shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: bump the github-actions group with 12 updates (#24558)

Browse Source 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lukasz <CommanderK5@users.noreply.github.com>
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
This commit is contained in:
dependabot[bot]
2026-04-23 10:31:55 +05:00
committed by GitHub
parent ff1308c0b1
commit edd5d83280
19 changed files with 85 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/ci.yaml
+33 -33
View File
@@ -35,7 +35,7 @@ jobs:
tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }} tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -161,7 +161,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -185,7 +185,7 @@ jobs:
echo "LINT_CACHE_DIR=$dir" >> "$GITHUB_ENV" echo "LINT_CACHE_DIR=$dir" >> "$GITHUB_ENV"
- name: golangci-lint cache - name: golangci-lint cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with: with:
path: | path: |
${{ env.LINT_CACHE_DIR }} ${{ env.LINT_CACHE_DIR }}
@@ -195,7 +195,7 @@ jobs:
# Check for any typos # Check for any typos
- name: Check for typos - name: Check for typos
uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d # v1.44.0 uses: crate-ci/typos@cf5f1c29a8ac336af8568821ec41919923b05a83 # v1.45.1
with: with:
config: .github/workflows/typos.toml config: .github/workflows/typos.toml
@@ -251,7 +251,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -276,7 +276,7 @@ jobs:
if: ${{ !cancelled() }} if: ${{ !cancelled() }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -331,7 +331,7 @@ jobs:
timeout-minutes: 20 timeout-minutes: 20
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -383,7 +383,7 @@ jobs:
- windows-2022 - windows-2022
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -541,7 +541,7 @@ jobs:
embedded-pg-cache: ${{ steps.embedded-pg-cache.outputs.embedded-pg-cache }} embedded-pg-cache: ${{ steps.embedded-pg-cache.outputs.embedded-pg-cache }}
- name: Upload failed test db dumps - name: Upload failed test db dumps
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: failed-test-db-dump-${{matrix.os}} name: failed-test-db-dump-${{matrix.os}}
path: "**/*.test.sql" path: "**/*.test.sql"
@@ -579,7 +579,7 @@ jobs:
timeout-minutes: 25 timeout-minutes: 25
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -641,7 +641,7 @@ jobs:
timeout-minutes: 25 timeout-minutes: 25
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -713,7 +713,7 @@ jobs:
timeout-minutes: 20 timeout-minutes: 20
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -740,7 +740,7 @@ jobs:
timeout-minutes: 20 timeout-minutes: 20
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -773,7 +773,7 @@ jobs:
name: ${{ matrix.variant.name }} name: ${{ matrix.variant.name }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -822,7 +822,7 @@ jobs:
- name: Upload Playwright Failed Tests - name: Upload Playwright Failed Tests
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: failed-test-videos${{ matrix.variant.premium && '-premium' || '' }} name: failed-test-videos${{ matrix.variant.premium && '-premium' || '' }}
path: ./site/test-results/**/*.webm path: ./site/test-results/**/*.webm
@@ -830,7 +830,7 @@ jobs:
- name: Upload debug log - name: Upload debug log
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: coderd-debug-logs${{ matrix.variant.premium && '-premium' || '' }} name: coderd-debug-logs${{ matrix.variant.premium && '-premium' || '' }}
path: ./site/e2e/test-results/debug.log path: ./site/e2e/test-results/debug.log
@@ -838,7 +838,7 @@ jobs:
- name: Upload pprof dumps - name: Upload pprof dumps
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: debug-pprof-dumps${{ matrix.variant.premium && '-premium' || '' }} name: debug-pprof-dumps${{ matrix.variant.premium && '-premium' || '' }}
path: ./site/test-results/**/debug-pprof-*.txt path: ./site/test-results/**/debug-pprof-*.txt
@@ -853,7 +853,7 @@ jobs:
if: needs.changes.outputs.site == 'true' || needs.changes.outputs.ci == 'true' if: needs.changes.outputs.site == 'true' || needs.changes.outputs.ci == 'true'
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -874,7 +874,7 @@ jobs:
# the check to pass. This is desired in PRs, but not in mainline. # the check to pass. This is desired in PRs, but not in mainline.
- name: Publish to Chromatic (non-mainline) - name: Publish to Chromatic (non-mainline)
if: github.ref != 'refs/heads/main' && github.repository_owner == 'coder' if: github.ref != 'refs/heads/main' && github.repository_owner == 'coder'
uses: chromaui/action@f191a0224b10e1a38b2091cefb7b7a2337009116 # v16.0.0 uses: chromaui/action@5c6ec06f45a2117a25f07b1bf2b2f3009233fac8 # v16.3.0
env: env:
NODE_OPTIONS: "--max_old_space_size=4096" NODE_OPTIONS: "--max_old_space_size=4096"
STORYBOOK: true STORYBOOK: true
@@ -906,7 +906,7 @@ jobs:
# infinitely "in progress" in mainline unless we re-review each build. # infinitely "in progress" in mainline unless we re-review each build.
- name: Publish to Chromatic (mainline) - name: Publish to Chromatic (mainline)
if: github.ref == 'refs/heads/main' && github.repository_owner == 'coder' if: github.ref == 'refs/heads/main' && github.repository_owner == 'coder'
uses: chromaui/action@f191a0224b10e1a38b2091cefb7b7a2337009116 # v16.0.0 uses: chromaui/action@5c6ec06f45a2117a25f07b1bf2b2f3009233fac8 # v16.3.0
env: env:
NODE_OPTIONS: "--max_old_space_size=4096" NODE_OPTIONS: "--max_old_space_size=4096"
STORYBOOK: true STORYBOOK: true
@@ -934,7 +934,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -1009,7 +1009,7 @@ jobs:
if: always() if: always()
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -1047,7 +1047,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -1101,7 +1101,7 @@ jobs:
IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }} IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -1112,7 +1112,7 @@ jobs:
persist-credentials: false persist-credentials: false
- name: GHCR Login - name: GHCR Login
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -1397,7 +1397,7 @@ jobs:
- name: Upload build artifact (coder-linux-amd64.tar.gz) - name: Upload build artifact (coder-linux-amd64.tar.gz)
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: coder-linux-amd64.tar.gz name: coder-linux-amd64.tar.gz
path: ./build/*_linux_amd64.tar.gz path: ./build/*_linux_amd64.tar.gz
@@ -1405,7 +1405,7 @@ jobs:
- name: Upload build artifact (coder-linux-amd64.deb) - name: Upload build artifact (coder-linux-amd64.deb)
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: coder-linux-amd64.deb name: coder-linux-amd64.deb
path: ./build/*_linux_amd64.deb path: ./build/*_linux_amd64.deb
@@ -1413,7 +1413,7 @@ jobs:
- name: Upload build artifact (coder-linux-arm64.tar.gz) - name: Upload build artifact (coder-linux-arm64.tar.gz)
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: coder-linux-arm64.tar.gz name: coder-linux-arm64.tar.gz
path: ./build/*_linux_arm64.tar.gz path: ./build/*_linux_arm64.tar.gz
@@ -1421,7 +1421,7 @@ jobs:
- name: Upload build artifact (coder-linux-arm64.deb) - name: Upload build artifact (coder-linux-arm64.deb)
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: coder-linux-arm64.deb name: coder-linux-arm64.deb
path: ./build/*_linux_arm64.deb path: ./build/*_linux_arm64.deb
@@ -1429,7 +1429,7 @@ jobs:
- name: Upload build artifact (coder-linux-armv7.tar.gz) - name: Upload build artifact (coder-linux-armv7.tar.gz)
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: coder-linux-armv7.tar.gz name: coder-linux-armv7.tar.gz
path: ./build/*_linux_armv7.tar.gz path: ./build/*_linux_armv7.tar.gz
@@ -1437,7 +1437,7 @@ jobs:
- name: Upload build artifact (coder-linux-armv7.deb) - name: Upload build artifact (coder-linux-armv7.deb)
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: coder-linux-armv7.deb name: coder-linux-armv7.deb
path: ./build/*_linux_armv7.deb path: ./build/*_linux_armv7.deb
@@ -1445,7 +1445,7 @@ jobs:
- name: Upload build artifact (coder-windows-amd64.zip) - name: Upload build artifact (coder-windows-amd64.zip)
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: coder-windows-amd64.zip name: coder-windows-amd64.zip
path: ./build/*_windows_amd64.zip path: ./build/*_windows_amd64.zip
@@ -1483,7 +1483,7 @@ jobs:
if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main' if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
.github/workflows/contrib.yaml
+2 -2
View File
@@ -116,7 +116,7 @@ jobs:
if: ${{ github.event_name == 'pull_request_target' }} if: ${{ github.event_name == 'pull_request_target' }}
steps: steps:
- name: Validate PR title - name: Validate PR title
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
with: with:
script: | script: |
const { pull_request } = context.payload; const { pull_request } = context.payload;
