd-sandboxapi
strategy:
# We can set this to true whenever we're 100% sure that
# the all the tests are not flaky, otherwise we'll fail
@@ -63,6 +64,7 @@ jobs:
run: bash tests/integration/cri-containerd/gha-run.sh run
run-containerd-stability:
name: run-containerd-stability
strategy:
fail-fast: false
matrix:
@@ -103,6 +105,7 @@ jobs:
run: bash tests/stability/gha-run.sh run
run-nydus:
name: run-nydus
strategy:
# We can set this to true whenever we're 100% sure that
# the all the tests are not flaky, otherwise we'll fail
@@ -146,6 +149,7 @@ jobs:
run: bash tests/integration/nydus/gha-run.sh run
run-runk:
name: run-runk
# Skip runk tests as we have no maintainers. TODO: Decide when to remove altogether
if: false
runs-on: ubuntu-22.04
@@ -181,6 +185,7 @@ jobs:
run: bash tests/integration/runk/gha-run.sh run
run-tracing:
name: run-tracing
strategy:
fail-fast: false
matrix:
@@ -223,6 +228,7 @@ jobs:
run: bash tests/functional/tracing/gha-run.sh run
run-vfio:
name: run-vfio
strategy:
fail-fast: false
matrix:
@@ -264,6 +270,7 @@ jobs:
run: bash tests/functional/vfio/gha-run.sh run
run-docker-tests:
name: run-docker-tests
strategy:
# We can set this to true whenever we're 100% sure that
# all the tests are not flaky, otherwise we'll fail them
@@ -308,6 +315,7 @@ jobs:
run: bash tests/integration/docker/gha-run.sh run
run-nerdctl-tests:
name: run-nerdctl-tests
strategy:
# We can set this to true whenever we're 100% sure that
# all the tests are not flaky, otherwise we'll fail them
@@ -366,6 +374,7 @@ jobs:
retention-days: 1
run-kata-agent-apis:
name: run-kata-agent-apis
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

3
.github/workflows/basic-ci-s390x.yaml vendored
View File

@@ -17,6 +17,7 @@ permissions: {}
jobs:
run-containerd-sandboxapi:
name: run-containerd-sandboxapi
strategy:
# We can set this to true whenever we're 100% sure that
# the all the tests are not flaky, otherwise we'll fail
@@ -63,6 +64,7 @@ jobs:
run: bash tests/integration/cri-containerd/gha-run.sh run
run-containerd-stability:
name: run-containerd-stability
strategy:
fail-fast: false
matrix:
@@ -104,6 +106,7 @@ jobs:
run: bash tests/stability/gha-run.sh run
run-docker-tests:
name: run-docker-tests
strategy:
# We can set this to true whenever we're 100% sure that
# all the tests are not flaky, otherwise we'll fail them

1
.github/workflows/build-checks-preview-riscv64.yaml vendored
View File

@@ -17,6 +17,7 @@ permissions: {}
name: Build checks preview riscv64
jobs:
check:
name: check
runs-on: ${{ inputs.instance }}
strategy:
fail-fast: false

1
.github/workflows/build-checks.yaml vendored
View File

@@ -11,6 +11,7 @@ permissions: {}
name: Build checks
jobs:
check:
name: check
runs-on: ${{ inputs.instance }}
strategy:
fail-fast: false

6
.github/workflows/build-kata-static-tarball-amd64.yaml vendored
View File

@@ -28,6 +28,7 @@ permissions: {}
jobs:
build-asset:
name: build-asset
runs-on: ubuntu-22.04
permissions:
contents: read
@@ -154,6 +155,7 @@ jobs:
if-no-files-found: error
build-asset-rootfs:
name: build-asset-rootfs
runs-on: ubuntu-22.04
needs: build-asset
permissions:
@@ -225,6 +227,7 @@ jobs:
# We don't need the binaries installed in the rootfs as part of the release tarball, so can delete them now we've built the rootfs
remove-rootfs-binary-artifacts:
name: remove-rootfs-binary-artifacts
runs-on: ubuntu-22.04
needs: build-asset-rootfs
strategy:
@@ -242,6 +245,7 @@ jobs:
# We don't need the binaries installed in the rootfs as part of the release tarball, so can delete them now we've built the rootfs
remove-rootfs-binary-artifacts-for-release:
name: remove-rootfs-binary-artifacts-for-release
runs-on: ubuntu-22.04
needs: build-asset-rootfs
strategy:
@@ -255,6 +259,7 @@ jobs:
name: kata-artifacts-amd64-${{ matrix.asset}}${{ inputs.tarball-suffix }}
build-asset-shim-v2:
name: build-asset-shim-v2
runs-on: ubuntu-22.04
needs: [build-asset, build-asset-rootfs, remove-rootfs-binary-artifacts, remove-rootfs-binary-artifacts-for-release]
permissions:
@@ -316,6 +321,7 @@ jobs:
if-no-files-found: error
create-kata-tarball:
name: create-kata-tarball
runs-on: ubuntu-22.04
needs: [build-asset, build-asset-rootfs, build-asset-shim-v2]
permissions:

