97d10b5095
* remove unused worklow; use GITHUB_TOKEN where possible * pin usages of checkout and setup-go * Fix zizmor errors * add zizmor.yml * fix `changelog.yml` * fix `core-plugins-build-and-release.yml` * fix `release-comms.yml` * update release-pr.yml and run-e2e-suite.yml * Fix errors in files outside of .github/workflows * Remove path filter on zizmor.yml --------- Co-authored-by: Sven Grossmann <svennergr@gmail.com> Co-authored-by: joshhunt <josh.hunt@grafana.com>
29 lines
1.1 KiB
YAML
29 lines
1.1 KiB
YAML
# Owned by grafana-release-guild
|
|
# Intended to be dropped into the base repo (Ex: grafana/grafana) for use in the security mirror.
|
|
name: Create security patch
|
|
run-name: create-security-patch
|
|
on:
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- reopened
|
|
- synchronize
|
|
branches:
|
|
- "main"
|
|
- "v*.*.*"
|
|
- "release-*.*.*"
|
|
|
|
# This is run before the pull request has been merged, so we'll run against the src branch
|
|
jobs:
|
|
trigger_downstream_create_security_patch:
|
|
concurrency: create-patch-${{ github.ref_name }}
|
|
uses: grafana/security-patch-actions/.github/workflows/create-patch.yml@main # zizmor: ignore[unpinned-uses]
|
|
if: github.repository == 'grafana/grafana-security-mirror'
|
|
with:
|
|
repo: "${{ github.repository }}"
|
|
src_ref: "${{ github.head_ref }}" # this is the source branch name, Ex: "feature/newthing"
|
|
patch_ref: "${{ github.base_ref }}" # this is the target branch name, Ex: "main"
|
|
patch_repo: "grafana/grafana-security-patches"
|
|
patch_prefix: "${{ github.event.pull_request.number }}"
|
|
secrets: inherit # zizmor: ignore[secrets-inherit]
|