diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml index c9971fa7555..8e3ad91318d 100644 --- a/.github/workflows/bench.yml +++ b/.github/workflows/bench.yml @@ -10,6 +10,9 @@ on: jobs: bench: runs-on: ubuntu-latest + permissions: + contents: read # This is required for actions/checkout + id-token: write # This is required for requesting the JWT steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/gha_failure_monitor.yml b/.github/workflows/gha_failure_monitor.yml deleted file mode 100644 index 8fe0c50e2e0..00000000000 --- a/.github/workflows/gha_failure_monitor.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: GHA Montior - -on: - schedule: - - cron: '0 * * * *' -jobs: - gha_monitor_fuzz: - if: contains(github.repository, 'awslabs/s2n') - env: - SCRIPT_PATH: "./.github/gha_monitor" - runs-on: ubuntu-latest - strategy: - matrix: - repos: - - {ORG: "awslabs", REPO: "private-s2n-fuzz"} - - {ORG: "awslabs", REPO: "private-s2n-cbmc"} - - {ORG: "awslabs", REPO: "s2n"} - - {ORG: "dougch", REPO: "s2n"} - fail-fast: false - steps: - - uses: actions/checkout@v3 - - name: Set up Python 3.x - uses: actions/setup-python@v1 - with: - python-version: '3.x' - architecture: 'x64' - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.SNS_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.SNS_AWS_SECRET_ACCESS_KEY }} - aws-region: us-west-2 - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r $SCRIPT_PATH/requirements.txt - - name: GitHub failure check - run: | - cd $SCRIPT_PATH/ - python3 -m gha_monitor - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_REPO: ${{ matrix.repos.REPO }} - GITHUB_REPO_ORG: ${{ matrix.repos.ORG }} - # Set the time range the monitor should be looking at. - # Should be slightly longer than cron frequency (can be a float). - MONITOR_FREQ_IN_HOURS: "1.1" diff --git a/.github/workflows/private_fork_pr_codebuild.yml b/.github/workflows/private_fork_pr_codebuild.yml deleted file mode 100644 index e068f3a8df4..00000000000 --- a/.github/workflows/private_fork_pr_codebuild.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -name: s2nPrivateFuzz - -on: - pull_request: - branches: [main] - merge_group: - types: [checks_requested] - branches: [main] -jobs: - fuzz: - if: startsWith(github.repository, 'private-') - runs-on: ubuntu-18.04 - strategy: - matrix: - openssl_version: - - openssl-1.0.2 - - openssl-1.1.1 - fail-fast: true - steps: - - uses: actions/setup-node@v1 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-west-2 - - name: S2n Fuzz CodeBuild - uses: aws-actions/aws-codebuild-run-build@master - with: - project-name: 's2nGithubCodebuild' - env-vars-for-codebuild: | - S2N_LIBCRYPTO, - TESTS, - LATEST_CLANG, - FUZZ_TIMEOUT_SEC, - requester, - event-name - env: - S2N_LIBCRYPTO: ${{ matrix.openssl_version }} - TESTS: "fuzz" - LAGEST_CLANG: "true" - FUZZ_TIMEOUT_SEC: 1800 - requester: ${{ github.actor }} - event-name: ${{ github.event_name }} diff --git a/.github/workflows/usage_guide.yml b/.github/workflows/usage_guide.yml index 40ac2163646..07221781fdd 100644 --- a/.github/workflows/usage_guide.yml +++ b/.github/workflows/usage_guide.yml @@ -18,6 +18,7 @@ env: permissions: contents: write statuses: write + id-token: write # This is required for requesting the JWT/OIDC jobs: build-deploy: