Matthias Mair
9dc4fc1f8f
[CI] Add zimor to check github action security ( #8639 )
...
* Add zimor to checks
* fix format
* use same version of checkout everywhere
* do only persist credentials if needed
* remove duplicate clones
* fix pin syntax
* fix pins
* fix template injection
* another injection fix
* Revert "remove duplicate clones"
This reverts commit 9a00ae2bbb1ef5c6ab5610dd4efc313ec285f12f.
* Add GH token for further rules
2024-12-17 10:12:51 +11:00
dependabot[bot]
1e4e3e65cc
Bump the dependencies group with 5 updates ( #8673 )
...
Bumps the dependencies group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.7.1` | `3.8.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.17.8` | `0.17.9` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) | `2.0.1` | `2.1.0` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.27.6` | `3.27.9` |
| [crowdin/github-action](https://github.com/crowdin/github-action ) | `2.4.0` | `2.5.0` |
Updates `docker/setup-buildx-action` from 3.7.1 to 3.8.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](c47758b77c...6524bf65afhttps://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](55dc4ee224...df80a981bchttps://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](c4fbc64884...7668571508https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](aa57810251...df409f7d92https://github.com/crowdin/github-action/releases )
- [Commits](a9ffb7d5ac...8dfaf9c206
2024-12-17 08:01:54 +11:00
dependabot[bot]
32f32e954b
Bump the dependencies group with 3 updates ( #8643 )
...
Bumps the dependencies group with 3 updates: [codecov/codecov-action](https://github.com/codecov/codecov-action ), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `codecov/codecov-action` from 5.0.7 to 5.1.1
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](015f24e681...7f8b4b4bdehttps://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](ef244123eb...c4fbc64884https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f09c1c0a94...aa57810251
2024-12-10 13:08:45 +11:00
dependabot[bot]
0fa7ed2742
Bump the dependencies group with 5 updates ( #8556 )
...
Bumps the dependencies group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [docker/metadata-action](https://github.com/docker/metadata-action ) | `5.5.1` | `5.6.1` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `5.0.2` | `5.0.7` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.17.7` | `0.17.8` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.27.4` | `3.27.5` |
| [crowdin/github-action](https://github.com/crowdin/github-action ) | `2.3.0` | `2.4.0` |
Updates `docker/metadata-action` from 5.5.1 to 5.6.1
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](8e5442c4ef...369eb591f4https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](5c47607acb...015f24e681https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](fc46e51fd3...55dc4ee224https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ea9e4e3799...f09c1c0a94https://github.com/crowdin/github-action/releases )
- [Commits](2d540f18b0...a9ffb7d5ac
2024-11-26 07:34:51 +11:00
dependabot[bot]
ff81cb61f2
Bump the dependencies group with 3 updates ( #8463 )
...
Bumps the dependencies group with 3 updates: [anchore/sbom-action](https://github.com/anchore/sbom-action ), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `anchore/sbom-action` from 0.17.6 to 0.17.7
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](251a468eed...fc46e51fd3https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](1c608d11d6...ef244123ebhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](662472033e...4f3212b617
2024-11-12 09:47:29 +11:00
dependabot[bot]
5464bc5a8a
Bump the dependencies group across 1 directory with 5 updates ( #8426 )
...
Bumps the dependencies group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `4.2.1` | `4.2.2` |
| [actions/setup-python](https://github.com/actions/setup-python ) | `5.2.0` | `5.3.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.17.4` | `0.17.6` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.26.13` | `3.27.0` |
| [crowdin/github-action](https://github.com/crowdin/github-action ) | `2.2.0` | `2.3.0` |
Updates `actions/checkout` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](eef61447b9...11bd71901bhttps://github.com/actions/setup-python/releases )
- [Commits](f677139bbe...0b93645e9fhttps://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](8d0a6505bf...251a468eedhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f779452ac5...662472033ehttps://github.com/crowdin/github-action/releases )
- [Commits](95d6e895e8...2d540f18b0
2024-11-11 06:18:32 +11:00
dependabot[bot]
66c37d7aeb
Bump anchore/sbom-action from 0.17.3 to 0.17.4 in the dependencies group ( #8325 )
...
Bumps the dependencies group with 1 update: [anchore/sbom-action](https://github.com/anchore/sbom-action ).
Updates `anchore/sbom-action` from 0.17.3 to 0.17.4
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f5e124a5e5...8d0a6505bf
2024-10-23 09:06:06 +11:00
dependabot[bot]
fb9c117e37
Bump the dependencies group with 3 updates ( #8280 )
...
Bumps the dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ), [anchore/sbom-action](https://github.com/anchore/sbom-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/upload-artifact` from 4.4.1 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](604373da63...b4b15b8c7chttps://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](61119d458a...f5e124a5e5https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c36620d31a...f779452ac5
2024-10-15 17:29:11 +11:00
dependabot[bot]
44d9484715
Bump the dependencies group with 6 updates ( #8253 )
...
Bumps the dependencies group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `4.2.0` | `4.2.1` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.6.1` | `3.7.1` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.6.0` | `3.7.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.4.0` | `4.4.1` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `4.5.0` | `4.6.0` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.26.10` | `3.26.12` |
Updates `actions/checkout` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](d632683dd7...eef61447b9https://github.com/docker/setup-buildx-action/releases )
- [Commits](988b5a0280...c47758b77chttps://github.com/sigstore/cosign-installer/releases )
- [Commits](4959ce089c...dc72c7d5c4https://github.com/actions/upload-artifact/releases )
- [Commits](50769540e7...604373da63https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](e28ff129e5...b9fd7d16f6https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e2b3eafc8d...c36620d31a
2024-10-08 07:38:23 +11:00
Matthias Mair
cbe4569416
Bump the dependencies group across 1 directory with 5 updates ( #8215 )
...
Bumps the dependencies group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [sqren/backport-github-action](https://github.com/sqren/backport-github-action ) | `8.9.3` | `9.5.1` |
| [actions/checkout](https://github.com/actions/checkout ) | `4.1.7` | `4.2.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action ) | `6.7.0` | `6.8.0` |
| [oasdiff/oasdiff-action](https://github.com/oasdiff/oasdiff-action ) | `a2ff6682b27d175162a74c09ace8771bd3d512f8` | `1c611ffb1253a72924624aa4fb662e302b3565d3` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.26.8` | `3.26.9` |
Updates `sqren/backport-github-action` from 8.9.3 to 9.5.1
- [Release notes](https://github.com/sqren/backport-github-action/releases )
- [Commits](f54e19901f...ad888e9780https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7https://github.com/docker/build-push-action/releases )
- [Commits](5cd11c3a4c...32945a3392https://github.com/oasdiff/oasdiff-action/releases )
- [Commits](a2ff6682b2...1c611ffb12https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](294a9d9291...461ef6c76d
2024-09-30 21:12:36 +10:00
dependabot[bot]
3d00f2db3e
Bump the dependencies group with 2 updates ( #8099 )
...
Bumps the dependencies group with 2 updates: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) and [crowdin/github-action](https://github.com/crowdin/github-action ).
Updates `actions/attest-build-provenance` from 1.4.2 to 1.4.3
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](6149ea5740...1c608d11d6https://github.com/crowdin/github-action/releases )
- [Commits](6ed209d411...cf0ccf9a71
2024-09-10 10:16:56 +10:00
Matthias Mair
820a3522da
fix action pin ( #8006 )
2024-08-27 10:34:55 +10:00
Matthias Mair
dcc351be11
Add provenance to releases and publish SBOMs ( #7784 )
...
* Add more names
* split build and publish
* add attestation and SBOM
* format file
* Add toplevel permissions
* fix missing path
* move provenance down
* fix release workflow
* simplify steps
2024-08-02 10:54:19 +10:00
Matthias Mair
105dd7152e
Optimize PUI package delivery for package installs ( #7655 )
...
* Package frontend in deb
* Add artifact download
* remove 0.8.0 check
* remove array casting
* fix format once more
* another try
* add brackets again
* add version
* and bash
* and shell
* more debuging
* various style fixes
* small fixes
* and ls for prosperity
* debug
* maybe git as source?
* fix download cmd?