@@ -222,7 +222,7 @@ jobs:
if: ${{ github.event_name == 'pull_request_target' && !github.event.pull_request.draft }} if: ${{ github.event_name == 'pull_request_target' && !github.event.pull_request.draft }}
steps: steps:
- name: release-labels - name: release-labels
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
with: with:
# This script ensures PR title and labels are in sync: # This script ensures PR title and labels are in sync:
# #
.github/workflows/deploy.yaml
+7 -7
View File
@@ -36,7 +36,7 @@ jobs:
verdict: ${{ steps.check.outputs.verdict }} # DEPLOY or NOOP verdict: ${{ steps.check.outputs.verdict }} # DEPLOY or NOOP
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -65,7 +65,7 @@ jobs:
packages: write # to retag image as dogfood packages: write # to retag image as dogfood
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -76,14 +76,14 @@ jobs:
persist-credentials: false persist-credentials: false
- name: GHCR Login - name: GHCR Login
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Configure AWS Credentials - name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with: with:
role-to-assume: ${{ vars.AWS_DOGFOOD_DEPLOY_ROLE }} role-to-assume: ${{ vars.AWS_DOGFOOD_DEPLOY_ROLE }}
aws-region: ${{ vars.AWS_DOGFOOD_DEPLOY_REGION }} aws-region: ${{ vars.AWS_DOGFOOD_DEPLOY_REGION }}
@@ -95,7 +95,7 @@ jobs:
AWS_DOGFOOD_DEPLOY_REGION: ${{ vars.AWS_DOGFOOD_DEPLOY_REGION }} AWS_DOGFOOD_DEPLOY_REGION: ${{ vars.AWS_DOGFOOD_DEPLOY_REGION }}
- name: Set up Flux CLI - name: Set up Flux CLI
uses: fluxcd/flux2/action@871be9b40d53627786d3a3835a3ddba1e3234bd2 # v2.8.3 uses: fluxcd/flux2/action@5adad89dcce7b79f20274ae8e112bcec7bd46764 # v2.8.5
with: with:
# Keep this and the github action up to date with the version of flux installed in dogfood cluster # Keep this and the github action up to date with the version of flux installed in dogfood cluster
version: "2.8.2" version: "2.8.2"
@@ -142,7 +142,7 @@ jobs:
needs: deploy needs: deploy
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -153,7 +153,7 @@ jobs:
persist-credentials: false persist-credentials: false
- name: Setup flyctl - name: Setup flyctl
uses: superfly/flyctl-actions/setup-flyctl@fc53c09e1bc3be6f54706524e3b82c4f462f77be # v1.5 uses: superfly/flyctl-actions/setup-flyctl@ed8efb33836e8b2096c7fd3ba1c8afe303ebbff1 # v1.6
- name: Deploy workspace proxies - name: Deploy workspace proxies
run: | run: |
.github/workflows/docker-base.yaml
+2 -2
View File
@@ -38,7 +38,7 @@ jobs:
if: github.repository_owner == 'coder' if: github.repository_owner == 'coder'
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -48,7 +48,7 @@ jobs:
persist-credentials: false persist-credentials: false
- name: Docker login - name: Docker login
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
.github/workflows/dogfood.yaml
+3 -3
View File
@@ -31,7 +31,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || 'ubuntu-latest' }} runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || 'ubuntu-latest' }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -91,7 +91,7 @@ jobs:
- name: Login to DockerHub - name: Login to DockerHub
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }} password: ${{ secrets.DOCKERHUB_PASSWORD }}
@@ -165,7 +165,7 @@ jobs:
id-token: write id-token: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
.github/workflows/linear-release.yaml
+3 -3
View File
@@ -46,7 +46,7 @@ jobs:
- name: Sync issues - name: Sync issues
id: sync id: sync
if: steps.version.outputs.skip != 'true' if: steps.version.outputs.skip != 'true'
uses: linear/linear-release-action@755d50b5adb7dd42b976ee9334952745d62ceb2d # v0.6.0 uses: linear/linear-release-action@0353b5fa8c00326913966f00557d68f8f30b8b6b # v0.7.0
with: with:
access_key: ${{ secrets.LINEAR_ACCESS_KEY }} access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
command: sync command: sync
@@ -72,7 +72,7 @@ jobs:
- name: Sync issues - name: Sync issues
id: sync id: sync
uses: linear/linear-release-action@755d50b5adb7dd42b976ee9334952745d62ceb2d # v0.6.0 uses: linear/linear-release-action@0353b5fa8c00326913966f00557d68f8f30b8b6b # v0.7.0
with: with:
access_key: ${{ secrets.LINEAR_ACCESS_KEY }} access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
command: sync command: sync
@@ -100,7 +100,7 @@ jobs:
- name: Move to Code Freeze - name: Move to Code Freeze
id: update id: update
uses: linear/linear-release-action@755d50b5adb7dd42b976ee9334952745d62ceb2d # v0.6.0 uses: linear/linear-release-action@0353b5fa8c00326913966f00557d68f8f30b8b6b # v0.7.0
