Skip to content

Commit

Permalink
fix: fixed the token-permission and pinned-dependencies issue (cortex…
Browse files Browse the repository at this point in the history 
…project#6168)

Signed-off-by: harshitasao <[email protected]>
  • Loading branch information
@harshitasao
harshitasao authored Aug 19, 2024
1 parent f077e8e commit a467830
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 25 deletions.
17 changes: 10 additions & 7 deletions .github/workflows/build-image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,26 +12,29 @@ on:
- 'build-image/**'
- '.github/workflows/build-image.yml'

permissions:
contents: read

jobs:
build:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
name: Checkout
with:
fetch-depth: 0

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1

- name: Save image
run: make save-multiarch-build-image

- name: Upload Docker Images Artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: build-image
path: |
Expand All @@ -44,21 +47,21 @@ jobs:
if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) && github.repository == 'cortexproject/cortex'
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
name: Checkout
with:
fetch-depth: 0

- name: Download Docker Images Artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-image

- name: Load image
run: make load-multiarch-build-image

- name: Login to Quay.io
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: quay.io
username: ${{secrets.QUAY_REGISTRY_USER}}
Expand Down
36 changes: 18 additions & 18 deletions .github/workflows/test-build-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Git safe.directory
run: |
echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively."
Expand Down Expand Up @@ -49,7 +49,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Git safe.directory
run: |
echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively."
Expand All @@ -71,19 +71,19 @@ jobs:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
with:
languages: go

- name: Autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2


build:
Expand All @@ -92,7 +92,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Git safe.directory
run: |
echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively."
Expand All @@ -113,7 +113,7 @@ jobs:
touch build-image/.uptodate
make BUILD_IN_CONTAINER=false web-build
- name: Upload Website Artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: website public
path: website/public/
Expand All @@ -125,7 +125,7 @@ jobs:
- name: Create Docker Images Archive
run: tar -cvf images.tar /tmp/images
- name: Upload Docker Images Artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: Docker Images
path: ./images.tar
Expand All @@ -146,19 +146,19 @@ jobs:
- integration_query_fuzz
steps:
- name: Upgrade golang
uses: actions/setup-go@v2
uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0
with:
go-version: 1.22.5
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Install Docker Client
run: sudo ./.github/workflows/scripts/install-docker.sh
- name: Sym Link Expected Path to Workspace
run: |
sudo mkdir -p /go/src/github.com/cortexproject/cortex
sudo ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex
- name: Download Docker Images Artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: Docker Images
- name: Extract Docker Images Archive
Expand Down Expand Up @@ -209,11 +209,11 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Install Docker Client
run: sudo ./.github/workflows/scripts/install-docker.sh
- name: Download Docker Images Artifact
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: Docker Images
- name: Extract Docker Images Archive
Expand All @@ -233,7 +233,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
with:
# web-deploy script expects repo to be cloned with ssh for some commands to work
ssh-key: ${{ secrets.WEBSITE_DEPLOY_SSH_PRIVATE_KEY }}
Expand All @@ -247,7 +247,7 @@ jobs:
mkdir -p /go/src/github.com/cortexproject/cortex
ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex
- name: Download Website Artifact
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: website public
path: website/public
Expand Down Expand Up @@ -275,7 +275,7 @@ jobs:
image: quay.io/cortexproject/build-image:master-779dcf4ba
steps:
- name: Checkout Repo
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Git safe.directory
run: |
echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively."
Expand All @@ -288,7 +288,7 @@ jobs:
mkdir -p /go/src/github.com/cortexproject/cortex
ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex
- name: Download Docker Images Artifact
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: Docker Images
- name: Extract Docker Images Archive
Expand Down

0 comments on commit a467830

Please sign in to comment.