diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index f71119afb22d7..4ae50b2aa4792 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -3,7 +3,6 @@ name: "security"
permissions:
actions: read
contents: read
- security-events: write
on:
workflow_dispatch:
@@ -23,6 +22,8 @@ concurrency:
jobs:
codeql:
+ permissions:
+ security-events: write
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
@@ -61,6 +62,8 @@ jobs:
"${{ secrets.SLACK_SECURITY_FAILURE_WEBHOOK_URL }}"
trivy:
+ permissions:
+ security-events: write
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
@@ -95,13 +98,20 @@ jobs:
# protoc must be in lockstep with our dogfood Dockerfile or the
# version in the comments will differ. This is also defined in
# ci.yaml.
- set -x
+ set -euxo pipefail
cd dogfood/contents
+ mkdir -p /usr/local/bin
+ mkdir -p /usr/local/include
+
DOCKER_BUILDKIT=1 docker build . --target proto -t protoc
protoc_path=/usr/local/bin/protoc
docker run --rm --entrypoint cat protoc /tmp/bin/protoc > $protoc_path
chmod +x $protoc_path
protoc --version
+ # Copy the generated files to the include directory.
+ docker run --rm -v /usr/local/include:/target protoc cp -r /tmp/include/google /target/
+ ls -la /usr/local/include/google/protobuf/
+ stat /usr/local/include/google/protobuf/timestamp.proto
- name: Build Coder linux amd64 Docker image
id: build
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy