File tree 1 file changed +12
-2
lines changed
1 file changed +12
-2
lines changed Original file line number Diff line number Diff line change @@ -3,7 +3,6 @@ name: "security"
33permissions :
44 actions : read
55 contents : read
6- security-events : write
76
87on :
98 workflow_dispatch :
@@ -23,6 +22,8 @@ concurrency:
2322
2423jobs :
2524 codeql :
25+ permissions :
26+ security-events : write
2627 runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
2728 steps :
2829 - name : Harden Runner
6162 "${{ secrets.SLACK_SECURITY_FAILURE_WEBHOOK_URL }}"
6263
6364trivy :
65+ permissions :
66+ security-events : write
6467 runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
6568 steps :
6669 - name : Harden Runner
@@ -95,13 +98,20 @@ jobs:
9598 # protoc must be in lockstep with our dogfood Dockerfile or the
9699 # version in the comments will differ. This is also defined in
97100 # ci.yaml.
98- set -x
101+ set -euxo pipefail
99102 cd dogfood/contents
103+ mkdir -p /usr/local/bin
104+ mkdir -p /usr/local/include
105+
100106 DOCKER_BUILDKIT=1 docker build . --target proto -t protoc
101107 protoc_path=/usr/local/bin/protoc
102108 docker run --rm --entrypoint cat protoc /tmp/bin/protoc > $protoc_path
103109 chmod +x $protoc_path
104110 protoc --version
111+ # Copy the generated files to the include directory.
112+ docker run --rm -v /usr/local/include:/target protoc cp -r /tmp/include/google /target/
113+ ls -la /usr/local/include/google/protobuf/
114+ stat /usr/local/include/google/protobuf/timestamp.proto
105115
106116name : Build Coder linux amd64 Docker image
107117 id : build
You can’t perform that action at this time.
0 commit comments