From 53915ab18e36475958bb9991c9211cdbbfe2c9eb Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Wed, 30 Nov 2022 04:02:42 +0000 Subject: [PATCH] Use harden runner for testing workflow --- .github/workflows/testing.yml | 280 +++++++++++++++++----------------- 1 file changed, 143 insertions(+), 137 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 8d14256a3..c52a11057 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -51,140 +51,146 @@ jobs: RECVER_UID: ${{ secrets.MATRIX_RECVER_UID }} RECVER_PWD: ${{ secrets.MATRIX_RECVER_PWD }} steps: - - name: Set up Go ${{ matrix.go }}.x - uses: actions/setup-go@v3 - with: - go-version: ${{ matrix.go }} - - - name: Set up IPFS - uses: ibnesayeed/setup-ipfs@3e5452e358dfa43a0fb92496e96c82cf756be94a - with: - run_daemon: true - - - name: Set up Tor - uses: tor-actions/setup-tor@main - with: - daemon: true - - - name: Set up Chrome - uses: browser-actions/setup-chrome@37c79b7f0199cec79c8b6a414e806d88c8662bdd - with: - chrome-version: stable - - - name: Set up Meilisearch - if: matrix.os == 'ubuntu-latest' - uses: moy2010/meilisearch-github-action@fcc5ef714af0596633665032d459bfb279d3c730 # 0.1.4 - with: - meilisearch-version: v0.28.0 - meilisearch-port: 7700 - meilisearch-api-key: foobar - - - name: Set up Chocolatey - if: matrix.os == 'windows-latest' - uses: crazy-max/ghaction-chocolatey@b59ffdb6594d2e2c36d9e1174e15ac799dd0a8f1 # v2.0.0 - with: - args: -h - - - name: Install Packages - if: matrix.os == 'ubuntu-latest' - shell: bash - run: | - # search package https://pkgs.org/ - sudo add-apt-repository universe - sudo apt-get -y -qq update - sudo apt-get -y -qq install ffmpeg webp youtube-dl - pip3 install you-get - echo "youtube-dl version $(youtube-dl --version)" - you-get --version - ffmpeg -version - - - name: Install Packages - if: matrix.os == 'macos-latest' - shell: bash - run: | - # search package https://brew.sh/ - brew install --quiet ffmpeg webp youtube-dl you-get - echo "youtube-dl version $(youtube-dl --version)" - you-get --version - ffmpeg -version - - - name: Install Packages - if: matrix.os == 'windows-latest' - shell: bash - run: | - # search package https://community.chocolatey.org/packages - choco install --no-progress wget ffmpeg webp youtube-dl you-get - echo "youtube-dl version $(youtube-dl --version)" - you-get --version - ffmpeg -version - wget --help - - - name: Set environments - shell: bash - run: | - # Set env to enable reduxer - echo "WAYBACK_STORAGE_DIR=${{ runner.temp }}" >> $GITHUB_ENV - # Append paths to environment path - # echo "$(which youtube-dl)" >> $GITHUB_PATH - # echo "$(which you-get)" >> $GITHUB_PATH - # echo "$(which ffmpeg)" >> $GITHUB_PATH - # echo "$(which wget)" >> $GITHUB_PATH - - - name: Set environments for Meilisearch - if: matrix.os == 'ubuntu-latest' - shell: bash - run: | - # Set env to enable reduxer - echo "WAYBACK_MEILI_ENDPOINT=http://localhost:7700" >> $GITHUB_ENV - echo "PLAYBACK_MEILI_ENDPOINT=http://localhost:7700" >> $GITHUB_ENV - echo "WAYBACK_MEILI_APIKEY=foobar" >> $GITHUB_ENV - echo "PLAYBACK_MEILI_APIKEY=foobar" >> $GITHUB_ENV - - - name: Check out code base - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Check out code base - if: github.event_name == 'pull_request' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - - name: Cache go module - uses: actions/cache@v3 - with: - path: | - ~/.cache/go-build - ~/go/pkg/mod - ~/Library/Caches/go-build - ~\AppData\Local\go-build - ~\go\pkg\mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - name: Get dependencies - run: | - go get -v -t -d ./... - - - name: Run test - run: | - make test - make test-cover - shell: bash - - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - name: coverage-${{ matrix.os }} - path: coverage.* - - - name: Upload coverage to Codecov - if: ${{ matrix.update-coverage }} - uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 #v3.1.0 - - - name: Run integration test - run: make test-integration + - name: Harden Runner + uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34 # v1.5.0 + with: + egress-policy: audit + disable-telemetry: true + + - name: Set up Go ${{ matrix.go }}.x + uses: actions/setup-go@v3 + with: + go-version: ${{ matrix.go }} + + - name: Set up IPFS + uses: ibnesayeed/setup-ipfs@3e5452e358dfa43a0fb92496e96c82cf756be94a + with: + run_daemon: true + + - name: Set up Tor + uses: tor-actions/setup-tor@main + with: + daemon: true + + - name: Set up Chrome + uses: browser-actions/setup-chrome@37c79b7f0199cec79c8b6a414e806d88c8662bdd + with: + chrome-version: stable + + - name: Set up Meilisearch + if: matrix.os == 'ubuntu-latest' + uses: moy2010/meilisearch-github-action@fcc5ef714af0596633665032d459bfb279d3c730 # 0.1.4 + with: + meilisearch-version: v0.28.0 + meilisearch-port: 7700 + meilisearch-api-key: foobar + + - name: Set up Chocolatey + if: matrix.os == 'windows-latest' + uses: crazy-max/ghaction-chocolatey@b59ffdb6594d2e2c36d9e1174e15ac799dd0a8f1 # v2.0.0 + with: + args: -h + + - name: Install Packages + if: matrix.os == 'ubuntu-latest' + shell: bash + run: | + # search package https://pkgs.org/ + sudo add-apt-repository universe + sudo apt-get -y -qq update + sudo apt-get -y -qq install ffmpeg webp youtube-dl + pip3 install you-get + echo "youtube-dl version $(youtube-dl --version)" + you-get --version + ffmpeg -version + + - name: Install Packages + if: matrix.os == 'macos-latest' + shell: bash + run: | + # search package https://brew.sh/ + brew install --quiet ffmpeg webp youtube-dl you-get + echo "youtube-dl version $(youtube-dl --version)" + you-get --version + ffmpeg -version + + - name: Install Packages + if: matrix.os == 'windows-latest' + shell: bash + run: | + # search package https://community.chocolatey.org/packages + choco install --no-progress wget ffmpeg webp youtube-dl you-get + echo "youtube-dl version $(youtube-dl --version)" + you-get --version + ffmpeg -version + wget --help + + - name: Set environments + shell: bash + run: | + # Set env to enable reduxer + echo "WAYBACK_STORAGE_DIR=${{ runner.temp }}" >> $GITHUB_ENV + # Append paths to environment path + # echo "$(which youtube-dl)" >> $GITHUB_PATH + # echo "$(which you-get)" >> $GITHUB_PATH + # echo "$(which ffmpeg)" >> $GITHUB_PATH + # echo "$(which wget)" >> $GITHUB_PATH + + - name: Set environments for Meilisearch + if: matrix.os == 'ubuntu-latest' + shell: bash + run: | + # Set env to enable reduxer + echo "WAYBACK_MEILI_ENDPOINT=http://localhost:7700" >> $GITHUB_ENV + echo "PLAYBACK_MEILI_ENDPOINT=http://localhost:7700" >> $GITHUB_ENV + echo "WAYBACK_MEILI_APIKEY=foobar" >> $GITHUB_ENV + echo "PLAYBACK_MEILI_APIKEY=foobar" >> $GITHUB_ENV + + - name: Check out code base + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Check out code base + if: github.event_name == 'pull_request' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + + - name: Cache go module + uses: actions/cache@v3 + with: + path: | + ~/.cache/go-build + ~/go/pkg/mod + ~/Library/Caches/go-build + ~\AppData\Local\go-build + ~\go\pkg\mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + - name: Get dependencies + run: | + go get -v -t -d ./... + + - name: Run test + run: | + make test + make test-cover + shell: bash + + - name: Upload artifact + uses: actions/upload-artifact@v3 + with: + name: coverage-${{ matrix.os }} + path: coverage.* + + - name: Upload coverage to Codecov + if: ${{ matrix.update-coverage }} + uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 #v3.1.0 + + - name: Run integration test + run: make test-integration