Skip to content

release: Merge latest prod-staging changes to prod-stable#4

Open
unikraft-bot wants to merge 13 commits intoprod-stablefrom
prod-staging
Open

release: Merge latest prod-staging changes to prod-stable#4
unikraft-bot wants to merge 13 commits intoprod-stablefrom
prod-staging

Conversation

@unikraft-bot
Copy link

@unikraft-bot unikraft-bot commented Nov 17, 2025

Automated changes by create-pull-request GitHub action

nderjung and others added 9 commits September 26, 2025 17:50
@nderjung
docs: Add initial LICENSE.md with BSD-3-Clause
ed03ac7 
Signed-off-by: Alexander Jung <alex@unikraft.com>
@nderjung
build: Add top-level Makefile
6e61542 
Running `make generate` will perform the generation.

Signed-off-by: Alexander Jung <alex@unikraft.com>
@nderjung
build: Add openapi-python-client config
a2a8194 
Signed-off-by: Alexander Jung <alex@unikraft.com>
@nderjung
feat(templates): Add in custom templates
7035ebe 
Signed-off-by: Alexander Jung <alex@unikraft.com>
@nderjung
chore: Run initial generation
69f6eb2 
Signed-off-by: Alexander Jung <alex@unikraft.com>
@nurof3n
fix(templates): Remove unsupported parameter from additional_properti…
acc1bf5 
…es.get_type_string()

Signed-off-by: Alex-Andrei Cioc <andrei.cioc@unikraft.io>
@nderjung
fix(templates): Remove unsupported parameter from additional_properti…
54b26f8 
…es.get_type_string() (#1)

Reviewed-by: Alexander Jung <alex@unikraft.com>
Approved-by: Alexander Jung <alex@unikraft.com>
@nurof3n
feat: Add initial github workflows
c15427d 
This commit adds the conventional workflows used in our auto-generated
SDKs:
- actionlint
- check-pr
- release-stable
- sync

Signed-off-by: Alex-Andrei Cioc <andrei.cioc@unikraft.io>
@nderjung
feat: Add initial github workflows (#3)
3252912 
Reviewed-by: Alexander Jung <alex@unikraft.com>
Approved-by: Alexander Jung <alex@unikraft.com>
@github-advanced-security
Copy link

github-advanced-security bot commented Nov 17, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 17, 2025
View reviewed changes
.github/workflows/actionlint.yaml
Comment on lines +16 to +26
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Install action linter
run: |
mkdir -p "$HOME"/.local/bin
curl -sL https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash | bash -s -- latest "$HOME"/.local/bin

- name: Check that all workflows are valid
run: actionlint -verbose

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 4 months ago

The best way to fix this problem is to add an explicit permissions block that restricts the privileges granted to the GITHUB_TOKEN used within this workflow. Since the workflow only runs actionlint (a linter) on workflows and does not require write access to contents, issues, or pull requests, we should add permissions: contents: read at the job level (actionlint under jobs). This gives minimal necessary access, helping to enforce POLP.

To implement, add the following keys under the actionlint job (e.g., just above runs-on:). No new methods, definitions, or imports are needed; just YAML key insertion. There is no indication in the shown snippet that any additional permissions are required, so only contents: read should be specified.

Suggested changeset 1
.github/workflows/actionlint.yaml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml
--- a/.github/workflows/actionlint.yaml
+++ b/.github/workflows/actionlint.yaml
@@ -13,6 +13,8 @@
 
 jobs:
   actionlint:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
EOF
@@ -13,6 +13,8 @@

jobs:
actionlint:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
Copilot is powered by AI and may make mistakes. Always verify output.
nurof3n and others added 4 commits November 17, 2025 12:23
@nurof3n
fix(actions): Add uv to sync workflow
70593e4 
Signed-off-by: Alex-Andrei Cioc <andrei.cioc@unikraft.io>
@nderjung
fix(actions): Add uv to sync workflow (#5)
8bec958 
Reviewed-by: Alexander Jung <alex@unikraft.com>
Approved-by: Alexander Jung <alex@unikraft.com>
@nurof3n
fix(actions): Remove make fmt from sync workflow
98a478b 
Signed-off-by: Alex-Andrei Cioc <andrei.cioc@unikraft.io>
@nderjung
fix(actions): Remove make fmt from sync workflow (#6)
ca4553a 
Reviewed-by: Alexander Jung <alex@unikraft.com>
Approved-by: Alexander Jung <alex@unikraft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@unikraft-bot @nderjung @nurof3n