-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Epic: Audit GHA for compliance with SUSE policies #6982
Labels
Milestone
Comments
jandubois
added
kind/quality
quality improvements, refactoring, Automation via CI, E2E, Integration, CLI or REST API
component/ci
Stories tied to CI for automation
labels
Jun 3, 2024
I've used the following script to audit our use of GitHub actions. It ignores repos that have disabled all actions: #!/usr/bin/env bash
set -o errexit -o nounset
tempdir=$(mktemp -d -t repos) || exit 1
pushd "$tempdir" >/dev/null
for repo in $(gh api /orgs/rancher-sandbox/teams/rancher-desktop/repos --jq '.[].full_name'); do
enabled=$(gh api "/repos/${repo}/actions/permissions" --jq '.enabled')
if [[ $enabled == true ]]; then
echo "$repo"
git clone --quiet "[email protected]:${repo}"
else
echo "${repo} [DISABLED]"
fi
done
perl <(cat <<'EOF'
use v5.20;
my %action;
while (<>) {
my($repo) = $ARGV =~ m#^(?:\./)?([^/]+)#;
next unless /^\s*-?\s*uses:\s+([^@\n]+)/;
$action{$1}{$repo}++;
}
for my $action (sort keys %action) {
say "\n$action";
say " $_" for sort keys %{$action{$action}};
}
EOF
) ./**/.github/workflows/*
popd >/dev/null
rm -rf "${tempdir:?}" The output right now is
|
After checking against the current policy, I believe the following actions are problematic:
|
jandubois
added
kind/epic
Umbrella-bug for a group of related issues
and removed
kind/quality
quality improvements, refactoring, Automation via CI, E2E, Integration, CLI or REST API
labels
Jun 11, 2024
jandubois
changed the title
Audit GHA for compliance with SUSE policies
Epic: Audit GHA for compliance with SUSE policies
Jun 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Actions that need to be replaced (or their workflows disabled):
actions-rs/cargo - moproxy
(will go away with Unpack xz compressed moproxy in the dependency downloader #4680)
actions-rs/install - moproxy
(will go away with Unpack xz compressed moproxy in the dependency downloader #4680)
Replace check-spelling/check-spelling GHA #7028
(move to
yarn lint
)ncipollo/release-action - moproxy
(will go away with Unpack xz compressed moproxy in the dependency downloader #4680)
peaceiris/actions-gh-pages - dashboard
(
docusaurus
workflow has been disabled)Replace prewk/s3-cp-action with
aws s3 cp
in linux-release.yaml #7036Replace svenstaro/upload-release-action in rancher-desktop-steve with an approved GHA #7037
wangyoucao577/go-release-action - rancher-desktop-host-resolver
(will go away with Move wsl-distro dependencies into rancher-desktop repo #6971)
The text was updated successfully, but these errors were encountered: