mirrors/yosys
3
0
Fork 0
mirror of https://github.com/YosysHQ/yosys synced 2025-11-03 21:09:12 +00:00
Code Activity

CI: Fixes from zizmor

Browse source 
> A static analysis tool for Github Actions
https://github.com/woodruffw/zizmor

Mostly means adding `persist-credentials: false` to checkouts and replacing `{{ env.VARNAME }}` with shell substitution.
This commit is contained in:
Krystine Sherwin 2024-12-12 15:59:16 +13:00
parent e32e199ca8
commit e609a59325
No known key found for this signature in database
10 changed files with 31 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/codeql.yml vendored
View file

@ -16,7 +16,9 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: true
submodules: true
persist-credentials: false
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:

7
.github/workflows/extra-builds.yml vendored
View file

@ -25,7 +25,8 @@ jobs:
steps:
- uses: actions/checkout@v4
with:
submodules: true
submodules: true
persist-credentials: false
- name: Build
run: make vcxsrc YOSYS_VER=latest
- uses: actions/upload-artifact@v4
@ -59,7 +60,8 @@ jobs:
steps:
- uses: actions/checkout@v4
with:
submodules: true
submodules: true
persist-credentials: false
- name: Build
run: |
WASI_SDK=wasi-sdk-19.0
@ -95,6 +97,7 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: true
persist-credentials: false
- uses: cachix/install-nix-action@v26
with:
install_url: https://releases.nixos.org/nix/nix-2.18.1/install

8
.github/workflows/prepare-docs.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
# only run on push *or* pull_request, not both
concurrent_skipping: ${{ env.docs_export && 'never' || 'same_content_newer'}}
- id: docs_var
run: echo "docs_export=${{ env.docs_export }}" >> $GITHUB_OUTPUT
run: echo "docs_export=${docs_export}" >> $GITHUB_OUTPUT
prepare-docs:
# docs builds are needed for anything on main, any tagged versions, and any tag
@ -47,12 +47,12 @@ jobs:
echo "ENABLE_VERIFIC_LIBERTY := 1" >> Makefile.conf
echo "ENABLE_VERIFIC_YOSYSHQ_EXTENSIONS := 1" >> Makefile.conf
echo "ENABLE_CCACHE := 1" >> Makefile.conf
make -j${{ env.procs }} ENABLE_LTO=1
make -j$procs ENABLE_LTO=1
- name: Prepare docs
shell: bash
run:
make docs/prep -j${{ env.procs }} TARGETS= EXTRA_TARGETS=
make docs/prep -j$procs TARGETS= EXTRA_TARGETS=
- name: Upload artifact
uses: actions/upload-artifact@v4
@ -72,7 +72,7 @@ jobs:
- name: Test build docs
shell: bash
run: |
make -C docs html -j${{ env.procs }} TARGETS= EXTRA_TARGETS=
make -C docs html -j$procs TARGETS= EXTRA_TARGETS=
- name: Trigger RTDs build
if: ${{ needs.check_docs_rebuild.outputs.docs_export == 'true' }}

1
.github/workflows/source-vendor.yml vendored
View file

@ -10,6 +10,7 @@ jobs:
uses: actions/checkout@v4
with:
submodules: 'recursive'
persist-credentials: false
- name: Create clean tarball
run: |

14
.github/workflows/test-build.yml vendored
View file

@ -46,6 +46,7 @@ jobs:
uses: actions/checkout@v4
with:
submodules: true
persist-credentials: false
- name: Setup environment
uses: ./.github/actions/setup-build-env
@ -89,6 +90,8 @@ jobs:
steps:
- name: Checkout Yosys
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup environment
uses: ./.github/actions/setup-build-env
@ -115,7 +118,7 @@ jobs:
uses: actions/cache@v4
with:
path: .local/
key: ${{ matrix.os }}-${{ env.IVERILOG_GIT }}
key: ${{ matrix.os }}-${IVERILOG_GIT}
- name: Build iverilog
if: steps.cache-iverilog.outputs.cache-hit != 'true'
@ -167,6 +170,8 @@ jobs:
steps:
- name: Checkout Yosys
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup environment
uses: ./.github/actions/setup-build-env
@ -188,7 +193,7 @@ jobs:
- name: Run tests
shell: bash
run: |
make -C docs test -j${{ env.procs }}
make -C docs test -j$procs
test-docs-build:
name: Try build docs
@ -204,6 +209,7 @@ jobs:
uses: actions/checkout@v4
with:
submodules: true
persist-credentials: false
- name: Runtime environment
run: |
@ -213,7 +219,7 @@ jobs:
run: |
make config-clang
echo "ENABLE_CCACHE := 1" >> Makefile.conf
make -j${{ env.procs }}
make -j$procs
- name: Install doc prereqs
shell: bash
@ -223,7 +229,7 @@ jobs:
- name: Build docs
shell: bash
run: |
make docs DOC_TARGET=${{ matrix.docs-target }} -j${{ env.procs }}
make docs DOC_TARGET=${{ matrix.docs-target }} -j$procs
- name: Store docs build artifact
uses: actions/upload-artifact@v4

1
.github/workflows/test-compile.yml vendored
View file

@ -48,6 +48,7 @@ jobs:
uses: actions/checkout@v4
with:
submodules: true
persist-credentials: false
- name: Setup environment
uses: ./.github/actions/setup-build-env

5
.github/workflows/test-verific.yml vendored
View file

@ -40,7 +40,7 @@ jobs:
echo "ENABLE_VERIFIC_YOSYSHQ_EXTENSIONS := 1" >> Makefile.conf
echo "ENABLE_CCACHE := 1" >> Makefile.conf
echo "ENABLE_FUNCTIONAL_TESTS := 1" >> Makefile.conf
make -j${{ env.procs }} ENABLE_LTO=1
make -j$procs ENABLE_LTO=1
- name: Install Yosys
run: |
@ -51,6 +51,7 @@ jobs:
with:
repository: 'YosysHQ/sby'
path: 'sby'
persist-credentials: false
- name: Build SBY
run: |
@ -58,7 +59,7 @@ jobs:
- name: Run Yosys tests
run: |
make -j${{ env.procs }} test
make -j$procs test
- name: Run Verific specific Yosys tests
run: |

2
.github/workflows/update-flake-lock.yml vendored
View file

@ -10,6 +10,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- name: Update flake.lock

1
.github/workflows/version.yml vendored
View file

@ -14,6 +14,7 @@ jobs:
with:
fetch-depth: 0
submodules: true
persist-credentials: false
- name: Take last commit
id: log
run: echo "message=$(git log --no-merges -1 --oneline)" >> $GITHUB_OUTPUT

1
.github/workflows/wheels.yml vendored
View file

@ -53,6 +53,7 @@ jobs:
with:
fetch-depth: 0
submodules: true
persist-credentials: false
- if: ${{ matrix.os.family == 'linux' }}
name: "[Linux] Set up QEMU"
uses: docker/setup-qemu-action@v3