with: with:
access_key: ${{ secrets.LINEAR_ACCESS_KEY }} access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
command: update command: update
.github/workflows/nightly-gauntlet.yaml
+1 -1
View File
@@ -28,7 +28,7 @@ jobs:
- windows-2022 - windows-2022
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
.github/workflows/pr-auto-assign.yaml
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
.github/workflows/pr-cherry-pick-check.yaml
+2 -2
View File
@@ -17,12 +17,12 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
- name: Check PR title for bug fix - name: Check PR title for bug fix
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
with: with:
script: | script: |
const title = context.payload.pull_request.title; const title = context.payload.pull_request.title;
.github/workflows/pr-cleanup.yaml
+1 -1
View File
@@ -19,7 +19,7 @@ jobs:
packages: write packages: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
.github/workflows/pr-deploy.yaml
+6 -6
View File
@@ -39,7 +39,7 @@ jobs:
PR_OPEN: ${{ steps.check_pr.outputs.pr_open }} PR_OPEN: ${{ steps.check_pr.outputs.pr_open }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -76,7 +76,7 @@ jobs:
runs-on: "ubuntu-latest" runs-on: "ubuntu-latest"
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -184,7 +184,7 @@ jobs:
pull-requests: write # needed for commenting on PRs pull-requests: write # needed for commenting on PRs
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -228,7 +228,7 @@ jobs:
CODER_IMAGE_TAG: ${{ needs.get_info.outputs.CODER_IMAGE_TAG }} CODER_IMAGE_TAG: ${{ needs.get_info.outputs.CODER_IMAGE_TAG }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -248,7 +248,7 @@ jobs:
uses: ./.github/actions/setup-sqlc uses: ./.github/actions/setup-sqlc
- name: GHCR Login - name: GHCR Login
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -288,7 +288,7 @@ jobs:
PR_HOSTNAME: "pr${{ needs.get_info.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}" PR_HOSTNAME: "pr${{ needs.get_info.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
.github/workflows/release-validation.yaml
+1 -1
View File
@@ -14,7 +14,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
.github/workflows/release.yaml
+8 -8
View File
@@ -38,7 +38,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps: steps:
- name: Allow only maintainers/admins - name: Allow only maintainers/admins
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}
script: | script: |
@@ -81,7 +81,7 @@ jobs:
version: ${{ steps.version.outputs.version }} version: ${{ steps.version.outputs.version }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -166,7 +166,7 @@ jobs:
cat "$CODER_RELEASE_NOTES_FILE" cat "$CODER_RELEASE_NOTES_FILE"
- name: Docker Login - name: Docker Login
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -618,7 +618,7 @@ jobs:
- name: Complete Linear release - name: Complete Linear release
if: ${{ !inputs.dry_run && steps.linear_version.outputs.skip != 'true' }} if: ${{ !inputs.dry_run && steps.linear_version.outputs.skip != 'true' }}
continue-on-error: true continue-on-error: true
uses: linear/linear-release-action@755d50b5adb7dd42b976ee9334952745d62ceb2d # v0.6.0 uses: linear/linear-release-action@0353b5fa8c00326913966f00557d68f8f30b8b6b # v0.7.0
with: with:
access_key: ${{ secrets.LINEAR_ACCESS_KEY }} access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
command: complete command: complete
@@ -653,7 +653,7 @@ jobs:
- name: Upload artifacts to actions (if dry-run) - name: Upload artifacts to actions (if dry-run)
if: ${{ inputs.dry_run }} if: ${{ inputs.dry_run }}
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: release-artifacts name: release-artifacts
path: | path: |
@@ -669,7 +669,7 @@ jobs:
- name: Upload latest sbom artifact to actions (if dry-run) - name: Upload latest sbom artifact to actions (if dry-run)
if: inputs.dry_run && steps.build_docker.outputs.created_latest_tag == 'true' if: inputs.dry_run && steps.build_docker.outputs.created_latest_tag == 'true'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: latest-sbom-artifact name: latest-sbom-artifact
path: ./coder_latest_sbom.spdx.json path: ./coder_latest_sbom.spdx.json
@@ -692,7 +692,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -768,7 +768,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
.github/workflows/scorecard.yml
+2 -2
View File
@@ -20,7 +20,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -39,7 +39,7 @@ jobs:
