diff --git a/.github/workflows/build-publish-images.yml b/.github/workflows/build-publish-images.yml index 45dd8aec..6dc24447 100644 --- a/.github/workflows/build-publish-images.yml +++ b/.github/workflows/build-publish-images.yml @@ -490,7 +490,12 @@ jobs: timeout-minutes: 180 steps: - name: Fix workspace permissions - run: sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" 2>/dev/null || true + run: | + sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" || { + echo "::warning::sudo chown failed - attempting cleanup" + rm -rf "${GITHUB_WORKSPACE:?}"/* 2>/dev/null || true + rm -rf "${GITHUB_WORKSPACE:?}"/.[!.]* 2>/dev/null || true + } - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -518,7 +523,12 @@ jobs: timeout-minutes: 180 steps: - name: Fix workspace permissions - run: sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" 2>/dev/null || true + run: | + sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" || { + echo "::warning::sudo chown failed - attempting cleanup" + rm -rf "${GITHUB_WORKSPACE:?}"/* 2>/dev/null || true + rm -rf "${GITHUB_WORKSPACE:?}"/.[!.]* 2>/dev/null || true + } - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -546,7 +556,12 @@ jobs: timeout-minutes: 180 steps: - name: Fix workspace permissions - run: sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" 2>/dev/null || true + run: | + sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" || { + echo "::warning::sudo chown failed - attempting cleanup" + rm -rf "${GITHUB_WORKSPACE:?}"/* 2>/dev/null || true + rm -rf "${GITHUB_WORKSPACE:?}"/.[!.]* 2>/dev/null || true + } - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -574,7 +589,12 @@ jobs: timeout-minutes: 180 steps: - name: Fix workspace permissions - run: sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" 2>/dev/null || true + run: | + sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" || { + echo "::warning::sudo chown failed - attempting cleanup" + rm -rf "${GITHUB_WORKSPACE:?}"/* 2>/dev/null || true + rm -rf "${GITHUB_WORKSPACE:?}"/.[!.]* 2>/dev/null || true + } - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -602,7 +622,12 @@ jobs: timeout-minutes: 180 steps: - name: Fix workspace permissions - run: sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" 2>/dev/null || true + run: | + sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" || { + echo "::warning::sudo chown failed - attempting cleanup" + rm -rf "${GITHUB_WORKSPACE:?}"/* 2>/dev/null || true + rm -rf "${GITHUB_WORKSPACE:?}"/.[!.]* 2>/dev/null || true + } - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -638,7 +663,12 @@ jobs: timeout-minutes: 180 steps: - name: Fix workspace permissions - run: sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" 2>/dev/null || true + run: | + sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" || { + echo "::warning::sudo chown failed - attempting cleanup" + rm -rf "${GITHUB_WORKSPACE:?}"/* 2>/dev/null || true + rm -rf "${GITHUB_WORKSPACE:?}"/.[!.]* 2>/dev/null || true + } - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -683,7 +713,12 @@ jobs: timeout-minutes: 180 steps: - name: Fix workspace permissions - run: sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" 2>/dev/null || true + run: | + sudo chown -R "$(whoami)" "$GITHUB_WORKSPACE" || { + echo "::warning::sudo chown failed - attempting cleanup" + rm -rf "${GITHUB_WORKSPACE:?}"/* 2>/dev/null || true + rm -rf "${GITHUB_WORKSPACE:?}"/.[!.]* 2>/dev/null || true + } - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml index aa8a24b3..fc848af0 100644 --- a/.github/workflows/security-audit.yml +++ b/.github/workflows/security-audit.yml @@ -60,7 +60,11 @@ jobs: if [ $RESULT -ne 0 ]; then echo "### Vulnerabilities found" >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY - cat audit-output.txt >> $GITHUB_STEP_SUMMARY + # Truncate output to avoid GITHUB_STEP_SUMMARY 1MB limit + head -500 audit-output.txt >> $GITHUB_STEP_SUMMARY + if [ "$(wc -l < audit-output.txt)" -gt 500 ]; then + echo "... (truncated, see full output in job logs)" >> $GITHUB_STEP_SUMMARY + fi echo '```' >> $GITHUB_STEP_SUMMARY exit $RESULT else diff --git a/.github/workflows/tests-misc.yml b/.github/workflows/tests-misc.yml index 88062cc9..af8829e7 100644 --- a/.github/workflows/tests-misc.yml +++ b/.github/workflows/tests-misc.yml @@ -427,6 +427,18 @@ jobs: continue-on-error: true steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Free disk space + run: | + echo "Disk space before cleanup:" + df -h / + # Remove large pre-installed tools to free disk space + sudo rm -rf /Library/Developer/CommandLineTools/SDKs 2>/dev/null || true + sudo rm -rf /Users/runner/Library/Android 2>/dev/null || true + sudo rm -rf /usr/local/share/powershell 2>/dev/null || true + sudo rm -rf /usr/local/lib/node_modules 2>/dev/null || true + brew cleanup --prune=all 2>/dev/null || true + echo "Disk space after cleanup:" + df -h / - name: Set rust version from env file run: | RUST_VERSION=$(cat .github/env | sed -E 's/.*ci-unified:([^-]+)-([^-]+).*/\2/')