FreeRTOS/Lab-Project-FreeRTOS-FAT
1
0
Fork 0
mirror of https://github.com/FreeRTOS/Lab-Project-FreeRTOS-FAT.git synced 2025-10-19 02:23:15 +08:00
Code Issues Projects Releases Wiki Activity

Follow Security Guide to update release.yml (#71)

Browse Source 
<!--- Title -->
Follow Security Guide to update release.yml

Description
-----------
<!--- Describe your changes in detail. -->
1. Update release.yml with latest version from other library.
2. Follow [Security
Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections)
to update release.yml.


Test Steps
-----------
<!-- Describe the steps to reproduce. -->
Execute release flow in local branch, see result on
https://github.com/ActoryOu/coreMQTT/actions/runs/11662840570.

Checklist:
----------
<!--- Go over all the following points, and put an `x` in all the boxes
that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're
here to help! -->
- [NA] I have tested my changes. No regression in existing tests.
- [NA] I have modified and/or added unit-tests to cover the code changes
in this Pull Request.

Related Issue
-----------
<!-- If any, please provide issue ID. -->

By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice.
This commit is contained in:
ActoryOu
2024-11-04 20:16:08 +08:00
committed by GitHub
parent 0085e3d296
commit 584ee64275
2 changed files with 57 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/.cSpellWords.txt vendored
View File

@@ -27,6 +27,7 @@ CPSECURE
CPSM CPSM
CREATELFNS CREATELFNS
CSDK CSDK
CTOUTF
Chrs Chrs
Cmock Cmock
Comd Comd

78
.github/workflows/release.yml vendored
View File

@@ -4,10 +4,10 @@ on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
commit_id: commit_id:
description: "Commit ID to tag and create a release for" description: 'Commit ID to tag and create a release for'
required: true required: true
version_number: version_number:
description: "Release Version Number (Eg, v1.0.0)" description: 'Release Version Number (Eg, v1.0.0)'
required: true required: true
jobs: jobs:
@@ -16,35 +16,47 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v4
with: with:
ref: ${{ github.event.inputs.commit_id }} ref: ${{ github.event.inputs.commit_id }}
- name: Configure git identity - name: Configure git identity
env:
ACTOR: ${{ github.actor }}
run: | run: |
git config --global user.name ${{ github.actor }} git config --global user.name "$ACTOR"
git config --global user.email ${{ github.actor }}@users.noreply.github.com git config --global user.email "$ACTOR"@users.noreply.github.com
- name: create a new branch that references commit id - name: create a new branch that references commit id
run: git checkout -b ${{ github.event.inputs.version_number }} ${{ github.event.inputs.commit_id }} env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
COMMIT_ID: ${{ github.event.inputs.commit_id }}
run: git checkout -b "$VERSION_NUMBER" "$COMMIT_ID"
- name: Generate SBOM - name: Generate SBOM
uses: FreeRTOS/CI-CD-Github-Actions/sbom-generator@main uses: FreeRTOS/CI-CD-Github-Actions/sbom-generator@main
with: with:
repo_path: ./ repo_path: ./
source_path: ./source source_path: ./source
- name: commit SBOM file - name: commit SBOM file
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
run: | run: |
git add . git add .
git commit -m 'Update SBOM' git commit -m 'Update SBOM'
git push -u origin ${{ github.event.inputs.version_number }} git push -u origin "$VERSION_NUMBER"
- name: Tag Commit and Push to remote - name: Tag Commit and Push to remote
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
run: | run: |
git tag ${{ github.event.inputs.version_number }} -a -m "FreeRTOS-Plus-FAT Library ${{ github.event.inputs.version_number }}" git tag "$VERSION_NUMBER" -a -m "FreeRTOS-Plus-FAT Library $VERSION_NUMBER"
git push origin --tags git push origin --tags
- name: Verify tag on remote - name: Verify tag on remote
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
COMMIT_ID: ${{ github.event.inputs.commit_id }}
run: | run: |
git tag -d ${{ github.event.inputs.version_number }} git tag -d "$VERSION_NUMBER"
git remote update git remote update
git checkout tags/${{ github.event.inputs.version_number }} git checkout tags/"$VERSION_NUMBER"
git diff ${{ github.event.inputs.commit_id }} tags/${{ github.event.inputs.version_number }} git diff "$COMMIT_ID" tags/"$VERSION_NUMBER"
create-zip: create-zip:
needs: tag-commit needs: tag-commit
name: Create ZIP and verify package for release asset. name: Create ZIP and verify package for release asset.
@@ -53,9 +65,9 @@ jobs:
- name: Install ZIP tools - name: Install ZIP tools
run: sudo apt-get install zip unzip run: sudo apt-get install zip unzip
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v4
with: with:
ref: ${{ github.event.inputs.commit_id }} ref: ${{ github.event.inputs.version_number }}
path: FreeRTOS-Plus-FAT path: FreeRTOS-Plus-FAT
submodules: recursive submodules: recursive
- name: Checkout disabled submodules - name: Checkout disabled submodules
@@ -63,28 +75,36 @@ jobs:
cd FreeRTOS-Plus-FAT cd FreeRTOS-Plus-FAT
git submodule update --init --checkout --recursive git submodule update --init --checkout --recursive
- name: Create ZIP - name: Create ZIP
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
run: | run: |
zip -r FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip FreeRTOS-Plus-FAT -x "*.git*" zip -r FreeRTOS-Plus-FAT-"$VERSION_NUMBER".zip FreeRTOS-Plus-FAT -x "*.git*"
ls ./ ls ./
- name: Validate created ZIP - name: Validate created ZIP
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
run: | run: |
mkdir zip-check mkdir zip-check
mv FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip zip-check mv FreeRTOS-Plus-FAT-"$VERSION_NUMBER".zip zip-check
cd zip-check cd zip-check
unzip FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip -d FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }} unzip FreeRTOS-Plus-FAT-"$VERSION_NUMBER".zip -d FreeRTOS-Plus-FAT-"$VERSION_NUMBER"
ls FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }} ls FreeRTOS-Plus-FAT-"$VERSION_NUMBER"
diff -r -x "*.git*" FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}/FreeRTOS-Plus-FAT/ ../FreeRTOS-Plus-FAT/ diff -r -x "*.git*" FreeRTOS-Plus-FAT-"$VERSION_NUMBER"/FreeRTOS-Plus-FAT/ ../FreeRTOS-Plus-FAT/
cd ../ cd ../
- name: Build - name: Build
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
run: | run: |
cd zip-check/FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}/FreeRTOS-Plus-FAT cd zip-check/FreeRTOS-Plus-FAT-"$VERSION_NUMBER"/FreeRTOS-Plus-FAT
sudo apt-get install -y lcov sudo apt-get install -y lcov
sudo apt-get install unifdef sudo apt-get install unifdef
cmake -S test/unit-test -B test/unit-test/build/ cmake -S test/unit-test -B test/unit-test/build/
make -C test/unit-test/build/ all make -C test/unit-test/build/ all
- name: Test - name: Test
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
run: | run: |
cd zip-check/FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}/FreeRTOS-Plus-FAT cd zip-check/FreeRTOS-Plus-FAT-"$VERSION_NUMBER"/FreeRTOS-Plus-FAT
pushd test/unit-test/build/ pushd test/unit-test/build/
ctest -E system --output-on-failure ctest -E system --output-on-failure
popd popd
@@ -92,7 +112,7 @@ jobs:
lcov --list --rc lcov_branch_coverage=1 test/unit-test/build/coverage.info lcov --list --rc lcov_branch_coverage=1 test/unit-test/build/coverage.info
cd .. cd ..
- name: Create artifact of ZIP - name: Create artifact of ZIP
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v4
with: with:
name: FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip name: FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip
path: zip-check/FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip path: zip-check/FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip
@@ -125,7 +145,7 @@ jobs:
draft: false draft: false
prerelease: false prerelease: false
- name: Download ZIP artifact - name: Download ZIP artifact
uses: actions/download-artifact@v4.1.7 uses: actions/download-artifact@v4
with: with:
name: FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip name: FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip
- name: Upload Release Asset - name: Upload Release Asset
@@ -138,3 +158,17 @@ jobs:
asset_path: ./FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip asset_path: ./FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip
asset_name: FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip asset_name: FreeRTOS-Plus-FAT-${{ github.event.inputs.version_number }}.zip
asset_content_type: application/zip asset_content_type: application/zip
cleanup:
needs:
- create-release
name: Cleanup
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Delete branch created for Tag by SBOM generator
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
run: |
# Delete the branch created for Tag by SBOM generator
git push -u origin --delete refs/heads/"$VERSION_NUMBER"