2
0
mirror of https://github.com/inventree/InvenTree.git synced 2025-10-24 01:47:39 +00:00
Commit Graph

4 Commits

Author SHA1 Message Date
Matthias Mair
9dc4fc1f8f [CI] Add zimor to check github action security (#8639)
* Add zimor to checks

* fix format

* use same version of checkout everywhere

* do only persist credentials if needed

* remove duplicate clones

* fix pin syntax

* fix pins

* fix template injection

* another injection fix

* Revert "remove duplicate clones"

This reverts commit 9a00ae2bbb.

* Add GH token for further rules
2024-12-17 10:12:51 +11:00
Matthias Mair
938c724395 Pin hashes in requirements (#7081)
* use global pin for requests

* unify on yaml for workflo files

* format workflow files

* pin action versions

* fix pinned version

* use system venv

* switch args

* remove uv for now and add setting for pyyaml

* use requirements file

* also switch on docker flow

* generate hashes

* added hashes to reqs

* add hashes for CI too

* add hash checking

* require hashes everywhere possible

* require hashes where possible in docker
2024-04-23 17:15:52 +10:00
Matthias Mair
8308f36923 bump action versions (#5776) 2023-10-25 09:18:53 +11:00
Oliver
8a095f00cf Disable cosign step in docker workflow (#4145)
- Is not working, just throws errors
- Also disable dependency workflow (is not working)
2023-01-04 11:21:25 +11:00