6
.github/workflows/build-kata-static-tarball-arm64.yaml vendored
View File

@@ -28,6 +28,7 @@ permissions: {}
jobs:
build-asset:
name: build-asset
runs-on: ubuntu-22.04-arm
permissions:
contents: read
@@ -134,6 +135,7 @@ jobs:
if-no-files-found: error
build-asset-rootfs:
name: build-asset-rootfs
runs-on: ubuntu-22.04-arm
needs: build-asset
permissions:
@@ -200,6 +202,7 @@ jobs:
# We don't need the binaries installed in the rootfs as part of the release tarball, so can delete them now we've built the rootfs
remove-rootfs-binary-artifacts:
name: remove-rootfs-binary-artifacts
runs-on: ubuntu-22.04-arm
needs: build-asset-rootfs
strategy:
@@ -214,6 +217,7 @@ jobs:
# We don't need the binaries installed in the rootfs as part of the release tarball, so can delete them now we've built the rootfs
remove-rootfs-binary-artifacts-for-release:
name: remove-rootfs-binary-artifacts-for-release
runs-on: ubuntu-22.04-arm
needs: build-asset-rootfs
strategy:
@@ -227,6 +231,7 @@ jobs:
name: kata-artifacts-arm64-${{ matrix.asset}}${{ inputs.tarball-suffix }}
build-asset-shim-v2:
name: build-asset-shim-v2
runs-on: ubuntu-22.04-arm
needs: [build-asset, build-asset-rootfs, remove-rootfs-binary-artifacts, remove-rootfs-binary-artifacts-for-release]
permissions:
@@ -286,6 +291,7 @@ jobs:
if-no-files-found: error
create-kata-tarball:
name: create-kata-tarball
runs-on: ubuntu-22.04-arm
needs: [build-asset, build-asset-rootfs, build-asset-shim-v2]
permissions:

5
.github/workflows/build-kata-static-tarball-ppc64le.yaml vendored
View File

@@ -28,6 +28,7 @@ permissions: {}
jobs:
build-asset:
name: build-asset
permissions:
contents: read
packages: write
@@ -87,6 +88,7 @@ jobs:
if-no-files-found: error
build-asset-rootfs:
name: build-asset-rootfs
runs-on: ppc64le
needs: build-asset
permissions:
@@ -153,6 +155,7 @@ jobs:
# We don't need the binaries installed in the rootfs as part of the release tarball, so can delete them now we've built the rootfs
remove-rootfs-binary-artifacts:
name: remove-rootfs-binary-artifacts
runs-on: ubuntu-22.04
needs: build-asset-rootfs
strategy:
@@ -166,6 +169,7 @@ jobs:
name: kata-artifacts-ppc64le-${{ matrix.asset}}${{ inputs.tarball-suffix }}
build-asset-shim-v2:
name: build-asset-shim-v2
runs-on: ppc64le
needs: [build-asset, build-asset-rootfs, remove-rootfs-binary-artifacts]
permissions:
@@ -225,6 +229,7 @@ jobs:
if-no-files-found: error
create-kata-tarball:
name: create-kata-tarball
runs-on: ppc64le
needs: [build-asset, build-asset-rootfs, build-asset-shim-v2]
permissions:

1
.github/workflows/build-kata-static-tarball-riscv64.yaml vendored
View File

@@ -28,6 +28,7 @@ permissions: {}
jobs:
build-asset:
name: build-asset
runs-on: riscv-builder
permissions:
contents: read

