Skip to content

Files

Latest commit

 

History

History

workflows

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
Aug 6, 2024
auto_assign_prs.yaml
auto_assign_prs.yaml
Aug 6, 2024
auto_label_prs.yaml
auto_label_prs.yaml
Nov 1, 2024
clang_tidy.yaml
clang_tidy.yaml
Oct 21, 2024
discord_wiki.yaml
discord_wiki.yaml
Aug 6, 2024
gh_pages_ci.yaml
gh_pages_ci.yaml
Aug 20, 2024
gh_pages_deploy.yaml
gh_pages_deploy.yaml
Aug 20, 2024
nightly_release.yaml
nightly_release.yaml
Nov 6, 2024
pre_commit.yaml
pre_commit.yaml
Nov 4, 2024
pre_commit_suggestions.yaml
pre_commit_suggestions.yaml
Aug 6, 2024
proposal_labeled.yaml
proposal_labeled.yaml
Aug 6, 2024
proposal_ready.yaml
proposal_ready.yaml
Aug 6, 2024
sync_repos.yaml
sync_repos.yaml
Aug 6, 2024
tests.yaml
tests.yaml
Oct 21, 2024
triage_inactive.yaml
triage_inactive.yaml
Aug 6, 2024

README.md

Workflows

Hardening

Workflows are hardened using Step Security tool. Findings for the "Harden Runner" steps are available online.

Allowed endpoints

Most jobs only have a few endpoints, but due to tools which do downloads, a few have significantly more. These are:

  • pre_commit.yaml (Bazel, pre-commit)
  • nightly_release.yaml (Bazel)
  • tests.yaml (Bazel)

When updating one of these, consider updating all of them.

We try to keep allowed-endpoints with one per line. Prettier wants to wrap them, which we fix this with prettier-ignore.

Testing

We keep around an action-test branch in carbon-lang, which can be used to test triggers with push: configurations. For example:

on:
  push:
    branches: [action-test]