github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-12 14:48:13 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11389 from kata-containers/checkout-persist-credentials-false

Browse Source 
workflows: Set persist-credentials: false on checkout
This commit is contained in:
Steve Horsman 2025-06-16 09:58:22 +01:00 committed by GitHub
commit 64c95cb996
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
44 changed files with 100 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/actionlint.yaml vendored
View File

@ -28,6 +28,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Install actionlint gh extension - name: Install actionlint gh extension
run: gh extension install https://github.com/cschleiden/gh-actionlint run: gh extension install https://github.com/cschleiden/gh-actionlint

13
.github/workflows/basic-ci-amd64.yaml vendored
View File

@ -36,6 +36,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -79,6 +80,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -119,7 +121,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
@ -161,6 +163,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -195,6 +198,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -236,6 +240,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -279,6 +284,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -319,6 +325,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -362,6 +369,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -400,14 +408,13 @@ jobs:
retention-days: 1 retention-days: 1
run-kata-agent-apis: run-kata-agent-apis:
strategy:
fail-fast: false
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

4
.github/workflows/basic-ci-s390x.yaml vendored
View File

@ -36,6 +36,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -78,6 +79,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -118,6 +120,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -157,6 +160,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/build-checks-preview-riscv64.yaml vendored
View File

@ -75,6 +75,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Install yq - name: Install yq
run: | run: |

1
.github/workflows/build-checks.yaml vendored
View File

@ -73,6 +73,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Install yq - name: Install yq
run: | run: |

4
.github/workflows/build-kata-static-tarball-amd64.yaml vendored
View File

@ -84,6 +84,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -182,6 +183,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -272,6 +274,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -324,6 +327,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"

4
.github/workflows/build-kata-static-tarball-arm64.yaml vendored
View File

@ -65,6 +65,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -158,6 +159,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -244,6 +246,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -294,6 +297,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"

4
.github/workflows/build-kata-static-tarball-ppc64le.yaml vendored
View File

@ -55,6 +55,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -111,6 +112,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -183,6 +185,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -237,6 +240,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"

1
.github/workflows/build-kata-static-tarball-riscv64.yaml vendored
View File

@ -53,6 +53,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

7
.github/workflows/build-kata-static-tarball-s390x.yaml vendored
View File

@ -63,6 +63,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -144,6 +145,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -192,7 +194,8 @@ jobs:
packages: write packages: write
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
@ -266,6 +269,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -322,6 +326,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"

2
.github/workflows/cargo-deny-runner.yaml vendored
View File

@ -22,6 +22,8 @@ jobs:
- name: Checkout Code - name: Checkout Code
if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }}
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Generate Action - name: Generate Action
if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }}
run: bash cargo-deny-generator.sh run: bash cargo-deny-generator.sh

1
.github/workflows/ci-weekly.yaml vendored
View File

@ -73,6 +73,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

2
.github/workflows/ci.yaml vendored
View File

@ -189,6 +189,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -230,6 +231,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

2
.github/workflows/cleanup-resources.yaml vendored
View File

@ -14,6 +14,8 @@ jobs:
environment: ci environment: ci
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- name: Log into Azure - name: Log into Azure
uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0

2
.github/workflows/codeql.yml vendored
View File

@ -61,6 +61,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
# Add any setup steps before running the `github/codeql-action/init` action. # Add any setup steps before running the `github/codeql-action/init` action.
# This includes steps like installing compilers or runtimes (`actions/setup-node` # This includes steps like installing compilers or runtimes (`actions/setup-node`

2
.github/workflows/darwin-tests.yaml vendored
View File

@ -24,5 +24,7 @@ jobs:
go-version: 1.23.7 go-version: 1.23.7
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Build utils - name: Build utils
run: ./ci/darwin-test.sh run: ./ci/darwin-test.sh

1
.github/workflows/docs-url-alive-check.yaml vendored
View File

@ -28,6 +28,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
path: ./src/github.com/${{ github.repository }} path: ./src/github.com/${{ github.repository }}
# docs url alive check # docs url alive check
- name: Docs URL Alive Check - name: Docs URL Alive Check

1
.github/workflows/gatekeeper-skipper.yaml vendored
View File

@ -46,6 +46,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- id: skipper - id: skipper
env: env:
TARGET_BRANCH: ${{ inputs.target-branch }} TARGET_BRANCH: ${{ inputs.target-branch }}

1
.github/workflows/gatekeeper.yaml vendored
View File

@ -32,6 +32,7 @@ jobs:
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- id: gatekeeper - id: gatekeeper
env: env:
TARGET_BRANCH: ${{ github.event.pull_request.base.ref }} TARGET_BRANCH: ${{ github.event.pull_request.base.ref }}

2
.github/workflows/kata-runtime-classes-sync.yaml vendored
View File

@ -19,6 +19,8 @@ jobs:
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Ensure the split out runtime classes match the all-in-one file - name: Ensure the split out runtime classes match the all-in-one file
run: | run: |
pushd tools/packaging/kata-deploy/runtimeclasses/ pushd tools/packaging/kata-deploy/runtimeclasses/

