[stable] update glibc for CVE-2023-4911 #253
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Check promotion diffs | |
on: | |
pull_request: | |
branches: [next, testing, stable] | |
permissions: | |
contents: read | |
jobs: | |
promotion-diff: | |
name: Check promotion diffs | |
runs-on: ubuntu-latest | |
# Only run if this looks like a promotion PR | |
if: "contains(github.event.pull_request.title, 'tree: promote changes from')" | |
steps: | |
- name: Get base commit hash | |
env: | |
COMMIT_TITLE: ${{ github.event.pull_request.title }} | |
run: | | |
echo "ORIGIN_COMMIT=$(echo ${COMMIT_TITLE} | awk '{print $NF}')" >> $GITHUB_ENV | |
- name: Check out origin commit | |
uses: actions/checkout@v3 | |
with: | |
path: origin | |
ref: ${{ env.ORIGIN_COMMIT }} | |
- name: Check out base branch | |
uses: actions/checkout@v3 | |
with: | |
path: base | |
ref: ${{ github.base_ref }} | |
- name: Check out PR | |
uses: actions/checkout@v3 | |
with: | |
path: new | |
- name: Ignore manifest files | |
run: | | |
# manifest.yaml is per-branch, so we care about changes vs. the | |
# one in the base, not the one from the origin | |
cp base/manifest.yaml origin/ | |
- name: Normalize kola-denylist.yaml | |
run: | | |
# When we promote to a production branch we strip out the | |
# snooze and warn lines. Let's do the same here so we don't get warnings. | |
# See https://github.com/coreos/fedora-coreos-releng-automation/pull/179 | |
sed -E -i 's/^(\s+)((snooze:|warn:)\s+.*)/\1# \2 (disabled on promotion)/' origin/kola-denylist.yaml | |
- name: Compare trees | |
uses: coreos/actions-lib/check-diff@main | |
with: | |
basedir: origin | |
patchdir: new |