6
.github/workflows/build-kata-static-tarball-s390x.yaml vendored
View File

@@ -31,6 +31,7 @@ permissions: {}
jobs:
build-asset:
name: build-asset
runs-on: s390x
permissions:
contents: read
@@ -119,6 +120,7 @@ jobs:
if-no-files-found: error
build-asset-rootfs:
name: build-asset-rootfs
runs-on: s390x
needs: build-asset
permissions:
@@ -186,6 +188,7 @@ jobs:
if-no-files-found: error
build-asset-boot-image-se:
name: build-asset-boot-image-se
runs-on: s390x
needs: [build-asset, build-asset-rootfs]
permissions:
@@ -235,6 +238,7 @@ jobs:
# We don't need the binaries installed in the rootfs as part of the release tarball, so can delete them now we've built the rootfs
remove-rootfs-binary-artifacts:
name: remove-rootfs-binary-artifacts
runs-on: ubuntu-22.04
needs: [build-asset-rootfs, build-asset-boot-image-se]
strategy:
@@ -250,6 +254,7 @@ jobs:
name: kata-artifacts-s390x-${{ matrix.asset}}${{ inputs.tarball-suffix }}
build-asset-shim-v2:
name: build-asset-shim-v2
runs-on: s390x
needs: [build-asset, build-asset-rootfs, remove-rootfs-binary-artifacts]
permissions:
@@ -311,6 +316,7 @@ jobs:
if-no-files-found: error
create-kata-tarball:
name: create-kata-tarball
runs-on: s390x
needs:
- build-asset

1
.github/workflows/cargo-deny-runner.yaml vendored
View File

@@ -15,6 +15,7 @@ permissions: {}
jobs:
cargo-deny-runner:
name: cargo-deny-runner
runs-on: ubuntu-22.04
steps:

1
.github/workflows/ci-nightly-s390x.yaml vendored
View File

@@ -8,6 +8,7 @@ permissions: {}
jobs:
check-internal-test-result:
name: check-internal-test-result
runs-on: s390x
strategy:
fail-fast: false

1
.github/workflows/ci-weekly.yaml vendored
View File

@@ -62,6 +62,7 @@ jobs:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-and-publish-tee-confidential-unencrypted-image:
name: build-and-publish-tee-confidential-unencrypted-image
permissions:
contents: read
packages: write

2
.github/workflows/ci.yaml vendored
View File

@@ -177,6 +177,7 @@ jobs:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-and-publish-tee-confidential-unencrypted-image:
name: build-and-publish-tee-confidential-unencrypted-image
permissions:
contents: read
packages: write
@@ -218,6 +219,7 @@ jobs:
file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile
publish-csi-driver-amd64:
name: publish-csi-driver-amd64
needs: build-kata-static-tarball-amd64
permissions:
contents: read

1
.github/workflows/cleanup-resources.yaml vendored
View File

@@ -8,6 +8,7 @@ permissions: {}
jobs:
cleanup-resources:
name: cleanup-resources
runs-on: ubuntu-22.04
permissions:
id-token: write # Used for OIDC access to log into Azure

1
.github/workflows/darwin-tests.yaml vendored
View File

@@ -15,6 +15,7 @@ concurrency:
name: Darwin tests
jobs:
test:
name: test
runs-on: macos-latest
steps:
- name: Install Go

1
.github/workflows/docs-url-alive-check.yaml vendored
View File

@@ -7,6 +7,7 @@ permissions: {}
name: Docs URL Alive Check
jobs:
test:
name: test
runs-on: ubuntu-22.04
# don't run this action on forks
if: github.repository_owner == 'kata-containers'

1
.github/workflows/gatekeeper-skipper.yaml vendored
View File

@@ -35,6 +35,7 @@ permissions: {}
jobs:
skipper:
name: skipper
runs-on: ubuntu-22.04
outputs:
skip_build: ${{ steps.skipper.outputs.skip_build }}

1
.github/workflows/gatekeeper.yaml vendored
View File

@@ -20,6 +20,7 @@ concurrency:
jobs:
gatekeeper:
name: gatekeeper
runs-on: ubuntu-22.04
permissions:
actions: read

1
.github/workflows/govulncheck.yaml vendored
View File

@@ -7,6 +7,7 @@ permissions: {}
jobs:
govulncheck:
name: govulncheck
runs-on: ubuntu-22.04
strategy:
matrix:

3
.github/workflows/kata-runtime-classes-sync.yaml vendored
View File

@@ -1,3 +1,5 @@
name: kata-runtime-classes-sync
on:
pull_request:
types:
@@ -14,6 +16,7 @@ concurrency:
jobs:
kata-deploy-runtime-classes-check:
name: kata-deploy-runtime-classes-check
runs-on: ubuntu-22.04
steps:
- name: Checkout code

1
.github/workflows/payload-after-push.yaml vendored
View File

@@ -135,6 +135,7 @@ jobs:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-manifest:
name: publish-manifest
runs-on: ubuntu-22.04
permissions:
contents: read