* debug a bit
* debug a bit more
* remove sha download - is not working with GHA restrictions
* write version number
* check if a new frontend must be dowloaded
* write versions into frontend packages
* Matmair/issue7338 (#205 )
* Package frontend in deb
* Add artifact download
* remove 0.8.0 check
* remove array casting
* fix format once more
* another try
* add brackets again
* add version
* and bash
* and shell
* more debuging
* various style fixes
* small fixes
* and ls for prosperity
* debug
* maybe git as source?
* fix download cmd?
* debug a bit
* debug a bit more
* remove sha download - is not working with GHA restrictions
* write version number
* check if a new frontend must be dowloaded
* write versions into frontend packages
* change ref dir for tests
* add better build logging
* extend task to get ref from package
* fix downloading syntax
* fix name ref
* make more robust
* more logging
* move import
* turn down unzipping noise
* strip content (spaces, newlines)
* add info what happens now
* fix quite flag
* adjust publisher
2024-07-18 15:35:09 +10:00
Gigahawk
545ab9205b
fix: add .vite folder in frontend releases ( fixes #7476 ) ( #7480 )
2024-06-20 20:04:28 +10:00
dependabot[bot]
2c50620acc
Bump the dependencies group with 4 updates ( #7462 )
...
Bumps the dependencies group with 4 updates: [actions/checkout](https://github.com/actions/checkout ), [docker/build-push-action](https://github.com/docker/build-push-action ), [codecov/codecov-action](https://github.com/codecov/codecov-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9https://github.com/docker/build-push-action/releases )
- [Commits](ca052bb54a...c382f710d3https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](125fc84a9a...e28ff129e5https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...23acc5c183
2024-06-18 23:42:05 +10:00
Matthias Mair
bdebf878c3
Fixes for installer ( #7344 )
...
* - move reqs file to contrib
- detect previously used python version
- safe extra requirements to INSTALLER_EXTRA
* add missing fi
* move site setting
2024-05-27 17:49:05 +10:00
dependabot[bot]
1c6e81eae5
--- ( #7276 )
...
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-21 15:10:06 +10:00
Oliver
3eae5096e3
Fix permissions for release.yaml ( #7220 )
...
* Fix permissions for release.yaml
- 0.15.0 release currently borked
* Move permissions to individual job targets
2024-05-14 22:04:03 +10:00
dependabot[bot]
770dbb9c35
Bump the dependencies group with 2 updates ( #7169 )
...
Bumps the dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [codecov/codecov-action](https://github.com/codecov/codecov-action ).
Updates `actions/checkout` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](84508663e9...5ecb98a3c6
2024-05-09 07:04:38 +10:00
dependabot[bot]
6837b0e753
Bump the dependencies group across 1 directory with 5 updates ( #7134 )
...
Bumps the dependencies group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `3.1.0` | `4.1.4` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.2.0` | `3.3.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.1` | `4.3.3` |
| [actions/download-artifact](https://github.com/actions/download-artifact ) | `4.1.4` | `4.1.7` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.25.0` | `3.25.3` |
Updates `actions/checkout` from 3.1.0 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.1.0...0ad4b8fadaa221de15dcec353f45205ec38ea70b )
Updates `docker/setup-buildx-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](2b51285047...d70bba72b1https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fdhttps://github.com/actions/download-artifact/releases )
- [Commits](c850b930e6...65a9edc588https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df5a14dc28...d39d31e687
2024-04-30 07:47:18 +10:00
Matthias Mair
938c724395
Pin hashes in requirements ( #7081 )
...
* use global pin for requests
* unify on yaml for workflo files
* format workflow files
* pin action versions
* fix pinned version
* use system venv
* switch args
* remove uv for now and add setting for pyyaml
* use requirements file
* also switch on docker flow
* generate hashes
* added hashes to reqs
* add hashes for CI too
* add hash checking
* require hashes everywhere possible
* require hashes where possible in docker
2024-04-23 17:15:52 +10:00
Matthias Mair
ca03562d25
[CI] Small nitpick changes ( #7016 )
...
* use global pin for requests
* unify on yaml for workflo files
* format workflow files
* pin action versions
* fix pinned version
* use system venv
* switch args
* remove uv for now and add setting for pyyaml
* fix qc args
* bix doc paths
2024-04-21 22:20:13 +10:00
