TheLanc3/code-server
1
0
Fork 0
mirror of https://github.com/coder/code-server.git synced 2026-05-09 13:57:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Pin GitHub actions

Browse Source
This commit is contained in:
Asher
2026-05-07 10:30:37 -08:00
parent 0059d37db5
commit 9527b7879f
7 changed files with 53 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
.github/workflows/build.yaml vendored
View File

@@ -25,8 +25,8 @@ jobs:
docs: ${{ steps.filter.outputs.docs }} docs: ${{ steps.filter.outputs.docs }}
helm: ${{ steps.filter.outputs.helm }} helm: ${{ steps.filter.outputs.helm }}
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 - uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590 # v3
id: filter id: filter
with: with:
filters: | filters: |
@@ -55,8 +55,8 @@ jobs:
name: Run prettier check name: Run prettier check
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@@ -72,8 +72,8 @@ jobs:
needs: changes needs: changes
if: needs.changes.outputs.docs == 'true' if: needs.changes.outputs.docs == 'true'
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@@ -89,7 +89,7 @@ jobs:
needs: changes needs: changes
if: needs.changes.outputs.helm == 'true' if: needs.changes.outputs.helm == 'true'
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
@@ -103,8 +103,8 @@ jobs:
needs: changes needs: changes
if: needs.changes.outputs.code == 'true' if: needs.changes.outputs.code == 'true'
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@@ -121,7 +121,7 @@ jobs:
if: needs.changes.outputs.ci == 'true' if: needs.changes.outputs.ci == 'true'
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Check workflow files - name: Check workflow files
run: | run: |
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.9 bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.9
@@ -134,8 +134,8 @@ jobs:
needs: changes needs: changes
if: needs.changes.outputs.code == 'true' if: needs.changes.outputs.code == 'true'
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@@ -144,7 +144,7 @@ jobs:
test/package-lock.json test/package-lock.json
- run: SKIP_SUBMODULE_DEPS=1 npm ci - run: SKIP_SUBMODULE_DEPS=1 npm ci
- run: npm run test:unit - run: npm run test:unit
- uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5 - uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5
if: success() if: success()
with: with:
token: ${{ secrets.CODECOV_TOKEN }} token: ${{ secrets.CODECOV_TOKEN }}
@@ -163,16 +163,16 @@ jobs:
steps: steps:
- run: sudo apt update && sudo apt install -y libkrb5-dev - run: sudo apt update && sudo apt install -y libkrb5-dev
- uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # latest - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
with: with:
packages: quilt packages: quilt
version: 1.0 version: 1.0
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
submodules: true submodules: true
- run: quilt push -a - run: quilt push -a
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@@ -191,7 +191,7 @@ jobs:
# embedded into the code). Use VSCODE_CACHE_VERSION to force a rebuild. # embedded into the code). Use VSCODE_CACHE_VERSION to force a rebuild.
- name: Fetch prebuilt linux-x64 Code package from cache - name: Fetch prebuilt linux-x64 Code package from cache
id: cache-vscode id: cache-vscode
uses: actions/cache@v4 uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
with: with:
path: lib/vscode-reh-web-linux-x64 path: lib/vscode-reh-web-linux-x64
key: vscode-linux-x64-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }} key: vscode-linux-x64-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
@@ -205,7 +205,7 @@ jobs:
# Push up an artifact containing the linux-x64 release. # Push up an artifact containing the linux-x64 release.
- run: KEEP_MODULES=1 npm run release - run: KEEP_MODULES=1 npm run release
- run: tar -czf package.tar.gz release - run: tar -czf package.tar.gz release
- uses: actions/upload-artifact@v7 - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with: with:
name: linux-x64-package name: linux-x64-package
path: ./package.tar.gz path: ./package.tar.gz
@@ -219,8 +219,8 @@ jobs:
if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true' || needs.changes.outputs.ci == 'true' if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true' || needs.changes.outputs.ci == 'true'
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@@ -233,13 +233,13 @@ jobs:
./test/node_modules/.bin/playwright install-deps ./test/node_modules/.bin/playwright install-deps
./test/node_modules/.bin/playwright install ./test/node_modules/.bin/playwright install
- uses: actions/download-artifact@v8 - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with: with:
name: linux-x64-package name: linux-x64-package
- run: tar -xzf package.tar.gz - run: tar -xzf package.tar.gz
- run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e
- uses: actions/upload-artifact@v7 - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
if: always() if: always()
with: with:
name: failed-test-videos name: failed-test-videos
@@ -256,7 +256,7 @@ jobs:
steps: steps:
- name: Cache Caddy - name: Cache Caddy
uses: actions/cache@v4 uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
id: caddy-cache id: caddy-cache
with: with:
path: | path: |
@@ -269,8 +269,8 @@ jobs:
mkdir -p ~/.cache/caddy mkdir -p ~/.cache/caddy
tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@@ -283,7 +283,7 @@ jobs:
./test/node_modules/.bin/playwright install-deps ./test/node_modules/.bin/playwright install-deps
./test/node_modules/.bin/playwright install ./test/node_modules/.bin/playwright install
- uses: actions/download-artifact@v8 - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with: with:
name: linux-x64-package name: linux-x64-package
- run: tar -xzf package.tar.gz - run: tar -xzf package.tar.gz
@@ -292,7 +292,7 @@ jobs:
- run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e:proxy - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e:proxy
- run: ~/.cache/caddy/caddy stop --config ./ci/Caddyfile - run: ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
if: always() if: always()
- uses: actions/upload-artifact@v7 - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
if: always() if: always()
with: with:
name: failed-test-videos-proxy name: failed-test-videos-proxy

