dependabot[bot]
7a9db6efd7
build(deps): bump peter-evans/create-pull-request from 4 to 5
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-11 07:54:22 +10:00
zowoq
ab69305066
.github/workflows/update-terraform-providers.yml: various
...
- removed outdated permissions comment
- add failed updates step
- add failed updates and ofborg rebuild to PR body
2023-03-25 12:41:02 +10:00
dependabot[bot]
32abfcc923
build(deps): bump cachix/install-nix-action from 19 to 20
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 19 to 20.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](https://github.com/cachix/install-nix-action/compare/v19...v20 )
---
updated-dependencies:
- dependency-name: cachix/install-nix-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 22:30:02 +10:00
pennae
2daba98981
workflows: check maintainers sortedness on pull_request_target
...
`pull_request` workflows need approval to run, `pull_request_target`
does not. this one isn't particularly vulnerable and doesn't take long
to run, so we may as well run it without approval.
2023-03-19 22:45:33 +01:00
pennae
4a694fc500
maintainers: add script and workflows to check sortedness
...
the script can output a list of sed commands to create the order it
expects to find. this was mainly useful for initially sorting the list,
but we'll keep it here for later reference.
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2023-03-15 11:07:54 +01:00
Martin Weinelt
b5f0fdc371
workflows/backport: Copy security label in backport PRs
...
Since v1.2.0 the backport action supports copying labels from the source
to the backport PR. This is useful for copying the security label from
the original PR to the backport PR, so relevant security updates don't
get lost.
2023-03-06 09:14:20 +00:00
Naïm Favier
568c84c7db
.github: build nixpkgs manual on lib
changes
...
The nixpkgs manual includes documentation for `lib` functions.
2023-03-04 13:23:38 +01:00
zowoq
9df748f599
Revert "workflows: pin install-nix-action to use nix 2.13.3"
...
This reverts commit 3563c178ca
.
fixed in cachix/install-nix-action@v20
2023-03-01 16:17:36 +10:00
zowoq
6a174c65c2
.github/workflows: update cachix/install-nix-action to v20
2023-03-01 16:16:57 +10:00
pennae
3563c178ca
workflows: pin install-nix-action to use nix 2.13.3
...
same reasoning as #218858 , only now for an action we depend on and can't
fix quite as easily. cachix-action also uses nix-env and will thus not
work correctly, so pin the nix version used to the last known good one.
2023-03-01 07:08:14 +10:00
Weijia Wang
31ce09b377
Merge pull request #218858 from cole-h/fixup-editorconfig-action
...
Fixup editorconfig action with Nix 2.14.0
2023-02-28 22:23:59 +02:00
Cole Helbling
19a122e092
ci: editorconfig: use nix-shell instead of nix-env
2023-02-28 11:36:32 -08:00
dependabot[bot]
43760d9cc4
build(deps): bump korthout/backport-action from 1.1.0 to 1.2.0
...
Bumps [korthout/backport-action](https://github.com/korthout/backport-action ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/korthout/backport-action/releases )
- [Commits](https://github.com/korthout/backport-action/compare/v1.1.0...v1.2.0 )
---
updated-dependencies:
- dependency-name: korthout/backport-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-28 18:08:44 +10:00
dependabot[bot]
f1787f39a5
build(deps): bump cachix/install-nix-action from 18 to 19
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 18 to 19.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](https://github.com/cachix/install-nix-action/compare/v18...v19 )
---
updated-dependencies:
- dependency-name: cachix/install-nix-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 08:10:43 +10:00
pennae
d041641b1a
nixos/manual: remove md-to-db
...
with manual chapters no longer needing pandoc for their conversion to
xml we can get rid of this source of confusion, and its huge cache of
xml files.
2023-02-10 06:40:15 +01:00
dependabot[bot]
08fdf29658
build(deps): bump korthout/backport-action from 1.0.1 to 1.1.0
...
