diff --git a/.github/dependabot.yml b/.github/dependabot.yml index dad1454a..e55793df 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,53 +4,75 @@ updates: directory: /.github/builder schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: github-actions directory: / schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: docker directory: / schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: docker directory: /examples/manual-example schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: docker directory: /examples/tutorials/edk2-simics-platform schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: docker directory: /examples/tutorials/edk2-uefi schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: docker directory: /examples/tutorials/risc-v-kernel schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: docker directory: /tests/rsrc/riscv-64 schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: docker directory: /tests/rsrc/x86_64-breakpoint-uefi-edk2 schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: docker directory: /tests/rsrc/x86_64-timeout-uefi-edk2 schedule: interval: daily + cooldown: + default-days: 7 - package-ecosystem: docker directory: /tests/rsrc/x86_64-uefi-edk2 schedule: interval: daily + cooldown: + default-days: 7 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5d760bf4..296fdcce 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -103,6 +103,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false - name: Download Craff uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 @@ -153,6 +154,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false - name: Cache Test Artifacts id: cache-test-artifacts-x86_64-breakpoint-uefi-edk2 @@ -192,6 +194,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false - name: Cache Test Artifacts id: cache-test-artifacts-x86_64-crash-uefi @@ -231,6 +234,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false - name: Cache Test Artifacts id: cache-test-artifacts-x86_64-timeout-uefi-edk2 @@ -270,6 +274,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false - name: Cache Test Artifacts id: cache-test-artifacts-x86_64-uefi @@ -309,6 +314,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false - name: Cache Test Artifacts id: cache-test-artifacts-x86_64-uefi-edk2 @@ -350,6 +356,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false - name: Download Craff uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 @@ -466,6 +473,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false - name: Delete Un-Built Test Dependencies run: | @@ -677,6 +685,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false # enforce the gnu target here, since cargo-simics-build isn't compatible with x86_64-pc-windows-msvc - name: Setup, Build, and Install TSFFS @@ -734,6 +743,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true + persist-credentials: false - name: Cache Builder Dependencies id: cache-builder-dependencies @@ -744,7 +754,7 @@ jobs: # tomllib is available in Python 3.11 and later - name: Set up Python 3.11 - uses: actions/setup-python@v6 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6 with: python-version: "3.11" @@ -824,6 +834,7 @@ jobs: with: fetch-depth: 0 lfs: false + persist-credentials: false - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d5060e28..e28cf2f4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -47,6 +47,8 @@ jobs: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 03d08b62..7ac3fa66 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -23,5 +23,7 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: 'Dependency Review' uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index a9d637d6..cd381939 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -44,6 +44,8 @@ jobs: sudo apt-get -y install curl - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - uses: dtolnay/rust-toolchain@83bdede770b06329615974cf8c786f845d824dfb # nightly diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml index 1aa89ab9..0a5ff49b 100644 --- a/.github/workflows/scans.yml +++ b/.github/workflows/scans.yml @@ -25,6 +25,7 @@ jobs: with: fetch-depth: 0 lfs: false + persist-credentials: false - name: (CT222) (E/C) - Use hadolint to evaluate Dockerfile configuration env: @@ -109,6 +110,7 @@ jobs: with: fetch-depth: 0 lfs: false + persist-credentials: false - name: Setup Docker uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 @@ -146,6 +148,7 @@ jobs: with: fetch-depth: 0 lfs: false + persist-credentials: false - name: Build Image run: | @@ -170,6 +173,7 @@ jobs: with: fetch-depth: 0 lfs: false + persist-credentials: false - name: Build Image run: | @@ -194,6 +198,7 @@ jobs: with: fetch-depth: 0 lfs: false + persist-credentials: false - name: Build Image run: | @@ -225,6 +230,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: false + persist-credentials: false - uses: dtolnay/rust-toolchain@83bdede770b06329615974cf8c786f845d824dfb # nightly with: