Ramo: trunk

Chandler Carruth 0e308e0739 Switch to a manual check status for dependent PRs (#7117)		há 4 dias atrás
..
README.md	0dac40e793 Update clangd-tidy endpoint whitelist (#6855)	há 1 mês atrás
auto_label_prs.yaml	6786edd6ff Update action versions (#6848)	há 1 mês atrás
check_dependent_pr.yaml	0e308e0739 Switch to a manual check status for dependent PRs (#7117)	há 4 dias atrás
clangd_tidy.yaml	96529e16bd Fully switch to the new compilation database system (#7057)	há 2 semanas atrás
discord_wiki.yaml	6786edd6ff Update action versions (#6848)	há 1 mês atrás
gh_pages_ci.yaml	6786edd6ff Update action versions (#6848)	há 1 mês atrás
gh_pages_deploy.yaml	6786edd6ff Update action versions (#6848)	há 1 mês atrás
nightly_release.yaml	1e3906177c Update the name of the bazel target to build the nightly tarball (#7080)	há 1 semana atrás
pre_commit.yaml	a1b6f1c4bd Allow uploads.github.com (#6866)	há 1 mês atrás
pre_commit_suggestions.yaml	25793358c3 Remove jonmeow from pre-commit config (#6966)	há 1 mês atrás
proposal_labeled.yaml	6786edd6ff Update action versions (#6848)	há 1 mês atrás
proposal_ready.yaml	6786edd6ff Update action versions (#6848)	há 1 mês atrás
sync_repos.yaml	6786edd6ff Update action versions (#6848)	há 1 mês atrás
tests.yaml	3db691ecef Add ASan to post-merge CI and improve the action structure for GitHub (#7012)	há 3 semanas atrás
triage_inactive.yaml	6786edd6ff Update action versions (#6848)	há 1 mês atrás

Workflows

Hardening

Workflows are hardened using Step Security tool. Findings for the "Harden Runner" steps are available online.

Most jobs only have a few endpoints, but due to tools which do downloads, a few have significantly more. These are:

When updating one of these, consider updating all of them.

We try to keep allowed-endpoints with one per line. Prettier wants to wrap them, which we fix this with prettier-ignore.

We keep around an action-test branch in carbon-lang, which can be used to test triggers with push: configurations. For example:

on:
  push:
    branches: [action-test]