From 669effc2c00d4ad48c6078c94309c961c42c3881 Mon Sep 17 00:00:00 2001 From: Ryan Cooke Date: Fri, 29 Nov 2024 16:53:05 +0000 Subject: [PATCH 1/8] Explicitly set GITHUB_TOKEN permissions for yocto workflow Changelog-entry: Explicitly set GITHUB_TOKEN permissions for yocto workflow Signed-off-by: Ryan Cooke --- .github/workflows/npe-x500-m3.yml | 7 +++++++ .github/workflows/raspberrypi.yml | 6 ++++++ .github/workflows/raspberrypi0-2w-64.yml | 6 ++++++ .github/workflows/raspberrypi2.yml | 6 ++++++ .github/workflows/raspberrypi3-64.yml | 6 ++++++ .github/workflows/raspberrypi3-unipi-neuron.yml | 6 ++++++ .github/workflows/raspberrypi3.yml | 6 ++++++ .github/workflows/raspberrypi4-64.yml | 6 ++++++ .github/workflows/raspberrypi4-superhub.yml | 6 ++++++ .github/workflows/raspberrypi4-unipi-neuron.yml | 6 ++++++ .github/workflows/raspberrypi400-64.yml | 6 ++++++ .github/workflows/raspberrypi5.yml | 6 ++++++ .github/workflows/raspberrypicm4-ioboard.yml | 6 ++++++ .github/workflows/revpi-connect-4.yml | 6 ++++++ .github/workflows/revpi-connect-s.yml | 6 ++++++ .github/workflows/revpi-connect.yml | 6 ++++++ .github/workflows/revpi-core-3.yml | 7 +++++++ .github/workflows/rt-rpi-300.yml | 7 +++++++ 18 files changed, 111 insertions(+) diff --git a/.github/workflows/npe-x500-m3.yml b/.github/workflows/npe-x500-m3.yml index 5d247faf9..1b771e0bd 100644 --- a/.github/workflows/npe-x500-m3.yml +++ b/.github/workflows/npe-x500-m3.yml @@ -31,6 +31,13 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/raspberrypi.yml b/.github/workflows/raspberrypi.yml index 283eabd58..dfbeb5975 100644 --- a/.github/workflows/raspberrypi.yml +++ b/.github/workflows/raspberrypi.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi0-2w-64.yml b/.github/workflows/raspberrypi0-2w-64.yml index 439974e0e..65ba7262f 100644 --- a/.github/workflows/raspberrypi0-2w-64.yml +++ b/.github/workflows/raspberrypi0-2w-64.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi2.yml b/.github/workflows/raspberrypi2.yml index 2092a7524..beb92b234 100644 --- a/.github/workflows/raspberrypi2.yml +++ b/.github/workflows/raspberrypi2.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi3-64.yml b/.github/workflows/raspberrypi3-64.yml index 327e0743a..8ad98c3d4 100644 --- a/.github/workflows/raspberrypi3-64.yml +++ b/.github/workflows/raspberrypi3-64.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi3-unipi-neuron.yml b/.github/workflows/raspberrypi3-unipi-neuron.yml index b4a1c8596..154dacf26 100644 --- a/.github/workflows/raspberrypi3-unipi-neuron.yml +++ b/.github/workflows/raspberrypi3-unipi-neuron.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi3.yml b/.github/workflows/raspberrypi3.yml index 98d7f6f10..4a361711c 100644 --- a/.github/workflows/raspberrypi3.yml +++ b/.github/workflows/raspberrypi3.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi4-64.yml b/.github/workflows/raspberrypi4-64.yml index 215383392..43d3967e5 100644 --- a/.github/workflows/raspberrypi4-64.yml +++ b/.github/workflows/raspberrypi4-64.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi4-superhub.yml b/.github/workflows/raspberrypi4-superhub.yml index c074d1800..647a34eb6 100644 --- a/.github/workflows/raspberrypi4-superhub.yml +++ b/.github/workflows/raspberrypi4-superhub.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi4-unipi-neuron.yml b/.github/workflows/raspberrypi4-unipi-neuron.yml index 943707724..fa875c7a1 100644 --- a/.github/workflows/raspberrypi4-unipi-neuron.yml +++ b/.github/workflows/raspberrypi4-unipi-neuron.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi400-64.yml b/.github/workflows/raspberrypi400-64.yml index 2cac7607b..cef37abf9 100644 --- a/.github/workflows/raspberrypi400-64.yml +++ b/.github/workflows/raspberrypi400-64.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypi5.yml b/.github/workflows/raspberrypi5.yml index 21e21eb64..11f95a9a0 100644 --- a/.github/workflows/raspberrypi5.yml +++ b/.github/workflows/raspberrypi5.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/raspberrypicm4-ioboard.yml b/.github/workflows/raspberrypicm4-ioboard.yml index d04b13a52..fdd9d2d65 100644 --- a/.github/workflows/raspberrypicm4-ioboard.yml +++ b/.github/workflows/raspberrypicm4-ioboard.