From 6ccc6bd2477df1a65e3dbd9b616050ecd9feb292 Mon Sep 17 00:00:00 2001 From: mmsqe Date: Wed, 16 Oct 2024 10:14:01 +0800 Subject: [PATCH] fix ci --- .github/workflows/audit.yml | 1 + .github/workflows/build.yml | 12 ++++++++++++ .github/workflows/buildwin.yml | 1 + .github/workflows/codecov.yml | 1 + .github/workflows/codeql-analysis.yml | 2 ++ .github/workflows/gosec.yml | 2 ++ .github/workflows/lint.yml | 1 + .github/workflows/nix.yml | 11 +++++++++++ .github/workflows/release.yml | 4 ++++ .github/workflows/semgrep.yml | 1 + .github/workflows/staticmajor.yml | 2 ++ 11 files changed, 38 insertions(+) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 4ab67d7f6..e574090a5 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -25,6 +25,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - name: install govulncheck run: go install -v golang.org/x/vuln/cmd/govulncheck@v1.0.4 - name: govuln sec scan diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7c8532f44..bf73cf576 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -98,12 +98,14 @@ jobs: if: github.event_name == 'issue_comment' with: submodules: true + persist-credentials: true token: ${{ secrets.GITHUB_TOKEN }} ref: ${{ steps.pr_data.outputs.ref }} - name: Normal check out code uses: actions/checkout@v3 with: submodules: true + persist-credentials: true if: github.event_name == 'push' || github.event_name == 'pull_request' - id: changed-files uses: tj-actions/changed-files@v41 @@ -151,6 +153,8 @@ jobs: security-events: write steps: - uses: actions/checkout@v3 + with: + persist-credentials: true - uses: cachix/install-nix-action@v23 with: nix_path: nixpkgs=channel:nixos-22.11 @@ -217,6 +221,7 @@ jobs: if: github.event_name == 'issue_comment' with: submodules: true + persist-credentials: true token: ${{ secrets.GITHUB_TOKEN }} ref: ${{ needs.build.outputs.ref }} - name: Normal check out code @@ -224,6 +229,7 @@ jobs: if: github.event_name == 'push' || github.event_name == 'pull_request' with: submodules: true + persist-credentials: true - id: changed-files uses: tj-actions/changed-files@v41 with: @@ -263,6 +269,7 @@ jobs: if: github.event_name == 'issue_comment' with: submodules: true + persist-credentials: true token: ${{ secrets.GITHUB_TOKEN }} ref: ${{ needs.build.outputs.ref }} - name: Normal check out code @@ -270,6 +277,7 @@ jobs: if: github.event_name == 'push' || github.event_name == 'pull_request' with: submodules: true + persist-credentials: true - id: changed-files uses: tj-actions/changed-files@v41 with: @@ -309,6 +317,7 @@ jobs: if: github.event_name == 'issue_comment' with: submodules: true + persist-credentials: true token: ${{ secrets.GITHUB_TOKEN }} ref: ${{ needs.build.outputs.ref }} - name: Normal check out code @@ -316,6 +325,7 @@ jobs: if: github.event_name == 'push' || github.event_name == 'pull_request' with: submodules: true + persist-credentials: true - id: changed-files uses: tj-actions/changed-files@v41 with: @@ -412,6 +422,8 @@ jobs: if: github.event_name == 'push' || github.event_name == 'pull_request' steps: - uses: actions/checkout@v3 + with: + persist-credentials: true - id: changed-files uses: tj-actions/changed-files@v41 with: diff --git a/.github/workflows/buildwin.yml b/.github/workflows/buildwin.yml index 79f0d0bc6..097ae6d49 100644 --- a/.github/workflows/buildwin.yml +++ b/.github/workflows/buildwin.yml @@ -25,6 +25,7 @@ jobs: uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - name: Set GOBIN run: | echo "$(go env GOPATH)/bin" >> $GITHUB_PATH diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index d1321c1c3..9de5c1fd6 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -23,6 +23,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - id: changed-files uses: tj-actions/changed-files@v41 with: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index aa2a93bda..535ca0ecb 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,6 +47,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v3 + with: + persist-credentials: true - uses: actions/setup-go@v3 with: go-version: 1.22 diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml index 199e2660e..8853edc3b 100644 --- a/.github/workflows/gosec.yml +++ b/.github/workflows/gosec.yml @@ -22,6 +22,8 @@ jobs: GO111MODULE: on steps: - uses: actions/checkout@v3 + with: + persist-credentials: true - id: changed-files uses: tj-actions/changed-files@v41 with: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2d083dd59..83c1b3fcd 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,6 +23,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - id: changed-files uses: tj-actions/changed-files@v41 with: diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index ec8247bc2..f09f3569b 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -23,6 +23,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -40,6 +41,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -83,6 +85,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -104,6 +107,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -139,6 +143,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -174,6 +179,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -209,6 +215,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -244,6 +251,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -279,6 +287,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -314,6 +323,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | @@ -350,6 +360,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true - uses: cachix/install-nix-action@v23 with: extra_nix_config: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 341221022..270feda69 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,6 +14,8 @@ jobs: environment: release steps: - uses: actions/checkout@v3 + with: + persist-credentials: true - uses: cachix/install-nix-action@v23 with: nix_path: nixpkgs=channel:nixos-22.11 @@ -57,6 +59,8 @@ jobs: environment: release steps: - uses: actions/checkout@v3 + with: + persist-credentials: true - uses: cachix/install-nix-action@v23 with: nix_path: nixpkgs=channel:nixos-22.11 diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index c04ec28a0..ec68680ad 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -24,6 +24,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: true + persist-credentials: true # Run the "semgrep ci" command on the command line of the docker image. - run: semgrep ci env: diff --git a/.github/workflows/staticmajor.yml b/.github/workflows/staticmajor.yml index 167fbf296..bacd5bdc2 100644 --- a/.github/workflows/staticmajor.yml +++ b/.github/workflows/staticmajor.yml @@ -14,6 +14,8 @@ jobs: steps: - name: Check out repository code uses: actions/checkout@v3 + with: + persist-credentials: true - name: Staticmajor action id: staticmajor uses: orijtech/staticmajor-action@main