summaryrefslogtreecommitdiffstats
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/build_test.yml2
-rw-r--r--.github/workflows/codeql.yml2
-rw-r--r--.github/workflows/coverity.yml2
-rw-r--r--.github/workflows/development_freeze.yml2
-rw-r--r--.github/workflows/differential-shellcheck.yml2
-rw-r--r--.github/workflows/gather-pr-metadata.yml2
-rw-r--r--.github/workflows/issue_labeler.yml2
-rw-r--r--.github/workflows/labeler.yml2
-rw-r--r--.github/workflows/linter.yml2
-rw-r--r--.github/workflows/mkosi.yml22
-rw-r--r--.github/workflows/scorecards.yml2
-rw-r--r--.github/workflows/unit_tests.yml2
12 files changed, 30 insertions, 14 deletions
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index 164b3a0..284a284 100644
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -33,6 +33,6 @@ jobs:
env: ${{ matrix.env }}
steps:
- name: Repository checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Build check
run: .github/workflows/build_test.sh
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 0d284f7..4065cae 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -42,7 +42,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Initialize CodeQL
uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index ad7a5d2..06f4f5f 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -22,7 +22,7 @@ jobs:
COVERITY_SCAN_NOTIFICATION_EMAIL: "${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}"
steps:
- name: Repository checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
# Reuse the setup phase of the unit test script to avoid code duplication
- name: Install build dependencies
run: sudo -E .github/workflows/unit_tests.sh SETUP
diff --git a/.github/workflows/development_freeze.yml b/.github/workflows/development_freeze.yml
index c2360a3..becbbdc 100644
--- a/.github/workflows/development_freeze.yml
+++ b/.github/workflows/development_freeze.yml
@@ -30,7 +30,7 @@ jobs:
name: Pull Request Metadata
- name: Repository checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
index 244f5d5..68c2c72 100644
--- a/.github/workflows/differential-shellcheck.yml
+++ b/.github/workflows/differential-shellcheck.yml
@@ -23,7 +23,7 @@ jobs:
steps:
- name: Repository checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml
index e4a0caf..633cca1 100644
--- a/.github/workflows/gather-pr-metadata.yml
+++ b/.github/workflows/gather-pr-metadata.yml
@@ -16,7 +16,7 @@ jobs:
steps:
- name: Repository checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- id: metadata
name: Gather Pull Request Metadata
diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml
index 4bedf0d..fb26d4f 100644
--- a/.github/workflows/issue_labeler.yml
+++ b/.github/workflows/issue_labeler.yml
@@ -20,7 +20,7 @@ jobs:
template: [ bug_report.yml, feature_request.yml ]
steps:
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Parse issue form
uses: stefanbuck/github-issue-parser@1e5bdee70d4b3e066a33aa0669ab782943825f94
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 57e8c89..2058d22 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -30,7 +30,7 @@ jobs:
steps:
- name: Repository checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
if: github.event_name == 'pull_request'
- name: Label PR based on policy in labeler.yml
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index cf0bc09..b66720a 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -23,7 +23,7 @@ jobs:
steps:
- name: Repo checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
# We need a full repo clone
fetch-depth: 0
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 1b2f77c..7070e9c 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -59,40 +59,53 @@ jobs:
sanitizers: ""
llvm: 0
cflags: "-O2 -D_FORTIFY_SOURCE=3"
+ relabel: no
- distro: debian
release: testing
sanitizers: ""
llvm: 0
cflags: "-Og"
+ relabel: no
- distro: ubuntu
release: noble
sanitizers: ""
llvm: 0
cflags: "-Og"
+ relabel: no
- distro: fedora
release: "40"
sanitizers: ""
llvm: 0
cflags: "-Og"
+ relabel: yes
- distro: fedora
release: rawhide
sanitizers: address,undefined
llvm: 1
cflags: "-Og"
+ relabel: yes
- distro: opensuse
release: tumbleweed
sanitizers: ""
llvm: 0
cflags: "-Og"
+ relabel: no
- distro: centos
release: "9"
sanitizers: ""
llvm: 0
cflags: "-Og"
+ relabel: yes
+ - distro: centos
+ release: "10"
+ sanitizers: ""
+ llvm: 0
+ cflags: "-Og"
+ relabel: yes
steps:
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- - uses: systemd/mkosi@70aa901697f12182ccaa24e2325867d275479b55
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+ - uses: systemd/mkosi@7e975957a6af65c2e70428b6cda0c163ca7e1adc
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
@@ -140,6 +153,9 @@ jobs:
SANITIZERS=${{ matrix.sanitizers }}
MESON_OPTIONS=--werror
LLVM=${{ matrix.llvm }}
+ SYSEXT=1
+
+ SELinuxRelabel=${{ matrix.relabel }}
[Host]
QemuMem=4G
@@ -187,7 +203,7 @@ jobs:
-Dvmspawn=enabled
- name: Build image
- run: meson compile -C build mkosi
+ run: sudo meson compile -C build mkosi
- name: Run integration tests
run: sudo --preserve-env meson test -C build --no-rebuild --suite integration-tests --print-errorlogs --no-stdsplit --num-processes "$(($(nproc) - 1))"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 44ee6f1..c7bd6c4 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -29,7 +29,7 @@ jobs:
steps:
- name: Checkout code
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index 895068c..a83b485 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -30,7 +30,7 @@ jobs:
cryptolib: gcrypt
steps:
- name: Repository checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Install build dependencies
run: |
# Drop XDG_* stuff from /etc/environment, so we don't get the user