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/revpi-connect-4.yml b/.github/workflows/revpi-connect-4.yml index 2fb5fa3c6..c7a5d481c 100644 --- a/.github/workflows/revpi-connect-4.yml +++ b/.github/workflows/revpi-connect-4.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/revpi-connect-s.yml b/.github/workflows/revpi-connect-s.yml index 340164c75..2f6fed667 100644 --- a/.github/workflows/revpi-connect-s.yml +++ b/.github/workflows/revpi-connect-s.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/revpi-connect.yml b/.github/workflows/revpi-connect.yml index 77a8bf44a..1509871a9 100644 --- a/.github/workflows/revpi-connect.yml +++ b/.github/workflows/revpi-connect.yml @@ -31,6 +31,12 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read jobs: yocto: diff --git a/.github/workflows/revpi-core-3.yml b/.github/workflows/revpi-core-3.yml index b62e38f4b..f6f994951 100644 --- a/.github/workflows/revpi-core-3.yml +++ b/.github/workflows/revpi-core-3.yml @@ -31,6 +31,13 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/rt-rpi-300.yml b/.github/workflows/rt-rpi-300.yml index 5fd9d931b..64e9e8ad8 100644 --- a/.github/workflows/rt-rpi-300.yml +++ b/.github/workflows/rt-rpi-300.yml @@ -31,6 +31,13 @@ on: type: string default: balena-staging.com +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto From b5ed489c903a66ca4493ae89cde1a67b6cbde552 Mon Sep 17 00:00:00 2001 From: Ryan Cooke Date: Fri, 29 Nov 2024 16:53:32 +0000 Subject: [PATCH 2/8] Pin yocto-scripts workflow to master --- .github/workflows/npe-x500-m3.yml | 2 +- .github/workflows/raspberrypi.yml | 2 +- .github/workflows/raspberrypi0-2w-64.yml | 2 +- .github/workflows/raspberrypi2.yml | 2 +- .github/workflows/raspberrypi3-64.yml | 2 +- .github/workflows/raspberrypi3-unipi-neuron.yml | 2 +- .github/workflows/raspberrypi3.yml | 2 +- .github/workflows/raspberrypi4-64.yml | 2 +- .github/workflows/raspberrypi4-superhub.yml | 2 +- .github/workflows/raspberrypi4-unipi-neuron.yml | 2 +- .github/workflows/raspberrypi400-64.yml | 2 +- .github/workflows/raspberrypi5.yml | 2 +- .github/workflows/raspberrypicm4-ioboard.yml | 2 +- .github/workflows/revpi-connect-4.yml | 2 +- .github/workflows/revpi-connect-s.yml | 2 +- .github/workflows/revpi-connect.yml | 2 +- .github/workflows/revpi-core-3.yml | 2 +- .github/workflows/rt-rpi-300.yml | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/npe-x500-m3.yml b/.github/workflows/npe-x500-m3.yml index 1b771e0bd..86d4e364e 100644 --- a/.github/workflows/npe-x500-m3.yml +++ b/.github/workflows/npe-x500-m3.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi.yml b/.github/workflows/raspberrypi.yml index dfbeb5975..9a6d44cdd 100644 --- a/.github/workflows/raspberrypi.yml +++ b/.github/workflows/raspberrypi.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi0-2w-64.yml b/.github/workflows/raspberrypi0-2w-64.yml index 65ba7262f..329bca050 100644 --- a/.github/workflows/raspberrypi0-2w-64.yml +++ b/.github/workflows/raspberrypi0-2w-64.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi2.yml b/.github/workflows/raspberrypi2.yml index beb92b234..b773a63ca 100644 --- a/.github/workflows/raspberrypi2.yml +++ b/.github/workflows/raspberrypi2.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi3-64.yml b/.github/workflows/raspberrypi3-64.yml index 8ad98c3d4..4550a1a9f 100644 --- a/.github/workflows/raspberrypi3-64.yml +++ b/.github/workflows/raspberrypi3-64.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi3-unipi-neuron.yml b/.github/workflows/raspberrypi3-unipi-neuron.yml index 154dacf26..cea47341b 100644 --- a/.github/workflows/raspberrypi3-unipi-neuron.yml +++ b/.github/workflows/raspberrypi3-unipi-neuron.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi3.yml b/.github/workflows/raspberrypi3.yml index 4a361711c..484aff220 100644 --- a/.github/workflows/raspberrypi3.yml +++ b/.github/workflows/raspberrypi3.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi4-64.yml b/.github/workflows/raspberrypi4-64.yml index 43d3967e5..d1de8c3f0 100644 --- a/.github/workflows/raspberrypi4-64.yml +++ b/.github/workflows/raspberrypi4-64.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi4-superhub.yml b/.github/workflows/raspberrypi4-superhub.yml index 647a34eb6..cd96eee5c 100644 --- a/.github/workflows/raspberrypi4-superhub.yml +++ b/.github/workflows/raspberrypi4-superhub.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi4-unipi-neuron.yml b/.github/workflows/raspberrypi4-unipi-neuron.yml index fa875c7a1..1a84ddaa5 100644 --- a/.github/workflows/raspberrypi4-unipi-neuron.yml +++ b/.github/workflows/raspberrypi4-unipi-neuron.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi400-64.yml b/.github/workflows/raspberrypi400-64.yml index cef37abf9..ef9dec11a 100644 --- a/.github/workflows/raspberrypi400-64.yml +++ b/.github/workflows/raspberrypi400-64.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi5.yml b/.github/workflows/raspberrypi5.yml index 11f95a9a0..38fed5f80 100644 --- a/.github/workflows/raspberrypi5.yml +++ b/.github/workflows/raspberrypi5.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypicm4-ioboard.yml b/.github/workflows/raspberrypicm4-ioboard.yml index fdd9d2d65..8217b9b2e 100644 --- a/.github/workflows/raspberrypicm4-ioboard.yml +++ b/.github/workflows/raspberrypicm4-ioboard.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/revpi-connect-4.yml b/.github/workflows/revpi-connect-4.yml index c7a5d481c..8e7ae4229 100644 --- a/.github/workflows/revpi-connect-4.yml +++ b/.github/workflows/revpi-connect-4.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/revpi-connect-s.yml b/.github/workflows/revpi-connect-s.yml index 2f6fed667..99f7c78bb 100644 --- a/.github/workflows/revpi-connect-s.yml +++ b/.github/workflows/revpi-connect-s.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/revpi-connect.yml b/.github/workflows/revpi-connect.yml index 1509871a9..fed44891e 100644 --- a/.github/workflows/revpi-connect.yml +++ b/.github/workflows/revpi-connect.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/revpi-core-3.yml b/.github/workflows/revpi-core-3.yml index f6f994951..5e417ebe6 100644 --- a/.github/workflows/revpi-core-3.yml +++ b/.github/workflows/revpi-core-3.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/rt-rpi-300.yml b/.github/workflows/rt-rpi-300.yml index 64e9e8ad8..d7fbfc486 100644 --- a/.github/workflows/rt-rpi-300.yml +++ b/.github/workflows/rt-rpi-300.yml @@ -41,7 +41,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 # v1.27.8 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while From fe8889f88764fc6f2f1092ac7db04562b9b04658 Mon Sep 17 00:00:00 2001 From: Ryan Cooke Date: Fri, 29 Nov 2024 16:55:18 +0000 Subject: [PATCH 3/8] re-enable PRT triggers --- .github/workflows/npe-x500-m3.yml | 8 ++++---- .github/workflows/raspberrypi.yml | 8 ++++---- .github/workflows/raspberrypi0-2w-64.yml | 8 ++++---- .github/workflows/raspberrypi2.yml | 8 ++++---- .github/workflows/raspberrypi3-64.yml | 8 ++++---- .github/workflows/raspberrypi3-unipi-neuron.yml | 8 ++++---- .github/workflows/raspberrypi3.yml | 8 ++++---- .github/workflows/raspberrypi4-64.yml | 8 ++++---- .github/workflows/raspberrypi4-superhub.yml | 8 ++++---- .github/workflows/raspberrypi4-unipi-neuron.yml | 8 ++++---- .github/workflows/raspberrypi400-64.yml | 8 ++++---- .github/workflows/raspberrypi5.yml | 8 ++++---- .github/workflows/raspberrypicm4-ioboard.yml | 8 ++++---- .github/workflows/revpi-connect-4.yml | 8 ++++---- .github/workflows/revpi-connect-s.yml | 8 ++++---- .github/workflows/revpi-connect.yml | 8 ++++---- .github/workflows/revpi-core-3.yml | 8 ++++---- .github/workflows/rt-rpi-300.yml | 8 ++++---- 18 files changed, 72 insertions(+), 72 deletions(-) diff --git a/.github/workflows/npe-x500-m3.yml b/.github/workflows/npe-x500-m3.yml index 86d4e364e..3d17eaae1 100644 --- a/.github/workflows/npe-x500-m3.yml +++ b/.github/workflows/npe-x500-m3.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi.yml b/.github/workflows/raspberrypi.yml index 9a6d44cdd..0591869b7 100644 --- a/.github/workflows/raspberrypi.yml +++ b/.github/workflows/raspberrypi.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi0-2w-64.yml b/.github/workflows/raspberrypi0-2w-64.yml index 329bca050..7bca6a52e 100644 --- a/.github/workflows/raspberrypi0-2w-64.yml +++ b/.github/workflows/raspberrypi0-2w-64.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi2.yml b/.github/workflows/raspberrypi2.yml index b773a63ca..a0f3932e9 100644 --- a/.github/workflows/raspberrypi2.yml +++ b/.github/workflows/raspberrypi2.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi3-64.yml b/.github/workflows/raspberrypi3-64.yml index 4550a1a9f..d827123cf 100644 --- a/.github/workflows/raspberrypi3-64.yml +++ b/.github/workflows/raspberrypi3-64.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi3-unipi-neuron.yml b/.github/workflows/raspberrypi3-unipi-neuron.yml index cea47341b..48a764bda 100644 --- a/.github/workflows/raspberrypi3-unipi-neuron.yml +++ b/.github/workflows/raspberrypi3-unipi-neuron.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi3.yml b/.github/workflows/raspberrypi3.yml index 484aff220..821210175 100644 --- a/.github/workflows/raspberrypi3.yml +++ b/.github/workflows/raspberrypi3.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi4-64.yml b/.github/workflows/raspberrypi4-64.yml index d1de8c3f0..2fbc96def 100644 --- a/.github/workflows/raspberrypi4-64.yml +++ b/.github/workflows/raspberrypi4-64.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi4-superhub.yml b/.github/workflows/raspberrypi4-superhub.yml index cd96eee5c..4662987bc 100644 --- a/.github/workflows/raspberrypi4-superhub.yml +++ b/.github/workflows/raspberrypi4-superhub.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi4-unipi-neuron.yml b/.github/workflows/raspberrypi4-unipi-neuron.yml index 1a84ddaa5..0cd7efd2a 100644 --- a/.github/workflows/raspberrypi4-unipi-neuron.yml +++ b/.github/workflows/raspberrypi4-unipi-neuron.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi400-64.yml b/.github/workflows/raspberrypi400-64.yml index ef9dec11a..7a6843d3d 100644 --- a/.github/workflows/raspberrypi400-64.yml +++ b/.github/workflows/raspberrypi400-64.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypi5.yml b/.github/workflows/raspberrypi5.yml index 38fed5f80..3b9ec53e4 100644 --- a/.github/workflows/raspberrypi5.yml +++ b/.github/workflows/raspberrypi5.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/raspberrypicm4-ioboard.yml b/.github/workflows/raspberrypicm4-ioboard.yml index 8217b9b2e..d959b1edc 100644 --- a/.github/workflows/raspberrypicm4-ioboard.yml +++ b/.github/workflows/raspberrypicm4-ioboard.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/revpi-connect-4.yml b/.github/workflows/revpi-connect-4.yml index 8e7ae4229..22b507399 100644 --- a/.github/workflows/revpi-connect-4.yml +++ b/.github/workflows/revpi-connect-4.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/revpi-connect-s.yml b/.github/workflows/revpi-connect-s.yml index 99f7c78bb..54176eddc 100644 --- a/.github/workflows/revpi-connect-s.yml +++ b/.github/workflows/revpi-connect-s.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/revpi-connect.yml b/.github/workflows/revpi-connect.yml index fed44891e..e771511eb 100644 --- a/.github/workflows/revpi-connect.yml +++ b/.github/workflows/revpi-connect.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/revpi-core-3.yml b/.github/workflows/revpi-core-3.yml index 5e417ebe6..8f5ce3e59 100644 --- a/.github/workflows/revpi-core-3.yml +++ b/.github/workflows/revpi-core-3.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) diff --git a/.github/workflows/rt-rpi-300.yml b/.github/workflows/rt-rpi-300.yml index d7fbfc486..7855993f3 100644 --- a/.github/workflows/rt-rpi-300.yml +++ b/.github/workflows/rt-rpi-300.yml @@ -9,10 +9,10 @@ on: - master # ESR branches glob pattern - 20[0-9][0-9].[0-1]?