Bumps [korthout/backport-action](https://github.com/korthout/backport-action ) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/korthout/backport-action/releases )
- [Commits](https://github.com/korthout/backport-action/compare/v1.0.1...v1.1.0 )
---
updated-dependencies:
- dependency-name: korthout/backport-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-24 06:38:25 +10:00
zowoq
3a1f02b46b
.github/workflows/labels.yml: fix typo
...
mistake in d1570428a2
2023-01-21 11:30:55 +10:00
zowoq
d1570428a2
.github/workflows/labels.yml: allow PRs to skip labels
2023-01-21 09:33:59 +10:00
zowoq
552af48e79
.github/workflows/editorconfig.yml: change to skip treewide
2023-01-21 09:33:59 +10:00
dependabot[bot]
656548c44a
build(deps): bump korthout/backport-action from 1.0.0 to 1.0.1
...
Bumps [korthout/backport-action](https://github.com/korthout/backport-action ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/korthout/backport-action/releases )
- [Commits](https://github.com/korthout/backport-action/compare/v1.0.0...v1.0.1 )
---
updated-dependencies:
- dependency-name: korthout/backport-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-10 06:45:05 +10:00
dependabot[bot]
8877cc2874
build(deps): bump zeebe-io/backport-action from 0.0.9 to 1.0.0
...
Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action ) from 0.0.9 to 1.0.0.
- [Release notes](https://github.com/zeebe-io/backport-action/releases )
- [Commits](https://github.com/zeebe-io/backport-action/compare/v0.0.9...v1.0.0 )
---
updated-dependencies:
- dependency-name: zeebe-io/backport-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-03 07:31:48 +10:00
zowoq
9fde2b66f8
terraform-providers: add github token to update-providers
2023-01-02 13:48:28 +10:00
Martin Weinelt
4e6337bdce
workflows/periodic-merge: Remove 22.05 jobs
2023-01-01 14:55:34 +01:00
Martin Weinelt
4b36b3cd43
workflows/backport-action 0.0.8 -> 0.0.9
...
https://github.com/zeebe-io/backport-action/releases/tag/v0.0.9
2022-11-23 12:20:28 +01:00
Martin Weinelt
18c8904c11
workflows: add 24 hour periodic merges for 22.11
2022-11-21 00:08:44 +01:00
dependabot[bot]
a02320d951
build(deps): bump cachix/cachix-action from 11 to 12
...
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action ) from 11 to 12.
- [Release notes](https://github.com/cachix/cachix-action/releases )
- [Commits](https://github.com/cachix/cachix-action/compare/v11...v12 )
---
updated-dependencies:
- dependency-name: cachix/cachix-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-28 17:36:59 +10:00
zowoq
298378f8c3
.github/workflows: replace deprecated set-output
...
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
2022-10-16 07:41:12 +10:00
Naïm Favier
9b480c2739
.github/workflows: use ofborg-eval context for pending status
...
Instead of adding a pending status with context `Wait for ofborg`, make
the context `ofborg-eval` and the description "Wait for OfBorg...". That
way, the status will be reused by OfBorg when it starts evaluation and
we don't need to clear it any more.
2022-10-15 09:09:24 +10:00
zowoq
c9ac816a70
.github/workflows/update-terraform-providers.yml: add link to run log
...
also move git clean to separate step
2022-10-14 15:51:46 +10:00
dependabot[bot]
d2e6195f5b
build(deps): bump cachix/install-nix-action from 17 to 18
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 17 to 18.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](https://github.com/cachix/install-nix-action/compare/v17...v18 )
2022-10-13 09:15:41 +10:00
dependabot[bot]
ff3f76ad39
build(deps): bump cachix/cachix-action from 10 to 11
...
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action ) from 10 to 11.