6
.github/workflows/installer.yaml vendored
View File

@@ -30,7 +30,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install code-server - name: Install code-server
run: ./install.sh run: ./install.sh
@@ -44,7 +44,7 @@ jobs:
container: "alpine:3.17" container: "alpine:3.17"
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install curl - name: Install curl
run: apk add curl run: apk add curl
@@ -67,7 +67,7 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install code-server - name: Install code-server
run: ./install.sh run: ./install.sh

8
.github/workflows/publish.yaml vendored
View File

@@ -33,8 +33,8 @@ jobs:
run: | run: |
echo "VERSION=${TAG#v}" >> $GITHUB_ENV echo "VERSION=${TAG#v}" >> $GITHUB_ENV
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
@@ -64,7 +64,7 @@ jobs:
echo "VERSION=${TAG#v}" >> $GITHUB_ENV echo "VERSION=${TAG#v}" >> $GITHUB_ENV
- name: Checkout code-server-aur repo - name: Checkout code-server-aur repo
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
repository: "cdrci/code-server-aur" repository: "cdrci/code-server-aur"
token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
@@ -108,7 +108,7 @@ jobs:
run: | run: |
echo "VERSION=${TAG#v}" >> $GITHUB_ENV echo "VERSION=${TAG#v}" >> $GITHUB_ENV
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

10
.github/workflows/release.yaml vendored
View File

@@ -54,7 +54,7 @@ jobs:
steps: steps:
- run: sudo apt update && sudo apt install -y libkrb5-dev - run: sudo apt update && sudo apt install -y libkrb5-dev
- uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # latest - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
with: with:
packages: quilt packages: quilt
version: 1.0 version: 1.0
@@ -68,11 +68,11 @@ jobs:
run: | run: |
echo "VERSION=${TAG#v}" >> $GITHUB_ENV echo "VERSION=${TAG#v}" >> $GITHUB_ENV
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
submodules: true submodules: true
- run: quilt push -a - run: quilt push -a
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@@ -148,11 +148,11 @@ jobs:
run: | run: |
echo "VERSION=${TAG#v}" >> $GITHUB_ENV echo "VERSION=${TAG#v}" >> $GITHUB_ENV
- uses: actions/checkout@v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
submodules: true submodules: true
- run: quilt push -a - run: quilt push -a
- uses: actions/setup-node@v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm

4
.github/workflows/scripts.yaml vendored
View File

@@ -41,7 +41,7 @@ jobs:
container: "alpine:3.17" container: "alpine:3.17"
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install test utilities - name: Install test utilities
run: apk add bats checkbashisms run: apk add bats checkbashisms
@@ -58,7 +58,7 @@ jobs:
timeout-minutes: 5 timeout-minutes: 5
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Install lint utilities - name: Install lint utilities
run: sudo apt install shellcheck run: sudo apt install shellcheck

18
.github/workflows/security.yaml vendored
View File

@@ -25,12 +25,12 @@ jobs:
timeout-minutes: 15 timeout-minutes: 15
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install Node.js - name: Install Node.js
uses: actions/setup-node@v6 uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version-file: .node-version node-version-file: .node-version
@@ -46,12 +46,12 @@ jobs:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Run Trivy vulnerability scanner in repo mode - name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # latest
with: with:
scan-type: "fs" scan-type: "fs"
scan-ref: "." scan-ref: "."
@@ -62,7 +62,7 @@ jobs:
severity: "HIGH,CRITICAL" severity: "HIGH,CRITICAL"
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4 uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
with: with:
sarif_file: "trivy-repo-results.sarif" sarif_file: "trivy-repo-results.sarif"
@@ -76,17 +76,17 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
# Initializes the CodeQL tools for scanning. # Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v4 uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
with: with:
config-file: ./.github/codeql-config.yml config-file: ./.github/codeql-config.yml
languages: javascript languages: javascript
- name: Autobuild - name: Autobuild
uses: github/codeql-action/autobuild@v4 uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4 uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4

6
.github/workflows/trivy-docker.yaml vendored
View File

@@ -48,10 +48,10 @@ jobs:
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Run Trivy vulnerability scanner in image mode - name: Run Trivy vulnerability scanner in image mode
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # latest
with: with:
image-ref: "docker.io/codercom/code-server:latest" image-ref: "docker.io/codercom/code-server:latest"
ignore-unfixed: true ignore-unfixed: true
@@ -60,6 +60,6 @@ jobs:
severity: "HIGH,CRITICAL" severity: "HIGH,CRITICAL"
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4 uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
with: with:
sarif_file: "trivy-image-results.sarif" sarif_file: "trivy-image-results.sarif"