1
.github/workflows/publish-kata-deploy-payload.yaml vendored
View File

@@ -38,6 +38,7 @@ permissions: {}
jobs:
kata-payload:
name: kata-payload
permissions:
contents: read
packages: write

1
.github/workflows/release-amd64.yaml vendored
View File

@@ -26,6 +26,7 @@ jobs:
attestations: write
kata-deploy:
name: kata-deploy
needs: build-kata-static-tarball-amd64
permissions:
contents: read

1
.github/workflows/release-arm64.yaml vendored
View File

@@ -26,6 +26,7 @@ jobs:
attestations: write
kata-deploy:
name: kata-deploy
needs: build-kata-static-tarball-arm64
permissions:
contents: read

1
.github/workflows/release-ppc64le.yaml vendored
View File

@@ -26,6 +26,7 @@ jobs:
attestations: write
kata-deploy:
name: kata-deploy
needs: build-kata-static-tarball-ppc64le
permissions:
contents: read

1
.github/workflows/release-s390x.yaml vendored
View File

@@ -30,6 +30,7 @@ jobs:
kata-deploy:
name: kata-deploy
needs: build-kata-static-tarball-s390x
permissions:
contents: read

8
.github/workflows/release.yaml vendored
View File

@@ -6,6 +6,7 @@ permissions: {}
jobs:
release:
name: release
runs-on: ubuntu-22.04
permissions:
contents: write # needed for the `gh release create` command
@@ -76,6 +77,7 @@ jobs:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-multi-arch-images:
name: publish-multi-arch-images
runs-on: ubuntu-22.04
needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le]
permissions:
@@ -113,6 +115,7 @@ jobs:
KATA_DEPLOY_REGISTRIES: "quay.io/kata-containers/kata-deploy ghcr.io/kata-containers/kata-deploy"
upload-multi-arch-static-tarball:
name: upload-multi-arch-static-tarball
needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le]
permissions:
contents: write # needed for the `gh release` commands
@@ -177,6 +180,7 @@ jobs:
ARCHITECTURE: ppc64le
upload-versions-yaml:
name: upload-versions-yaml
needs: release
runs-on: ubuntu-22.04
permissions:
@@ -194,6 +198,7 @@ jobs:
GH_TOKEN: ${{ github.token }}
upload-cargo-vendored-tarball:
name: upload-cargo-vendored-tarball
needs: release
runs-on: ubuntu-22.04
permissions:
@@ -211,6 +216,7 @@ jobs:
GH_TOKEN: ${{ github.token }}
upload-libseccomp-tarball:
name: upload-libseccomp-tarball
needs: release
runs-on: ubuntu-22.04
permissions:
@@ -228,6 +234,7 @@ jobs:
GH_TOKEN: ${{ github.token }}
upload-helm-chart-tarball:
name: upload-helm-chart-tarball
needs: release
runs-on: ubuntu-22.04
permissions:
@@ -264,6 +271,7 @@ jobs:
helm push "kata-deploy-${release_version}.tgz" oci://ghcr.io/kata-containers/kata-deploy-charts
publish-release:
name: publish-release
needs: [ build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le, publish-multi-arch-images, upload-multi-arch-static-tarball, upload-versions-yaml, upload-cargo-vendored-tarball, upload-libseccomp-tarball ]
runs-on: ubuntu-22.04
permissions:

1
.github/workflows/run-k8s-tests-on-aks.yaml vendored
View File

@@ -38,6 +38,7 @@ permissions: {}
jobs:
run-k8s-tests:
name: run-k8s-tests
strategy:
fail-fast: false
matrix:

1
.github/workflows/run-k8s-tests-on-amd64.yaml vendored
View File

@@ -26,6 +26,7 @@ permissions: {}
jobs:
run-k8s-tests-amd64:
name: run-k8s-tests-amd64
strategy:
fail-fast: false
matrix:

1
.github/workflows/run-k8s-tests-on-arm64.yaml vendored
View File

@@ -26,6 +26,7 @@ permissions: {}
jobs:
run-k8s-tests-on-arm64:
name: run-k8s-tests-on-arm64
strategy:
fail-fast: false
matrix:

1
.github/workflows/run-k8s-tests-on-ppc64le.yaml vendored
View File

@@ -26,6 +26,7 @@ permissions: {}
jobs:
run-k8s-tests:
name: run-k8s-tests
strategy:
fail-fast: false
matrix:

