Archived
1
0
This repository has been archived on 2024-09-09. You can view files and clone it, but cannot push or open issues or pull requests.
code-server/.github/workflows/installer.yml
neilnaveen f4569f0b48
Set permissions for GitHub actions (#5090)
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>

Co-authored-by: Joe Previte <jjprevite@gmail.com>
2022-04-12 18:59:11 +00:00

70 lines
1.6 KiB
YAML

name: Installer integration
on:
push:
branches:
- main
paths:
- "install.sh"
pull_request:
branches:
- main
paths:
- "install.sh"
# Cancel in-progress runs for pull requests when developers push
# additional changes, and serialize builds in branches.
# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
permissions:
contents: read
jobs:
ubuntu:
name: Test installer on Ubuntu
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Install code-server
run: ./install.sh
- name: Test code-server
run: yarn test:standalone-release code-server
alpine:
name: Test installer on Alpine
runs-on: ubuntu-latest
container: "alpine:3.14"
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Install curl
run: apk add curl
- name: Add user
run: adduser coder --disabled-password
# Standalone should work without root.
- name: Test standalone to a non-existent prefix
run: su coder -c "./install.sh --method standalone --prefix /tmp/does/not/yet/exist"
macos:
name: Test installer on macOS
runs-on: macos-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Install code-server
run: ./install.sh
- name: Test code-server
run: yarn test:standalone-release code-server