2
.github/workflows/payload-after-push.yaml vendored
View File

@ -144,6 +144,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Login to Kata Containers quay.io - name: Login to Kata Containers quay.io
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0

1
.github/workflows/publish-kata-deploy-payload.yaml vendored
View File

@ -48,6 +48,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

2
.github/workflows/release-amd64.yaml vendored
View File

@ -43,6 +43,8 @@ jobs:
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- name: get-kata-tarball - name: get-kata-tarball
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:

2
.github/workflows/release-arm64.yaml vendored
View File

@ -43,6 +43,8 @@ jobs:
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- name: get-kata-tarball - name: get-kata-tarball
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:

2
.github/workflows/release-ppc64le.yaml vendored
View File

@ -43,6 +43,8 @@ jobs:
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- name: get-kata-tarball - name: get-kata-tarball
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:

2
.github/workflows/release-s390x.yaml vendored
View File

@ -47,6 +47,8 @@ jobs:
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- name: get-kata-tarball - name: get-kata-tarball
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:

15
.github/workflows/release.yaml vendored
View File

@ -13,6 +13,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Create a new release - name: Create a new release
run: | run: |
@ -77,6 +78,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Login to Kata Containers ghcr.io - name: Login to Kata Containers ghcr.io
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
@ -109,6 +112,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set KATA_STATIC_TARBALL env var - name: Set KATA_STATIC_TARBALL env var
run: | run: |
@ -169,6 +174,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Upload versions.yaml to GitHub - name: Upload versions.yaml to GitHub
run: | run: |
@ -182,6 +189,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Generate and upload vendored code tarball - name: Generate and upload vendored code tarball
run: | run: |
@ -195,6 +204,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Download libseccomp tarball and upload it to GitHub - name: Download libseccomp tarball and upload it to GitHub
run: | run: |
@ -208,6 +219,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install helm - name: Install helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
@ -236,6 +249,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Publish a release - name: Publish a release
run: | run: |

1
.github/workflows/run-cri-containerd-tests-ppc64le.yaml vendored
View File

@ -37,6 +37,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-k8s-tests-on-aks.yaml vendored
View File

@ -89,6 +89,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-k8s-tests-on-amd64.yaml vendored
View File

@ -65,6 +65,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-k8s-tests-on-arm64.yaml vendored
View File

@ -50,6 +50,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-k8s-tests-on-ppc64le.yaml vendored
View File

@ -50,6 +50,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-k8s-tests-on-zvsi.yaml vendored
View File

@ -85,6 +85,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-kata-coco-stability-tests.yaml vendored
View File

@ -74,6 +74,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

3
.github/workflows/run-kata-coco-tests.yaml vendored
View File

@ -74,6 +74,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -159,6 +160,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |
@ -250,6 +252,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-kata-deploy-tests-on-aks.yaml vendored
View File

@ -64,6 +64,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-kata-deploy-tests.yaml vendored
View File

@ -51,6 +51,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-kata-monitor-tests.yaml vendored
View File

@ -44,6 +44,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-metrics.yaml vendored
View File

@ -51,6 +51,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

1
.github/workflows/run-runk-tests.yaml vendored
View File

@ -28,6 +28,7 @@ jobs:
with: with:
ref: ${{ inputs.commit-hash }} ref: ${{ inputs.commit-hash }}
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Rebase atop of the latest target branch - name: Rebase atop of the latest target branch
run: | run: |

3
.github/workflows/shellcheck.yaml vendored
View File

@ -25,8 +25,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- uses: actions/checkout@v4
- name: Run ShellCheck - name: Run ShellCheck
uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master (2024-06-20) uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master (2024-06-20)
with: with:

2
.github/workflows/shellcheck_required.yaml vendored
View File

@ -26,8 +26,8 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- uses: actions/checkout@v4
- name: Run ShellCheck - name: Run ShellCheck
uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master (2024-06-20) uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master (2024-06-20)
with: with:

3
.github/workflows/static-checks.yaml vendored
View File

@ -30,6 +30,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Ensure the kernel config version has been updated - name: Ensure the kernel config version has been updated
run: | run: |
kernel_dir="tools/packaging/kernel/" kernel_dir="tools/packaging/kernel/"
@ -71,6 +72,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- name: Install system deps - name: Install system deps
run: | run: |
sudo apt-get update && sudo apt-get install -y build-essential musl-tools sudo apt-get update && sudo apt-get install -y build-essential musl-tools
@ -108,6 +110,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
path: ./src/github.com/${{ github.repository }} path: ./src/github.com/${{ github.repository }}
- name: Install yq - name: Install yq
run: | run: |

2
src/runtime/pkg/govmm/.github/workflows/main.yml vendored
View File

@ -18,6 +18,8 @@ jobs:
go-version: ${{ matrix.go-version }} go-version: ${{ matrix.go-version }}
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: golangci-lint - name: golangci-lint
uses: golangci/golangci-lint-action@4696ba8babb6127d732c3c6dde519db15edab9ea # v6.5.1 uses: golangci/golangci-lint-action@4696ba8babb6127d732c3c6dde519db15edab9ea # v6.5.1
with: with: