branch: elpa/loopy
commit fa9a2ec58cea974d6065ca508b669085e3128bee
Author: okamsn <[email protected]>
Commit: GitHub <[email protected]>
Update GitHub Actions to try to be more secure. (#271)
- Specify action version numbers:
- `purcell/setup-emacs`: Stick with `master`
- `actions/checkout`: v6 (up from v3)
- Deny all permissions.
- For `actions/checkout`, set `persist-credentials` to `false`.
- Remove the commented-out testing version 28.1
- Remove commented-out check for Emacs 29+ when testing native compilation.
See also recent hack on `kubernetes.el` using GitHub Actions.
---
.github/workflows/emacs-matrix-tests.yml | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/emacs-matrix-tests.yml
b/.github/workflows/emacs-matrix-tests.yml
index f9b4cd21db..162686f63f 100644
--- a/.github/workflows/emacs-matrix-tests.yml
+++ b/.github/workflows/emacs-matrix-tests.yml
@@ -8,6 +8,7 @@ on:
branches:
- main
- master
+permissions: {}
jobs:
test:
name: 'Install and Test'
@@ -15,14 +16,15 @@ jobs:
strategy:
matrix:
emacs-version:
- # - '28.1'
- '28.2'
- '29.2'
- '30.2'
- 'release-snapshot'
# - 'snapshot'
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v6
+ with:
+ persist-credentials: false
- uses: purcell/setup-emacs@master
with:
version: ${{ matrix.emacs-version }}
@@ -60,7 +62,6 @@ jobs:
- name: Byte Compilation test
run: emacs -batch --eval='(package-activate-all)' -f batch-byte-compile
~/.emacs.d/elpa/loopy*/*.el
- name: Native Compilation test
- # if: (matrix.emacs-version > 29)
run: |
if [[ t = $(emacs -batch --eval="(prin1 (and (fboundp
'batch-native-compile) (funcall 'native-comp-available-p)))") ]]; then
emacs -batch --eval='(package-activate-all)' -f
batch-native-compile ~/.emacs.d/elpa/loopy*/*.el