- [Release notes](https://github.com/cachix/cachix-action/releases )
- [Commits](https://github.com/cachix/cachix-action/compare/v10...v11 )
2022-10-13 09:13:55 +10:00
zowoq
41173fb24d
.github/workflows/update-terraform-providers.yml: set max-workers to 2
...
also add git clean so logs aren't committed
2022-10-08 06:00:07 +10:00
zowoq
98390bef9e
.github/workflows/update-terraform-providers.yml: bypass interactive prompt
2022-10-07 19:38:55 +10:00
zowoq
a8d8d9fee5
.github/workflows/update-terraform-providers.yml: re-enable
...
- run daily with updateScript, will create a commit for each provider update
- drop wip label and failure comment
2022-10-04 13:01:16 +10:00
Domen Kožar
55b3eabbb4
Merge pull request #192981 from winterqt/update-backport-action
...
backport-action: 0.0.5 -> 0.0.8
2022-09-26 14:13:00 +02:00
Winter
6f3ce7a620
backport-action: 0.0.5 -> 0.0.8
2022-09-25 22:11:54 -04:00
zowoq
d3270d6b32
.github/workflows/update-terraform-providers.yml: add nixpkgs-unstable for nix-shell
...
nix_path was removed from the update scripts in 3e63fa279f
2022-09-21 14:43:03 +10:00
zowoq
5fabd2ba5a
.github/workflows/update-terraform-providers.yml: disable scheduled update
...
try nixpkgs-update with passthru.updateScript
2022-09-15 06:00:33 +10:00
zowoq
bbe49339b8
.github/workflows: fix permissions
...
the merge actions comment on pull requests, seems this was broken by 2c71278a23
also:
- fix permissions on new manual rendering action
- drop unnecessary issues permission from the terraform action
2022-09-12 15:34:35 +10:00
pennae
fc6f0ea188
workflows: fix manual-rendering.yml
...
the check command didn't set NIX_PATH, so compare-manuals.sh (which is a nix-shell script) failed.
2022-09-11 13:14:44 +10:00
pennae
c45deeb2aa
workflows: add check for docbook/md manual equality
...
we want to make sure that rendering the manual from markdown without
going through docbook produces (semantically) the same output as with
going through docbook. to ensure this we'll build the manual twice, run
each manual through html-tidy to generate a normalized form and diff
the normalized forms. we don't want to compare raw output because that
exposes us to a lot of whitespace we'd have to reproduce exactly in the
MD render.
this check may be relaxed even further in the future, but hopefully not
by much.
2022-09-10 18:23:13 +02:00
pennae
ec75c8efff
workflows: check that nixos manual does not use docbook option docs
...
the nixos manual should not use docbook for module option documentation,
only markdown, to make future transition to a markdown-only world easier
and less painful. this check will ensure that all options
documentation (even plain text that would not be interpreted specially
by neither markdown nor docbook) is declared as being markdown.
2022-09-10 18:23:13 +02:00
zowoq
25b464c8b3
terraform-full: remove ( #184649 )
...
* terraform-full: remove
* .github/workflows/update-terraform-providers.yml: switch to terraform.full
2022-08-02 19:45:05 +02:00
Winter
3707cc5a0d
Revert "backport-action: 0.0.5 -> 0.0.8"
2022-07-24 23:30:11 -04:00
Winter
fee30801b2
backport-action: 0.0.5 -> 0.0.8
2022-07-24 13:20:39 -04:00
github-actions[bot]
33be3debd5
terraform-providers: update 2022-07-10
2022-07-10 16:20:44 +10:00
Varun Sharma
2c71278a23
ci: Add GitHub token permissions for workflows
...
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2022-07-08 10:53:38 -07:00
Robert Hensing
3a27c40463
workflows/nixos-manual: Add command to run to error message
2022-07-06 07:32:17 +02:00
Janne Heß
8befefd1a7
workflows: Remove 21.11 merges
...
Channel is EOL
2022-07-04 20:04:17 +02:00
nathannaveen
5deff9583c
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
2022-07-04 01:09:50 +00:00