Skip to content

Commit

Permalink
Pin setup-ruby and set permissions in test workflow
Browse files Browse the repository at this point in the history
Fixes for code scanning results
  • Loading branch information
dangoor committed Dec 3, 2024
1 parent d74f3bc commit 9b8e214
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 33 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/licensed.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
- uses: actions/checkout@v4

# set up tooling
- uses: ruby/setup-ruby@v1
- uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true

Expand All @@ -34,15 +34,15 @@ jobs:
with:
# override the command to use licensed built from this repo
command: bundle exec licensed

# changes made using GITHUB_TOKEN will not re-trigger this action.
# set a custom token so that added or changed cached license files
# will cause this workflow to run and validate cached contents
#
# see https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# for additional details on GITHUB_TOKEN not re-triggering this action
github_token: ${{ secrets.GITHUB_TOKEN }}

# the "push" workflow updates license metadata files on the branch being examined.
# e.g. when the action is run on main, changes are pushed to main

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc

- name: Publish to GPR
run: |
Expand Down
43 changes: 23 additions & 20 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ name: Test

on: pull_request

permissions:
contents: read

jobs:
bower:
runs-on: ubuntu-latest
Expand All @@ -15,7 +18,7 @@ jobs:
- name: Install Bower
run: npm install -g bower
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up fixtures
Expand All @@ -32,7 +35,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler: ${{ matrix.bundler }}
bundler-cache: true
Expand All @@ -50,7 +53,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Setup Haskell
Expand Down Expand Up @@ -78,7 +81,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Setup Rust toolchain
Expand All @@ -104,7 +107,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up fixtures
Expand All @@ -126,7 +129,7 @@ jobs:
with:
php-version: ${{ matrix.php }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up fixtures
Expand All @@ -142,7 +145,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
ruby-version: ${{matrix.ruby}}
bundler-cache: true
Expand All @@ -164,7 +167,7 @@ jobs:
with:
go-version: ${{ matrix.go }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true

Expand All @@ -190,7 +193,7 @@ jobs:
cache: true
cache-dependency-path: test/fixtures/go/src/test/go.sum
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up fixtures
Expand All @@ -212,7 +215,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up Java
Expand All @@ -236,7 +239,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Run tests
Expand All @@ -256,7 +259,7 @@ jobs:
otp-version: ${{matrix.otp}}
elixir-version: ${{matrix.elixir}}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up fixtures
Expand All @@ -279,7 +282,7 @@ jobs:
cache: npm
cache-dependency-path: test/fixtures/npm/package-lock.json
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up fixtures
Expand All @@ -300,7 +303,7 @@ jobs:
with:
dotnet-version: ${{ matrix.dotnet }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up fixtures
Expand All @@ -323,7 +326,7 @@ jobs:
architecture: x64
cache: pip
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true

Expand All @@ -349,7 +352,7 @@ jobs:
architecture: x64
cache: pipenv
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true

Expand Down Expand Up @@ -390,7 +393,7 @@ jobs:
${{ runner.os }}-pnpm-store-
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true

Expand All @@ -412,7 +415,7 @@ jobs:
with:
swift-version: ${{ matrix.swift }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- uses: actions/cache@v4
Expand Down Expand Up @@ -447,7 +450,7 @@ jobs:
env:
YARN_VERSION: ${{ matrix.yarn_version }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up fixtures
Expand All @@ -469,7 +472,7 @@ jobs:
- name: Install Yarn
run: npm install -g yarn
- name: Set up Ruby
uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
bundler-cache: true
- name: Set up fixtures
Expand Down
18 changes: 9 additions & 9 deletions docs/migrations/v3.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Using licensed to enumerate bundler dependencies in a GitHub Actions workflow wi

If you are using licensed in a GitHub Actions workflow, [github/setup-licensed](https://github.com/github/setup-licensed) has been updated according to this breaking change. `setup-licensed` will install the licensed gem when ruby is available, or the licensed executable when ruby is not available. Alternatively, you can `gem install` licensed directly as an actions step.

This is an example workflow definition that runs [github/licensed-ci](https://github.com/github/licensed-ci)'s opinionated license compliance workflow in CI. It includes jobs that demonstrate installing licensed using
This is an example workflow definition that runs [github/licensed-ci](https://github.com/github/licensed-ci)'s opinionated license compliance workflow in CI. It includes jobs that demonstrate installing licensed using
- `gem install`
- [github/setup-licensed](https://github.com/github/setup-licensed)
- installing when included in a bundler gem file
Expand All @@ -43,9 +43,9 @@ jobs:
steps:
# checkout the repo
- uses: actions/checkout@v1

# install ruby
- uses: ruby/setup-ruby@v1
- uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
ruby-version: "3.0"

Expand All @@ -60,18 +60,18 @@ jobs:
# run licensed-ci to cache any metadata changes and verify compliance
- uses: github/licensed-ci@v1

# OR
# OR

# install licensed using gem install
licensed-ci-gem:
runs-on: ubuntu-latest

steps:
# checkout the repo
- uses: actions/checkout@v1

# install ruby and bundler
- uses: ruby/setup-ruby@v1
- uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
ruby-version: "3.0"

Expand All @@ -93,9 +93,9 @@ jobs:
steps:
# checkout the repo
- uses: actions/checkout@v1

# install ruby and bundler
- uses: ruby/setup-ruby@v1
- uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
with:
ruby-version: "3.0"

Expand Down

0 comments on commit 9b8e214

Please sign in to comment.