Suggested by zizmor GHA analysis tool.
Also:
- Move GH variables within single-quotes.
- Prefer single-quotes in shell code. (tidy-up)
Ref: https://github.com/actions/checkout/issues/485
Ref: https://github.com/actions/checkout/pull/1687
Ref: https://woodruffw.github.io/zizmor/
Closes #15746
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+ # with:
+ # persist-credentials: false
# name: checkout
#
# - name: install prereqs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
name: checkout
- name: Run mdlinkcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
name: checkout
- name: trim all man page *.md files
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
name: checkout
- name: badwords
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
name: checkout
- name: render nroff versions
timeout-minutes: 5
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
name: checkout
- name: spacecheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
name: checkout
- name: check
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
name: checkout
- name: install
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
name: checkout
- name: REUSE Compliance Check
timeout-minutes: 5
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
name: checkout
- name: shellcheck
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: run configure --with-openssl
run: |
echo '::group::brew packages installed'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::'
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: run configure --with-openssl
run: |
run: sudo apt-get --quiet 2 --option Dpkg::Use-Pty=0 install mingw-w64
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: run configure --with-schannel
run: |
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
+ persist-credentials: false
path: 'curl'
fetch-depth: 8
- name: 'build'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
+ persist-credentials: false
path: 'curl'
fetch-depth: 8
- name: 'build'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
+ persist-credentials: false
path: 'curl'
fetch-depth: 8
- name: 'build'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
+ persist-credentials: false
path: 'curl'
fetch-depth: 8
- name: 'build'
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- run: sudo apt-get purge -y curl libcurl4 libcurl4-doc
name: 'remove preinstalled curl libcurl4{-doc}'
needs: maketgz-and-verify-in-tree
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- run: sudo apt-get purge -y curl libcurl4 libcurl4-doc
name: 'remove preinstalled curl libcurl4{-doc}'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
+ persist-credentials: false
fetch-depth: 100
- name: Check whether repo participates in Hacktoberfest
- name: Search relevant commit message lines starting with Closes/Merges
run: |
- git log --format=email ${{ github.event.before }}..${{ github.event.after }} | \
- grep -Ei "^Close[sd]? " | sort | uniq | tee log
+ git log --format=email '${{ github.event.before }}..${{ github.event.after }}' | \
+ grep -Ei '^Close[sd]? ' | sort | uniq | tee log
if: steps.check.outputs.label == 'hacktoberfest'
- name: Search for Number-based PR references
run: |
- grep -Eo "#([0-9]+)" log | cut -d# -f2 | sort | uniq | xargs -t -n1 -I{} \
+ grep -Eo '#([0-9]+)' log | cut -d# -f2 | sort | uniq | xargs -t -n1 -I{} \
gh pr view {} --json number,createdAt \
--jq '{number, opened: .createdAt} | [.number, .opened] | join(":")' | tee /dev/stderr | \
grep -Eo '^([0-9]+):[0-9]{4}-(09-30T|10-|11-01T)' | cut -d: -f1 | sort | uniq | xargs -t -n1 -I {} \
- name: Search for URL-based PR references
run: |
- grep -Eo "github.com/(.+)/(.+)/pull/([0-9]+)" log | sort | uniq | xargs -t -n1 -I{} \
- gh pr view "https://{}" --json number,createdAt \
+ grep -Eo 'github.com/(.+)/(.+)/pull/([0-9]+)' log | sort | uniq | xargs -t -n1 -I{} \
+ gh pr view 'https://{}' --json number,createdAt \
--jq '{number, opened: .createdAt} | [.number, .opened] | join(":")' | tee /dev/stderr | \
grep -Eo '^([0-9]+):[0-9]{4}-(09-30T|10-|11-01T)' | cut -d: -f1 | sort | uniq | xargs -t -n1 -I {} \
gh pr edit {} --add-label 'hacktoberfest-accepted'
name: 'build quiche and boringssl'
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- run: autoreconf -fi
if: ${{ matrix.build.configure }}
dpkg -i libc6_*_amd64.deb
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'cmake build-only (out-of-tree, libssh2)'
run: |
name: 'install dependencies'
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'Fix kernel mmap rnd bits'
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
fi
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'toolchain versions'
run: |
while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'toolchain versions'
run: |
arch: ['x86_64']
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'cmake'
uses: cross-platform-actions/action@a0672d7f6de3a78e7784bbaf491c7303f68d94b3 # v0.26.0
with:
arch: ['x86_64']
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'cmake'
uses: cross-platform-actions/action@a0672d7f6de3a78e7784bbaf491c7303f68d94b3 # v0.26.0
with:
fail-fast: false
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'autotools'
if: ${{ matrix.build == 'autotools' }}
uses: cross-platform-actions/action@a0672d7f6de3a78e7784bbaf491c7303f68d94b3 # v0.26.0
timeout-minutes: 30
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'autotools'
uses: vmactions/omnios-vm@16b5996777bc675acd3d537f13df536a526cd16d # v1
with:
- run: git config --global core.autocrlf input
shell: pwsh
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- uses: cygwin/cygwin-install-action@006ad0b0946ca6d0a3ea2d4437677fa767392401 # v4
with:
platform: ${{ matrix.platform }}
shell: pwsh
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- uses: msys2/setup-msys2@d44ca8e88d8b43d56cf5670f91747359d5537f97 # v2
if: ${{ matrix.sys == 'msys' }}
- run: git config --global core.autocrlf input
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'configure'
timeout-minutes: 5
run: sudo apt-get --quiet 2 --option Dpkg::Use-Pty=0 install mingw-w64 ${{ matrix.build == 'cmake' && 'ninja-build' || '' }}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'autoreconf'
if: ${{ matrix.build == 'autotools' }}
fail-fast: false
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
- name: 'vcpkg cache setup'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
projects / thirdparty / curl.git / commitdiff