1
.github/workflows/run-k8s-tests-on-zvsi.yaml vendored
View File

@@ -29,6 +29,7 @@ permissions: {}
jobs:
run-k8s-tests:
name: run-k8s-tests
strategy:
fail-fast: false
matrix:

1
.github/workflows/run-kata-coco-stability-tests.yaml vendored
View File

@@ -40,6 +40,7 @@ permissions: {}
jobs:
# Generate jobs for testing CoCo on non-TEE environments
run-stability-k8s-tests-coco-nontee:
name: run-stability-k8s-tests-coco-nontee
strategy:
fail-fast: false
matrix:

3
.github/workflows/run-kata-coco-tests.yaml vendored
View File

@@ -40,6 +40,7 @@ permissions: {}
jobs:
run-k8s-tests-on-tdx:
name: run-k8s-tests-on-tdx
strategy:
fail-fast: false
matrix:
@@ -125,6 +126,7 @@ jobs:
run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
run-k8s-tests-sev-snp:
name: run-k8s-tests-sev-snp
strategy:
fail-fast: false
matrix:
@@ -211,6 +213,7 @@ jobs:
# Generate jobs for testing CoCo on non-TEE environments
run-k8s-tests-coco-nontee:
name: run-k8s-tests-coco-nontee
strategy:
fail-fast: false
matrix:

1
.github/workflows/run-kata-deploy-tests-on-aks.yaml vendored
View File

@@ -33,6 +33,7 @@ permissions: {}
jobs:
run-kata-deploy-tests:
name: run-kata-deploy-tests
strategy:
fail-fast: false
matrix:

1
.github/workflows/run-kata-deploy-tests.yaml vendored
View File

@@ -26,6 +26,7 @@ permissions: {}
jobs:
run-kata-deploy-tests:
name: run-kata-deploy-tests
strategy:
fail-fast: false
matrix:

1
.github/workflows/run-kata-monitor-tests.yaml vendored
View File

@@ -17,6 +17,7 @@ permissions: {}
jobs:
run-monitor:
name: run-monitor
strategy:
fail-fast: false
matrix:

1
.github/workflows/run-metrics.yaml vendored
View File

@@ -26,6 +26,7 @@ permissions: {}
jobs:
run-metrics:
name: run-metrics
strategy:
# We can set this to true whenever we're 100% sure that
# the all the tests are not flaky, otherwise we'll fail

1
.github/workflows/run-runk-tests.yaml vendored
View File

@@ -17,6 +17,7 @@ permissions: {}
jobs:
run-runk:
name: run-runk
# Skip runk tests as we have no maintainers. TODO: Decide when to remove altogether
if: false
runs-on: ubuntu-22.04

1
.github/workflows/shellcheck.yaml vendored
View File

@@ -18,6 +18,7 @@ concurrency:
jobs:
shellcheck:
name: shellcheck
runs-on: ubuntu-24.04
steps:
- name: Checkout the code

1
.github/workflows/shellcheck_required.yaml vendored
View File

@@ -19,6 +19,7 @@ concurrency:
jobs:
shellcheck-required:
name: shellcheck-required
runs-on: ubuntu-24.04
steps:
- name: Checkout the code

1
.github/workflows/stale.yaml vendored
View File

@@ -8,6 +8,7 @@ permissions: {}
jobs:
stale:
name: stale
runs-on: ubuntu-22.04
steps:
- uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0

3
.github/workflows/static-checks.yaml vendored
View File

@@ -22,6 +22,7 @@ jobs:
target-branch: ${{ github.event.pull_request.base.ref }}
check-kernel-config-version:
name: check-kernel-config-version
needs: skipper
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
runs-on: ubuntu-22.04
@@ -54,6 +55,7 @@ jobs:
instance: ubuntu-22.04
build-checks-depending-on-kvm:
name: build-checks-depending-on-kvm
runs-on: ubuntu-22.04
needs: skipper
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
@@ -95,6 +97,7 @@ jobs:
RUST_LIB_BACKTRACE: "0"
static-checks:
name: static-checks
runs-on: ubuntu-22.04
needs: skipper
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}

1
.github/workflows/zizmor.yaml vendored
View File

@@ -11,6 +11,7 @@ concurrency:
jobs:
zizmor:
name: zizmor
runs-on: ubuntu-22.04
steps:
- name: Checkout repository

1
src/runtime/pkg/govmm/.github/workflows/main.yml vendored
View File

@@ -6,6 +6,7 @@ permissions:
jobs:
test:
name: test
strategy:
matrix:
go-version: [1.15.x, 1.16.x]