mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-25 22:02:05 -06:00
ab605f26e2
The `codeql-cpp` CI job for #6844 is failing[1]: ##[group]Setup CodeQL tools [...] Did not find CodeQL tools version 2.22.2 in the toolcache. Using CodeQL CLI version 2.22.2 sourced from https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.2/codeql-bundle-linux64.tar.zst . Downloading CodeQL tools from https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.2/codeql-bundle-linux64.tar.zst . This may take a while. Streaming the extraction of the CodeQL bundle. node:events:502 throw er; // Unhandled 'error' event ^ Error: connect ECONNREFUSED 54.185.253.63:443 at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1611:16) [...] errno: -111, code: 'ECONNREFUSED', syscall: 'connect', address: '54.185.253.63', port: 443 } Node.js v20.19.3 Post job cleanup. [...] Allow `release-assets.githubusercontent.com:443`, which is what the download link above resolves to. [1] https://github.com/netblue30/firejail/actions/runs/16638865345/job/47085091964
60 lines
1.5 KiB
YAML
60 lines
1.5 KiB
YAML
# Lints and checks for potential issues in Python files.
|
|
|
|
name: Check-Python
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches-ignore:
|
|
- 'dependabot/**'
|
|
paths:
|
|
- '**.py'
|
|
- .github/workflows/check-python.yml
|
|
pull_request:
|
|
paths:
|
|
- '**.py'
|
|
- .github/workflows/check-python.yml
|
|
schedule:
|
|
- cron: '0 7 * * 2'
|
|
|
|
permissions: # added using https://github.com/step-security/secure-workflows
|
|
contents: read
|
|
|
|
jobs:
|
|
codeql-python:
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 10
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49
|
|
with:
|
|
disable-sudo: true
|
|
egress-policy: block
|
|
allowed-endpoints: >
|
|
api.github.com:443
|
|
files.pythonhosted.org:443
|
|
github.com:443
|
|
objects.githubusercontent.com:443
|
|
pypi.org:443
|
|
release-assets.githubusercontent.com:443
|
|
uploads.github.com:443
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
|
|
|
- name: print env
|
|
run: ./ci/printenv.sh
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b
|
|
with:
|
|
languages: python
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b
|