Mirrors/blakeblackshear.frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2025-07-30 13:48:07 +02:00
Code Issues Projects Releases Wiki Activity

apply zizmor recommendations (#15490)

Browse Source
This commit is contained in:
Blake Blackshear 2024-12-13 07:34:09 -06:00 committed by GitHub
parent f336a91fee
commit 869fa2631e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 36 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/ci.yml vendored
View File

@ -7,7 +7,7 @@ on:
- dev - dev
- master - master
paths-ignore: paths-ignore:
- 'docs/**' - "docs/**"
# only run the latest commit to avoid cache overwrites # only run the latest commit to avoid cache overwrites
concurrency: concurrency:
@ -24,6 +24,8 @@ jobs:
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up QEMU and Buildx - name: Set up QEMU and Buildx
id: setup id: setup
uses: ./.github/actions/setup uses: ./.github/actions/setup
@ -45,6 +47,8 @@ jobs:
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up QEMU and Buildx - name: Set up QEMU and Buildx
id: setup id: setup
uses: ./.github/actions/setup uses: ./.github/actions/setup
@ -86,6 +90,8 @@ jobs:
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up QEMU and Buildx - name: Set up QEMU and Buildx
id: setup id: setup
uses: ./.github/actions/setup uses: ./.github/actions/setup
@ -112,6 +118,8 @@ jobs:
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up QEMU and Buildx - name: Set up QEMU and Buildx
id: setup id: setup
uses: ./.github/actions/setup uses: ./.github/actions/setup
@ -140,6 +148,8 @@ jobs:
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up QEMU and Buildx - name: Set up QEMU and Buildx
id: setup id: setup
uses: ./.github/actions/setup uses: ./.github/actions/setup
@ -165,6 +175,8 @@ jobs:
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up QEMU and Buildx - name: Set up QEMU and Buildx
id: setup id: setup
uses: ./.github/actions/setup uses: ./.github/actions/setup
@ -188,6 +200,8 @@ jobs:
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up QEMU and Buildx - name: Set up QEMU and Buildx
id: setup id: setup
uses: ./.github/actions/setup uses: ./.github/actions/setup

24
.github/workflows/dependabot-auto-merge.yaml vendored
View File

@ -1,24 +0,0 @@
name: dependabot-auto-merge
on: pull_request
permissions:
contents: write
jobs:
dependabot-auto-merge:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Get Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Enable auto-merge for Dependabot PRs
if: steps.metadata.outputs.dependency-type == 'direct:development' && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
run: |
gh pr review --approve "$PR_URL"
gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

12
.github/workflows/pull_request.yml vendored
View File

@ -3,7 +3,7 @@ name: On pull request
on: on:
pull_request: pull_request:
paths-ignore: paths-ignore:
- 'docs/**' - "docs/**"
env: env:
DEFAULT_PYTHON: 3.9 DEFAULT_PYTHON: 3.9
@ -19,6 +19,8 @@ jobs:
DOCKER_BUILDKIT: "1" DOCKER_BUILDKIT: "1"
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-node@master - uses: actions/setup-node@master
with: with:
node-version: 16.x node-version: 16.x
@ -38,6 +40,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-node@master - uses: actions/setup-node@master
with: with:
node-version: 16.x node-version: 16.x
@ -52,6 +56,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-node@master - uses: actions/setup-node@master
with: with:
node-version: 20.x node-version: 20.x
@ -67,6 +73,8 @@ jobs:
steps: steps:
- name: Check out the repository - name: Check out the repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python ${{ env.DEFAULT_PYTHON }} - name: Set up Python ${{ env.DEFAULT_PYTHON }}
uses: actions/setup-python@v5.1.0 uses: actions/setup-python@v5.1.0
with: with:
@ -88,6 +96,8 @@ jobs:
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-node@master - uses: actions/setup-node@master
with: with:
node-version: 16.x node-version: 16.x

9
.github/workflows/release.yml vendored
View File

@ -11,6 +11,8 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- id: lowercaseRepo - id: lowercaseRepo
uses: ASzc/change-string-case-action@v6 uses: ASzc/change-string-case-action@v6
with: with:
@ -22,10 +24,13 @@ jobs:
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Create tag variables - name: Create tag variables
env:
TAG: ${{ github.ref_name }}
LOWERCASE_REPO: ${{ steps.lowercaseRepo.outputs.lowercase }}
run: | run: |
BUILD_TYPE=$([[ "${{ github.ref_name }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] && echo "stable" || echo "beta") BUILD_TYPE=$([[ "${TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] && echo "stable" || echo "beta")
echo "BUILD_TYPE=${BUILD_TYPE}" >> $GITHUB_ENV echo "BUILD_TYPE=${BUILD_TYPE}" >> $GITHUB_ENV
echo "BASE=ghcr.io/${{ steps.lowercaseRepo.outputs.lowercase }}" >> $GITHUB_ENV echo "BASE=ghcr.io/${LOWERCASE_REPO}" >> $GITHUB_ENV
echo "BUILD_TAG=${GITHUB_SHA::7}" >> $GITHUB_ENV echo "BUILD_TAG=${GITHUB_SHA::7}" >> $GITHUB_ENV
echo "CLEAN_VERSION=$(echo ${GITHUB_REF##*/} | tr '[:upper:]' '[:lower:]' | sed 's/^[v]//')" >> $GITHUB_ENV echo "CLEAN_VERSION=$(echo ${GITHUB_REF##*/} | tr '[:upper:]' '[:lower:]' | sed 's/^[v]//')" >> $GITHUB_ENV
- name: Tag and push the main image - name: Tag and push the main image

5
.github/workflows/stale.yml vendored
View File

@ -23,7 +23,9 @@ jobs:
exempt-pr-labels: "pinned,security,dependencies" exempt-pr-labels: "pinned,security,dependencies"
operations-per-run: 120 operations-per-run: 120
- name: Print outputs - name: Print outputs
run: echo ${{ join(steps.stale.outputs.*, ',') }} env:
STALE_OUTPUT: ${{ join(steps.stale.outputs.*, ',') }}
run: echo "$STALE_OUTPUT"
# clean_ghcr: # clean_ghcr:
# name: Delete outdated dev container images # name: Delete outdated dev container images
@ -38,4 +40,3 @@ jobs:
# account-type: personal # account-type: personal
# token: ${{ secrets.GITHUB_TOKEN }} # token: ${{ secrets.GITHUB_TOKEN }}
# token-type: github-token # token-type: github-token