Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 22 months ago

#57572 closed task (blessed) (fixed)

GitHub Actions updates and improvements for 6.2

Reported by: desrosj's profile desrosj Owned by:
Milestone: 6.2 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: has-patch
Focuses: Cc:

Description

This ticket is for various updates and improvements for Core's GitHub Actions workflows.

Previously, these were tracked as a part of the "test tool and unit test improvements" tickets (see #56793 for 6.2), but there's enough volume to warrant this be a separate ticket.

Change History (35)

This ticket was mentioned in PR #3929 on WordPress/wordpress-develop by @desrosj.


2 years ago
#1

  • Keywords has-patch added

#2 @desrosj
2 years ago

In 55152:

Build/Test Tools: Update third-party GitHub Actions.

This updates the following third-party GitHub Actions to their latest versions.

  • actions/cache
  • actions/checkout
  • actions/upload-artifact
  • actions/setup-node
  • actions/setup-php
  • actions/github-script

See #57572.

This ticket was mentioned in PR #3937 on WordPress/wordpress-develop by @johnbillion.


2 years ago
#3

Trac ticket: https://core.trac.wordpress.org/ticket/57572

The permissions key in a job declares the GitHub permissions that are granted to the token that's used by the job. Restricting the permissions reduces the impact that a vulnerability in the CI system can have.

Docs:

This ticket was mentioned in Slack in #core by costdev. View the logs.


2 years ago

#6 @desrosj
2 years ago

@johnbillion I left a few questions on https://github.com/WordPress/wordpress-develop/pull/3937. If we can get those sorted out before RC1 on Tuesday, I'd like to just merge that instead of kicking it down to #57865.

This ticket was mentioned in PR #4177 on WordPress/wordpress-develop by @desrosj.


2 years ago
#7

This is an expanded approach to #3937.

  • Merges the latest trunk
  • Adds permissions to the new Performance testing workflow.
  • Adds permissions: {} at the workflow level for all workflows. This ensures that any jobs added in the future will also be restricted until permissions are manually adjusted at the specific job level.

Original description from #3937:

Trac ticket: https://core.trac.wordpress.org/ticket/57572

The permissions key in a job declares the GitHub permissions that are granted to the token that's used by the job. Restricting the permissions reduces the impact that a vulnerability in the CI system can have.

## Docs

## Changes

  • Jobs that re-run workflows have been restricted to actions: write as they post to the actions API
  • The main Slack notification job has been restricted to actions: read and contents: read as it prepares the data for its dependent jobs, all of which have been restricted to no permissions
  • The new contributor workflow has been restricted to issues: write as it posts a comment to the PR
  • All other jobs have been restricted to contents: read as they need no access other than to read the repo

This ticket was mentioned in Slack in #core by mukeshpanchal27. View the logs.


2 years ago

#9 @desrosj
2 years ago

In 55487:

Build/Test Tools: Update several GitHub Actions.

This updates three GitHub Actions to their latest versions:

  • shivammathur/setup-php
  • actions/cache
  • wow-actions/welcome

The welcome action now uses the GITHUB_TOKEN by default, so it no longer needs to be passed manually.

See #57572.

#10 @desrosj
2 years ago

In 55489:

Build/Test Tools: Update several GitHub Actions.

This updates three GitHub Actions to their latest versions:

  • shivammathur/setup-php
  • actions/cache
  • wow-actions/welcome

The welcome action now uses the GITHUB_TOKEN by default, so it no longer needs to be passed manually.

Merges [55487] to the 6.1 branch.
See #57572.

#11 @desrosj
2 years ago

In 55490:

Build/Test Tools: Update several GitHub Actions.

This updates three GitHub Actions to their latest versions:

  • shivammathur/setup-php
  • actions/cache
  • wow-actions/welcome

The welcome action now uses the GITHUB_TOKEN by default, so it no longer needs to be passed manually.

Merges [54651] and [55487] to the 6.0 branch.
See #56793, #57572.

#12 @costdev
2 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Per the discussion in the bug scrub, as we're about to enter RC, closing this ticket out for 6.2.

#13 @desrosj
2 years ago

In 55516:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.

Merges [53736], [53737], [53940], [53947], [54039], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.9 branch.
See #55652, #56407, #54695, #56820, #56816, #56793, #56820, #57572.

#14 @desrosj
2 years ago

In 55517:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.8 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#15 @desrosj
2 years ago

In 55518:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.8 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#16 @desrosj
2 years ago

In 55519:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.6 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#17 @desrosj
2 years ago

In 55520:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.5 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#18 @desrosj
2 years ago

In 55521:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.4 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#19 @desrosj
2 years ago

In 55522:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.3 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#20 @desrosj
2 years ago

In 55523:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.2 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#21 @desrosj
2 years ago

In 55524:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 5.1 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#22 @desrosj
2 years ago

In 55525:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 5.0 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#23 @desrosj
2 years ago

In 55527:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.9 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#24 @desrosj
2 years ago

In 55528:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.8 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#25 @desrosj
2 years ago

In 55529:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.7 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#26 @desrosj
2 years ago

In 55530:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.6 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#27 @desrosj
2 years ago

In 55531:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.5 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#28 @desrosj
2 years ago

In 55532:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.4 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#29 @desrosj
2 years ago

In 55533:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.3 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#30 @desrosj
2 years ago

In 55534:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.2 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#31 @desrosj
2 years ago

In 55535:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.1 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

@johnbillion commented on PR #3937:


2 years ago
#32

Closing in favour of #4177

@johnbillion commented on PR #4177:


2 years ago
#33

@desrosj Wanna move this to 6.3? I see the backports for 6.2 have already been done.

@desrosj commented on PR #4177:


2 years ago
#34

@johnbillion That works! Would you like to commit?

Note: See TracTickets for help on using tickets.