-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sprint 53 #1205
base: main
Are you sure you want to change the base?
Sprint 53 #1205
Conversation
Signed-off-by: Miguel_LZPF <[email protected]>
@MiguelLZPF please document the |
@rbarkerSL I filled the |
Signed-off-by: Alberto Molina <[email protected]>
…ity hardening step Signed-off-by: Miguel_LZPF <[email protected]>
Signed-off-by: Miguel_LZPF <[email protected]>
Signed-off-by: Miguel_LZPF <[email protected]>
Hello @mishomihov00 and @rbarkerSL ! Can you review the comments? All were addressed yesterday. |
@MiguelLZPF as described in this comment - https://github.com/hashgraph/stablecoin-studio/pull/1205/files#r1808173072, please either add the "Hardened runner" step as the first step in the workflows or invoke the "Initial steps" action before the "Checkout repository" step so that it's the first step of the workflow. This applies for all workflows. |
Signed-off-by: Miguel_LZPF <[email protected]>
Signed-off-by: Miguel_LZPF <[email protected]>
Signed-off-by: Miguel_LZPF <[email protected]>
@mishomihov00 Done! didn't see the response yesterday, sorry. BTW I have added the "permissions" line to this branch that I have seen changed directly in main over old files and that were generating conflicts in this branch. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My review only applies to these files and I'm giving "Approve" only for them:
.github/actions/create-env-file/action.yaml
.github/actions/initial-steps/action.yaml
.github/actions/install-and-build/action.yaml
.github/workflows/all.testWithRpc.yml
.github/workflows/publish-all.backup.yaml
.github/workflows/publish.yaml
.github/workflows/test-backend.yaml
.github/workflows/test-cli.yaml
.github/workflows/test-contracts.yaml
.github/workflows/test-sdk.yaml
.github/workflows/test-web.yaml
.github/workflows/version.yaml
@mishomihov00 OK, thank you! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Checked again, unresolved the comments. Please put hardened runner ahead of the repo checkout. |
Signed-off-by: Miguel_LZPF <[email protected]>
655745b
@rbarkerSL The 'Harden runner' step is now the first step in all the workflows, as you initially pointed out. So, all your requested changes have been addressed. Are you looking at the latest version of the code? Also, it's not mandatory for every action to include this step, correct? If there are any others missing, please let us know so we can resolve them quickly. We have checked all files again with all the team and should be all OK. As there are a lot of jobs now, if you find one missing please put the comment in the same line so we can see them. Thank you! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Description:
- Components tests only run if changes apply to the component itself
- Alpine v3.20 lightweight container set replaces the full ubuntu container. Size reduced from 1.1GB to 140MB
- Publish workflow subdivided in jobs one per module) so that if one fails the other do not need to be published again
Notes for reviewer:
Checklist