Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

CI-Actions: Security fixes (#6835)

Browse Source 
* add security commitment

* fix badge path

* set token permissions
see https://github.com/inventree/InvenTree/security/code-scanning/48

* add more chapters

* break up flow text

* spellchecking

* clean diff

* bump setup-python to node 20 version

* fix docker version too
This commit is contained in:
Matthias Mair 2024-03-24 23:11:16 +01:00 committed by GitHub
parent 9a0c978f2f
commit 7c6eefbcdf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/setup/action.yaml vendored
View File

@ -40,7 +40,7 @@ runs:
# Python installs
- name: Set up Python ${{ env.python_version }}
if: ${{ inputs.python == 'true' }}
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # pin@v4.7.1
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # pin@v5.0.0
with:
python-version: ${{ env.python_version }}
cache: pip

3
.github/workflows/backport.yml vendored
View File

@ -9,6 +9,9 @@ on:
pull_request_target:
types: [ "labeled", "closed" ]
permissions:
contents: read
jobs:
backport:
name: Backport PR

3
.github/workflows/check_translations.yaml vendored
View File

@ -11,6 +11,9 @@ on:
env:
python_version: 3.9
permissions:
contents: read
jobs:
check:

2
.github/workflows/docker.yaml vendored
View File

@ -71,7 +71,7 @@ jobs:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
- name: Set Up Python ${{ env.python_version }}
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # pin@v4.7.1
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # pin@v5.0.0
with:
python-version: ${{ env.python_version }}
- name: Version Check

6
.github/workflows/qc_checks.yaml vendored
View File

@ -22,6 +22,8 @@ env:
INVENTREE_BACKUP_DIR: ../test_inventree_backup
INVENTREE_SITE_URL: http://localhost:8000
permissions:
contents: read
jobs:
paths-filter:
name: Filter
@ -82,7 +84,7 @@ jobs:
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
- name: Set up Python ${{ env.python_version }}
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # pin@v4.7.1
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # pin@v5.0.0
with:
python-version: ${{ env.python_version }}
cache: 'pip'
@ -103,7 +105,7 @@ jobs:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
- name: Set up Python ${{ env.python_version }}
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # pin@v4.7.1
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # pin@v5.0.0
with:
python-version: ${{ env.python_version }}
- name: Check Config

3
.github/workflows/release.yml vendored
View File

@ -5,6 +5,9 @@ on:
release:
types: [ published ]
permissions:
contents: read
jobs:
stable:

3
.github/workflows/translations.yml vendored
View File

@ -9,6 +9,9 @@ env:
python_version: 3.9
node_version: 18
permissions:
contents: read
jobs:
build: