mirror of
https://github.com/actions/cache.git
synced 2026-06-14 17:04:10 +08:00
Compare commits
2 Commits
dependabot
...
45aedc9961
| Author | SHA1 | Date | |
|---|---|---|---|
|
45aedc9961 | ||
|
|
d722552897 |
2
.github/workflows/codeql.yml
vendored
2
.github/workflows/codeql.yml
vendored
@@ -16,7 +16,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v5
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
|
||||
2
.github/workflows/licensed.yml
vendored
2
.github/workflows/licensed.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
steps:
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: Install dependencies
|
||||
run: npm ci --ignore-scripts
|
||||
|
||||
@@ -14,7 +14,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checking out
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v5
|
||||
- name: Publish
|
||||
id: publish
|
||||
uses: actions/publish-immutable-action@0.0.3
|
||||
|
||||
156
.github/workflows/workflow.yml
vendored
156
.github/workflows/workflow.yml
vendored
@@ -23,7 +23,7 @@ jobs:
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v5
|
||||
- name: Setup Node.js 24.x
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
@@ -46,7 +46,7 @@ jobs:
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v5
|
||||
- name: Generate files in working directory
|
||||
shell: bash
|
||||
run: __tests__/create-cache-files.sh ${{ runner.os }} test-cache
|
||||
@@ -70,7 +70,7 @@ jobs:
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v5
|
||||
- name: Restore cache
|
||||
uses: ./
|
||||
with:
|
||||
@@ -90,88 +90,17 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: ubuntu:latest
|
||||
options: --cap-add=NET_ADMIN
|
||||
options: --dns 127.0.0.1
|
||||
services:
|
||||
squid-proxy:
|
||||
image: ubuntu/squid:latest
|
||||
ports:
|
||||
- 3128:3128
|
||||
env:
|
||||
http_proxy: http://squid-proxy:3128
|
||||
https_proxy: http://squid-proxy:3128
|
||||
steps:
|
||||
- name: Wait for proxy to be ready
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Waiting for squid proxy to be ready..."
|
||||
echo "Resolving squid-proxy hostname:"
|
||||
getent hosts squid-proxy || echo "DNS resolution failed"
|
||||
for i in $(seq 1 30); do
|
||||
if (echo > /dev/tcp/squid-proxy/3128) 2>/dev/null; then
|
||||
echo "Proxy is ready!"
|
||||
exit 0
|
||||
fi
|
||||
echo "Attempt $i: Proxy not ready, waiting..."
|
||||
sleep 2
|
||||
done
|
||||
echo "Proxy failed to become ready"
|
||||
exit 1
|
||||
env:
|
||||
http_proxy: ""
|
||||
https_proxy: ""
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install -y iptables curl
|
||||
- name: Verify proxy is working
|
||||
run: |
|
||||
echo "Testing proxy connectivity..."
|
||||
curl -s -o /dev/null -w "%{http_code}" --proxy http://squid-proxy:3128 http://github.com || true
|
||||
echo "Proxy verification complete"
|
||||
- name: Block direct traffic (enforce proxy usage)
|
||||
run: |
|
||||
# Get the squid-proxy container IP
|
||||
PROXY_IP=$(getent hosts squid-proxy | awk '{ print $1 }')
|
||||
echo "Proxy IP: $PROXY_IP"
|
||||
|
||||
# Allow loopback traffic
|
||||
iptables -A OUTPUT -o lo -j ACCEPT
|
||||
|
||||
# Allow traffic to the proxy container
|
||||
iptables -A OUTPUT -d $PROXY_IP -j ACCEPT
|
||||
|
||||
# Allow established connections
|
||||
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
|
||||
# Allow DNS (needed for initial resolution)
|
||||
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
|
||||
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
|
||||
|
||||
# Block all other outbound traffic (HTTP/HTTPS)
|
||||
iptables -A OUTPUT -p tcp --dport 80 -j REJECT
|
||||
iptables -A OUTPUT -p tcp --dport 443 -j REJECT
|
||||
|
||||
# Log the iptables rules for debugging
|
||||
iptables -L -v -n
|
||||
- name: Verify direct HTTPS is blocked
|
||||
run: |
|
||||
echo "Testing that direct HTTPS requests fail..."
|
||||
if curl --noproxy '*' -s --connect-timeout 5 https://github.com > /dev/null 2>&1; then
|
||||
echo "ERROR: Direct HTTPS request succeeded - blocking is not working!"
|
||||
exit 1
|
||||
else
|
||||
echo "SUCCESS: Direct HTTPS request was blocked as expected"
|
||||
fi
|
||||
|
||||
echo "Testing that HTTPS through proxy succeeds..."
|
||||
if curl --proxy http://squid-proxy:3128 -s --connect-timeout 10 https://github.com > /dev/null 2>&1; then
|
||||
echo "SUCCESS: HTTPS request through proxy succeeded"
|
||||
else
|
||||
echo "ERROR: HTTPS request through proxy failed!"
|
||||
exit 1
|
||||
fi
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v5
|
||||
- name: Generate files
|
||||
run: __tests__/create-cache-files.sh proxy test-cache
|
||||
- name: Save cache
|
||||
@@ -185,88 +114,17 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: ubuntu:latest
|
||||
options: --cap-add=NET_ADMIN
|
||||
options: --dns 127.0.0.1
|
||||
services:
|
||||
squid-proxy:
|
||||
image: ubuntu/squid:latest
|
||||
ports:
|
||||
- 3128:3128
|
||||
env:
|
||||
http_proxy: http://squid-proxy:3128
|
||||
https_proxy: http://squid-proxy:3128
|
||||
steps:
|
||||
- name: Wait for proxy to be ready
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Waiting for squid proxy to be ready..."
|
||||
echo "Resolving squid-proxy hostname:"
|
||||
getent hosts squid-proxy || echo "DNS resolution failed"
|
||||
for i in $(seq 1 30); do
|
||||
if (echo > /dev/tcp/squid-proxy/3128) 2>/dev/null; then
|
||||
echo "Proxy is ready!"
|
||||
exit 0
|
||||
fi
|
||||
echo "Attempt $i: Proxy not ready, waiting..."
|
||||
sleep 2
|
||||
done
|
||||
echo "Proxy failed to become ready"
|
||||
exit 1
|
||||
env:
|
||||
http_proxy: ""
|
||||
https_proxy: ""
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install -y iptables curl
|
||||
- name: Verify proxy is working
|
||||
run: |
|
||||
echo "Testing proxy connectivity..."
|
||||
curl -s -o /dev/null -w "%{http_code}" --proxy http://squid-proxy:3128 http://github.com || true
|
||||
echo "Proxy verification complete"
|
||||
- name: Block direct traffic (enforce proxy usage)
|
||||
run: |
|
||||
# Get the squid-proxy container IP
|
||||
PROXY_IP=$(getent hosts squid-proxy | awk '{ print $1 }')
|
||||
echo "Proxy IP: $PROXY_IP"
|
||||
|
||||
# Allow loopback traffic
|
||||
iptables -A OUTPUT -o lo -j ACCEPT
|
||||
|
||||
# Allow traffic to the proxy container
|
||||
iptables -A OUTPUT -d $PROXY_IP -j ACCEPT
|
||||
|
||||
# Allow established connections
|
||||
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
|
||||
# Allow DNS (needed for initial resolution)
|
||||
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
|
||||
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
|
||||
|
||||
# Block all other outbound traffic (HTTP/HTTPS)
|
||||
iptables -A OUTPUT -p tcp --dport 80 -j REJECT
|
||||
iptables -A OUTPUT -p tcp --dport 443 -j REJECT
|
||||
|
||||
# Log the iptables rules for debugging
|
||||
iptables -L -v -n
|
||||
- name: Verify direct HTTPS is blocked
|
||||
run: |
|
||||
echo "Testing that direct HTTPS requests fail..."
|
||||
if curl --noproxy '*' -s --connect-timeout 5 https://github.com > /dev/null 2>&1; then
|
||||
echo "ERROR: Direct HTTPS request succeeded - blocking is not working!"
|
||||
exit 1
|
||||
else
|
||||
echo "SUCCESS: Direct HTTPS request was blocked as expected"
|
||||
fi
|
||||
|
||||
echo "Testing that HTTPS through proxy succeeds..."
|
||||
if curl --proxy http://squid-proxy:3128 -s --connect-timeout 10 https://github.com > /dev/null 2>&1; then
|
||||
echo "SUCCESS: HTTPS request through proxy succeeded"
|
||||
else
|
||||
echo "ERROR: HTTPS request through proxy failed!"
|
||||
exit 1
|
||||
fi
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v5
|
||||
- name: Restore cache
|
||||
uses: ./
|
||||
with:
|
||||
|
||||
@@ -165,6 +165,10 @@ steps:
|
||||
run: /publish.sh
|
||||
```
|
||||
|
||||
> [!IMPORTANT]
|
||||
>
|
||||
> The `path` must match on both the centralized job and the target job, otherwise there will be no cache-hit whatsoever. Also take notes of the [restrictions for accessing caches across workflows](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache).
|
||||
|
||||
### Failing/Exiting the workflow if cache with exact key is not found
|
||||
|
||||
You can use the output of this action to exit the workflow on cache miss. This way you can restrict your workflow to only initiate the build when `cache-hit` occurs, in other words, cache with exact key is found.
|
||||
|
||||
@@ -49,7 +49,7 @@
|
||||
with:
|
||||
path: |
|
||||
~/.bun/install/cache
|
||||
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
|
||||
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
|
||||
```
|
||||
|
||||
### Windows
|
||||
@@ -59,7 +59,7 @@
|
||||
with:
|
||||
path: |
|
||||
~\.bun
|
||||
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
|
||||
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
|
||||
```
|
||||
|
||||
## C# - NuGet
|
||||
|
||||
Reference in New Issue
Block a user