# Upload the results as artifacts. # Upload the results as artifacts.
- name: "Upload artifact" - name: "Upload artifact"
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: SARIF file name: SARIF file
path: results.sarif path: results.sarif
.github/workflows/security.yaml
+4 -4
View File
@@ -27,7 +27,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -69,12 +69,12 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
- name: Setup Go - name: Setup Go
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with: with:
go-version: "1.25.9" go-version: "1.25.9"
cache: false cache: false
@@ -123,7 +123,7 @@ jobs:
- name: Upload OSV-Scanner scan results as an artifact - name: Upload OSV-Scanner scan results as an artifact
if: ${{ always() && hashFiles('osv-results.sarif') != '' }} if: ${{ always() && hashFiles('osv-results.sarif') != '' }}
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with: with:
name: osv-scanner name: osv-scanner
path: osv-results.sarif path: osv-results.sarif
.github/workflows/stale.yaml
+4 -4
View File
@@ -18,7 +18,7 @@ jobs:
pull-requests: write pull-requests: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -44,7 +44,7 @@ jobs:
# Start with the oldest issues, always. # Start with the oldest issues, always.
ascending: true ascending: true
- name: "Close old issues labeled likely-no" - name: "Close old issues labeled likely-no"
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}
script: | script: |
@@ -96,7 +96,7 @@ jobs:
contents: write contents: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
@@ -120,7 +120,7 @@ jobs:
actions: write actions: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
.github/workflows/weekly-docs.yaml
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
pull-requests: write # required to post PR review comments by the action pull-requests: write # required to post PR review comments by the action
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with: with:
egress-policy: audit egress-policy: audit
docs/install/docker.md
+1 -1
View File
@@ -111,7 +111,7 @@ See Docker's official documentation to
Coder runs as a non-root user, we use `--group-add` to ensure Coder has Coder runs as a non-root user, we use `--group-add` to ensure Coder has
permissions to manage Docker via `docker.sock`. If the host systems permissions to manage Docker via `docker.sock`. If the host systems
`/var/run/docker.sock` is not group writeable or does not belong to the `docker` `/var/run/docker.sock` is not group writable or does not belong to the `docker`
group, the above may not work as-is. group, the above may not work as-is.
### I cannot add cloud-based templates ### I cannot add cloud-based templates
site/src/pages/WorkspacesPage/BatchUpdateModalForm.stories.tsx
+3 -3
View File
@@ -12,9 +12,9 @@ import { ACTIVE_BUILD_STATUSES } from "#/modules/workspaces/status";
import { MockTemplateVersion, MockWorkspace } from "#/testHelpers/entities"; import { MockTemplateVersion, MockWorkspace } from "#/testHelpers/entities";
import { BatchUpdateModalForm } from "./BatchUpdateModalForm"; import { BatchUpdateModalForm } from "./BatchUpdateModalForm";
type Writeable<T> = { -readonly [Key in keyof T]: T[Key] }; type Writable<T> = { -readonly [Key in keyof T]: T[Key] };
type MutableWorkspace = Writeable<Omit<Workspace, "latest_build">> & { type MutableWorkspace = Writable<Omit<Workspace, "latest_build">> & {
latest_build: Writeable<WorkspaceBuild>; latest_build: Writable<WorkspaceBuild>;
}; };
const meta: Meta<typeof BatchUpdateModalForm> = { const meta: Meta<typeof BatchUpdateModalForm> = {