[1470].x - # pull_request_target: - # branches: - # - main - # - master + pull_request_target: + branches: + - main + - master push: tags: # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH) From d904bc8e091d123a883447748c7620adaf447da3 Mon Sep 17 00:00:00 2001 From: "flowzone-app[bot]" <124931076+flowzone-app[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 16:38:30 +0000 Subject: [PATCH 4/8] v6.1.16+rev1 --- .versionbot/CHANGELOG.yml | 14 ++++++++++++++ CHANGELOG.md | 5 +++++ VERSION | 2 +- 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml index b03363f7d..4b5f0baf9 100644 --- a/.versionbot/CHANGELOG.yml +++ b/.versionbot/CHANGELOG.yml @@ -1,3 +1,17 @@ +- commits: + - subject: Explicitly set GITHUB_TOKEN permissions for yocto workflow + hash: 669effc2c00d4ad48c6078c94309c961c42c3881 + body: "" + footer: + Changelog-entry: Explicitly set GITHUB_TOKEN permissions for yocto workflow + changelog-entry: Explicitly set GITHUB_TOKEN permissions for yocto workflow + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: Ryan Cooke + nested: [] + version: 6.1.16+rev1 + title: "" + date: 2024-12-03T16:38:25.878Z - commits: - subject: Update layers/meta-balena to 229a6ad1da498c4ce8aaa17501ddad3e99806f08 hash: 3286e9bf982c741d209fc5b6b4af2fd94f14fbe2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 8585e0ef1..1f0a89e43 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ Change log ----------- +# v6.1.16+rev1 +## (2024-12-03) + +* Explicitly set GITHUB_TOKEN permissions for yocto workflow [Ryan Cooke] + # v6.1.16 ## (2024-11-28) diff --git a/VERSION b/VERSION index e22703e5a..c94ee6821 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.1.16 \ No newline at end of file +6.1.16+rev1 \ No newline at end of file From 87b1f40acf91bcdf179e1d0446eac130f68c9b02 Mon Sep 17 00:00:00 2001 From: "balena-renovate[bot]" <133977723+balena-renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 22:10:29 +0000 Subject: [PATCH 5/8] Update layers/meta-balena digest to e6d699b Update layers/meta-balena Changelog-entry: Update layers/meta-balena to e6d699bfffea71667b9551a93f6ee40f56a8ad79 --- layers/meta-balena | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layers/meta-balena b/layers/meta-balena index 229a6ad1d..e6d699bff 160000 --- a/layers/meta-balena +++ b/layers/meta-balena @@ -1 +1 @@ -Subproject commit 229a6ad1da498c4ce8aaa17501ddad3e99806f08 +Subproject commit e6d699bfffea71667b9551a93f6ee40f56a8ad79 From db97d7c4e0228b11e0ae2d4c84cf5f75d13a97f1 Mon Sep 17 00:00:00 2001 From: "flowzone-app[bot]" <124931076+flowzone-app[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:45:29 +0000 Subject: [PATCH 6/8] v6.1.21 --- .versionbot/CHANGELOG.yml | 216 ++++++++++++++++++++++++++++++++++++++ CHANGELOG.md | 55 ++++++++++ VERSION | 2 +- 3 files changed, 272 insertions(+), 1 deletion(-) diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml index 4b5f0baf9..c96496218 100644 --- a/.versionbot/CHANGELOG.yml +++ b/.versionbot/CHANGELOG.yml @@ -1,3 +1,219 @@ +- commits: + - subject: Update layers/meta-balena to e6d699bfffea71667b9551a93f6ee40f56a8ad79 + hash: 87b1f40acf91bcdf179e1d0446eac130f68c9b02 + body: Update layers/meta-balena + footer: + Changelog-entry: Update layers/meta-balena to e6d699bfffea71667b9551a93f6ee40f56a8ad79 + changelog-entry: Update layers/meta-balena to e6d699bfffea71667b9551a93f6ee40f56a8ad79 + author: balena-renovate[bot] + nested: + - commits: + - subject: Update tests/leviathan digest to 90d1685 + hash: 647ef9196e83407d5220e03d1ce3fe09575c5bc8 + body: Update tests/leviathan + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: + - commits: + - subject: Update core/contracts digest to 474ab2d + hash: 8faa54c6388d41797667a2d2bc51a9b4a8ebad1c + body: | + Update core/contracts + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: leviathan-2.31.66 + title: "" + date: 2024-12-04T18:50:19.476Z + version: meta-balena-6.1.21 + title: "" + date: 2024-12-04T21:36:12.833Z + - commits: + - subject: "kernel-module-build: update to 3.0.1" + hash: 87d1b45fad357cb25eda2bd82c9ea12b3c0645b2 + body: | + This adds a required dependency. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "tests: secureboot: fix passing of kernel headers version" + hash: 4484c59fc924100232cc10303a4636ed0082760a + body: | + Specifying the kernel headers version was not woriking. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "tests: secureboot: add dm devices support in FDE test" + hash: 89518778741013d099048319cba8846530261dee + body: > + Use dmsetup to identify encrypted partitions instead of + filesystem type + + as this will work for both LUKS and DM encrypted partitions. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "tests: secureboot: add imx specialization" + hash: 539bca4652ccef5d2ec8be9a5b669bcd2f073f27 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: meta-balena-6.1.20 + title: "" + date: 2024-12-04T12:38:37.422Z + - commits: + - subject: "balena-image-initramfs: add zram module" + hash: a121381818b49fc669362ab295fb96ce88396dff + body: | + This modules mounts /tmp as a zram device. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "initrdscripts: add zram module" + hash: 3f45fed4444d01f2dff1a2169bb795401ae5f3ea + body: > + This module mounts /tmp as a zram to take advantage of memory + + compression so that migration can work on devices with reduced + memory + + availability. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "resin-init-flasher: search /tmp explicitly" + hash: 7741fcee4b3a3129a23a7d4673dcf9647129f2e2 + body: > + GNU find option -xdev prohibits descending into directories on + other + + filesystems. Add /tmp as an explicit search path to allow for + finding + + the balenaOS image on zram, such as when migrating. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Joseph Kogut + signed-off-by: Joseph Kogut + author: Joseph Kogut + nested: [] + - subject: "kernel-balena: enable CRYPTO_ZSTD for zram" + hash: 7f622ab9a10a8e2cd065b85860826cfb18f02269 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Joseph Kogut + signed-off-by: Joseph Kogut + author: Joseph Kogut + nested: [] + version: meta-balena-6.1.19 + title: "" + date: 2024-12-03T16:30:32.869Z + - commits: + - subject: Explicitly set GITHUB_TOKEN permissions for yocto workflow + hash: 30dc4c7b07ec1c877ee7a8b3feb234942eddac0c + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: Ryan Cooke + nested: [] + version: meta-balena-6.1.18 + title: "" + date: 2024-12-03T13:04:14.122Z + - commits: + - subject: "resin-init-flasher: adapt EFI snippets to non-LUKS devices support" + hash: 014cfbc22b26cb642a9ebd59612208866d22497f + body: > + Adapt the EFI include file to the non-LUKS device support + changes + + introduced in cfa24c60b25699cadd2ca2e6c00232b515c1c6dc. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "balena-config-vars: adapt to flasher non-LUKS device support" + hash: 426fd4aa88f25e6b231d017ca26659e07cd06f13 + body: > + Adapt to the changes to the flasher script to support non-LUKS + devices + + introduced in cfa24c60b25699cadd2ca2e6c00232b515c1c6dc. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "resin-init-flasher: add default LUKS configuration" + hash: 29df43ae23c12afd821f1e3d4ce3017bd201ca1a + body: > + The LUKS configuration now lives in the flasher configuration + file. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "hostapp-update-hooks: replace the identification of encrypted + partitions" + hash: 910a88eaf84e571bc53ea50ca167d9e703a063d8 + body: | + Adapt the grub update hook to the changes introduced in + https://github.com/balena-os/meta-balena/commit/d50e221988b3eda595bd86f93fd08965d6a09293 + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: meta-balena-6.1.17 + title: "" + date: 2024-12-02T09:47:19.858Z + version: 6.1.21 + title: "" + date: 2024-12-05T16:45:21.181Z - commits: - subject: Explicitly set GITHUB_TOKEN permissions for yocto workflow hash: 669effc2c00d4ad48c6078c94309c961c42c3881 diff --git a/CHANGELOG.md b/CHANGELOG.md index 1f0a89e43..d3144f31e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,61 @@ Change log ----------- +# v6.1.21 +## (2024-12-05) + + +
+ Update layers/meta-balena to e6d699bfffea71667b9551a93f6ee40f56a8ad79 [balena-renovate[bot]] + +> ## meta-balena-6.1.21 +> ### (2024-12-04) +> +> +>
+> Update tests/leviathan digest to 90d1685 [balena-renovate[bot]] +> +>> ### leviathan-2.31.66 +>> #### (2024-12-04) +>> +>> * Update core/contracts digest to 474ab2d [balena-renovate[bot]] +>> +> +>
+> +> +> ## meta-balena-6.1.20 +> ### (2024-12-04) +> +> * kernel-module-build: update to 3.0.1 [Alex Gonzalez] +> * tests: secureboot: fix passing of kernel headers version [Alex Gonzalez] +> * tests: secureboot: add dm devices support in FDE test [Alex Gonzalez] +> * tests: secureboot: add imx specialization [Alex Gonzalez] +> +> ## meta-balena-6.1.19 +> ### (2024-12-03) +> +> * balena-image-initramfs: add zram module [Alex Gonzalez] +> * initrdscripts: add zram module [Alex Gonzalez] +> * resin-init-flasher: search /tmp explicitly [Joseph Kogut] +> * kernel-balena: enable CRYPTO_ZSTD for zram [Joseph Kogut] +> +> ## meta-balena-6.1.18 +> ### (2024-12-03) +> +> * Explicitly set GITHUB_TOKEN permissions for yocto workflow [Ryan Cooke] +> +> ## meta-balena-6.1.17 +> ### (2024-12-02) +> +> * resin-init-flasher: adapt EFI snippets to non-LUKS devices support [Alex Gonzalez] +> * balena-config-vars: adapt to flasher non-LUKS device support [Alex Gonzalez] +> * resin-init-flasher: add default LUKS configuration [Alex Gonzalez] +> * hostapp-update-hooks: replace the identification of encrypted partitions [Alex Gonzalez] +> + +
+ # v6.1.16+rev1 ## (2024-12-03) diff --git a/VERSION b/VERSION index c94ee6821..27a717ab0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.1.16+rev1 \ No newline at end of file +6.1.21 \ No newline at end of file From 85db464d933ce0559b3832cf48551c97994cbc15 Mon Sep 17 00:00:00 2001 From: "balena-renovate[bot]" <133977723+balena-renovate[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 06:11:31 +0000 Subject: [PATCH 7/8] Update balena-yocto-scripts digest to cece7bf Update balena-yocto-scripts Changelog-entry: Update balena-yocto-scripts to cece7bfab266136d81db610c3b22dae221ee7682 --- balena-yocto-scripts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/balena-yocto-scripts b/balena-yocto-scripts index d8d6b50ec..cece7bfab 160000 --- a/balena-yocto-scripts +++ b/balena-yocto-scripts @@ -1 +1 @@ -Subproject commit d8d6b50ec334769cfc000ef8b619cfb35a5a65d5 +Subproject commit cece7bfab266136d81db610c3b22dae221ee7682 From 26728a012e0a8736a0419eec1b97fb550db77a3c Mon Sep 17 00:00:00 2001 From: "flowzone-app[bot]" <124931076+flowzone-app[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 10:33:45 +0000 Subject: [PATCH 8/8] v6.1.21+rev1 --- .versionbot/CHANGELOG.yml | 169 ++++++++++++++++++++++++++++++++++++++ CHANGELOG.md | 65 +++++++++++++++ VERSION | 2 +- 3 files changed, 235 insertions(+), 1 deletion(-) diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml index c96496218..737a84e19 100644 --- a/.versionbot/CHANGELOG.yml +++ b/.versionbot/CHANGELOG.yml @@ -1,3 +1,172 @@ +- commits: + - subject: Update balena-yocto-scripts to cece7bfab266136d81db610c3b22dae221ee7682 + hash: 85db464d933ce0559b3832cf48551c97994cbc15 + body: Update balena-yocto-scripts + footer: + Changelog-entry: Update balena-yocto-scripts to cece7bfab266136d81db610c3b22dae221ee7682 + changelog-entry: Update balena-yocto-scripts to cece7bfab266136d81db610c3b22dae221ee7682 + author: balena-renovate[bot] + nested: + - commits: + - subject: Update balena-os/leviathan action to v2.31.68 + hash: f4709be40f4e1530cc8ac71eaf7ea0a81babdb1f + body: | + Update balena-os/leviathan from 2.31.67 to 2.31.68 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.27.19 + title: "" + date: 2024-12-07T04:25:48.528Z + - commits: + - subject: Update balena-os/leviathan action to v2.31.67 + hash: d39fb6cb699eeb50699ff4bfd895c90f2483300f + body: | + Update balena-os/leviathan from 2.31.66 to 2.31.67 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.27.18 + title: "" + date: 2024-12-07T02:08:43.340Z + - commits: + - subject: Update balena-os/leviathan action to v2.31.66 + hash: d333c32569b0d33bb0e098d5245b6bcc3ca147af + body: | + Update balena-os/leviathan from 2.31.65 to 2.31.66 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.27.17 + title: "" + date: 2024-12-04T21:45:07.416Z + - commits: + - subject: Set additional github token permissions + hash: 41cd691fdad8edfcb6664cd1a2cc8966da7e3475 + body: > + THis is to allow the workflow to function under an org with + restricitve github token permissions + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: Ryan Cooke + nested: [] + version: balena-yocto-scripts-1.27.16 + title: "" + date: 2024-11-29T19:18:27.347Z + - commits: + - subject: Update balena-os/leviathan action to v2.31.65 + hash: ae9f251d20e4f473318d92e22fa26866d0a7924d + body: | + Update balena-os/leviathan from 2.31.62 to 2.31.65 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.27.15 + title: "" + date: 2024-11-23T22:39:50.484Z + - commits: + - subject: Update balena-os/leviathan action to v2.31.62 + hash: 72364fff1e6bc138bef37a89197bf1db5213c90b + body: | + Update balena-os/leviathan from 2.31.60 to 2.31.62 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.27.14 + title: "" + date: 2024-11-20T18:43:55.552Z + - commits: + - subject: Explicitly set GH_TOKEN permissions + hash: 389d08cfa7af88eb059f1d56fcf6a0db69598bbb + body: "" + footer: + change-type: patch + author: Anton Belodedenko + nested: [] + version: balena-yocto-scripts-1.27.13 + title: "" + date: 2024-11-18T22:20:04.431Z + - commits: + - subject: Update Lock file maintenance + hash: da98468af30dee76cdea3934db771b5f7cf4e6e3 + body: | + Update + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.27.12 + title: "" + date: 2024-11-18T01:34:47.609Z + - commits: + - subject: "github/workflows/yocto-build-deploy.yml: Add hostapp metadata to OS + release" + hash: 0c8631cf2d935b139aff85004bb7c41883c355a6 + body: > + This is needed for supervisor managed OS updates. For example, + the supervisor + + can check this metadata against the equivalent field from + /etc/os-release to + + determine if the device is already running the latest OS + release. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Florin Sarbu + signed-off-by: Florin Sarbu + author: Florin Sarbu + nested: [] + version: balena-yocto-scripts-1.27.11 + title: "" + date: 2024-11-17T19:41:07.287Z + - commits: + - subject: Set explicit permissions at the job level + hash: 9dc5aacccbd5ffdb154df3a1db172736cca36145 + body: | + This is the more secure approach that defaults + to lowest possible permissions. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.27.10 + title: "" + date: 2024-11-11T19:16:32.044Z + - commits: + - subject: Update Lock file maintenance + hash: 271d9ee084c71d4eb128948b15ea3bf9150a0a39 + body: | + Update + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.27.9 + title: "" + date: 2024-11-11T01:34:43.508Z + version: 6.1.21+rev1 + title: "" + date: 2024-12-07T10:33:38.212Z - commits: - subject: Update layers/meta-balena to e6d699bfffea71667b9551a93f6ee40f56a8ad79 hash: 87b1f40acf91bcdf179e1d0446eac130f68c9b02 diff --git a/CHANGELOG.md b/CHANGELOG.md index d3144f31e..b79b5e82b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,71 @@ Change log ----------- +# v6.1.21+rev1 +## (2024-12-07) + + +
+ Update balena-yocto-scripts to cece7bfab266136d81db610c3b22dae221ee7682 [balena-renovate[bot]] + +> ## balena-yocto-scripts-1.27.19 +> ### (2024-12-07) +> +> * Update balena-os/leviathan action to v2.31.68 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.27.18 +> ### (2024-12-07) +> +> * Update balena-os/leviathan action to v2.31.67 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.27.17 +> ### (2024-12-04) +> +> * Update balena-os/leviathan action to v2.31.66 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.27.16 +> ### (2024-11-29) +> +> * Set additional github token permissions [Ryan Cooke] +> +> ## balena-yocto-scripts-1.27.15 +> ### (2024-11-23) +> +> * Update balena-os/leviathan action to v2.31.65 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.27.14 +> ### (2024-11-20) +> +> * Update balena-os/leviathan action to v2.31.62 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.27.13 +> ### (2024-11-18) +> +> * Explicitly set GH_TOKEN permissions [Anton Belodedenko] +> +> ## balena-yocto-scripts-1.27.12 +> ### (2024-11-18) +> +> * Update Lock file maintenance [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.27.11 +> ### (2024-11-17) +> +> * github/workflows/yocto-build-deploy.yml: Add hostapp metadata to OS release [Florin Sarbu] +> +> ## balena-yocto-scripts-1.27.10 +> ### (2024-11-11) +> +> * Set explicit permissions at the job level [Kyle Harding] +> +> ## balena-yocto-scripts-1.27.9 +> ### (2024-11-11) +> +> * Update Lock file maintenance [balena-renovate[bot]] +> + +
+ # v6.1.21 ## (2024-12-05) diff --git a/VERSION b/VERSION index 27a717ab0..35995d712 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.1.21 \ No newline at end of file +6.1.21+rev1 \ No newline at end of file