El RIDO
17f924118e
address warnings and errors in github actions
2024-07-07 14:13:59 +02:00
dependabot[bot]
4d912b082b
Bump dawidd6/action-download-artifact from 5 to 6
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 5 to 6.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](deb3bb8325...bf251b5aa9
)
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-12 11:12:15 +00:00
dependabot[bot]
48b4c6ce5b
Bump dawidd6/action-download-artifact from 3.1.4 to 5
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 3.1.4 to 5.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](09f2f74827...deb3bb8325
)
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-04 11:09:50 +00:00
El RIDO
b32efe0187
disable snyk scan on forks, they won't have the necessary secret
2024-05-30 07:54:19 +02:00
dependabot[bot]
2aeec14a52
Bump dawidd6/action-download-artifact from 3.0.0 to 3.1.4
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 3.0.0 to 3.1.4.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](e7466d1a75...09f2f74827
)
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-13 12:00:22 +00:00
El RIDO
74cc2c3c92
Merge pull request #1326 from PrivateBin/unset-platform-matrix
...
in PHP matrix tests, we don't want to constrain the platform
2024-05-13 06:58:53 +02:00
El RIDO
df377d9652
in PHP matrix tests, we don't want to constrain the platform
...
setting the platform allow composer to prevent upgrades to versions that would exceed the configured version, for the matrix tests we want to use the latest ones for that release
2024-05-09 19:33:50 +02:00
rugk
9df90ece78
Merge branch 'experimental-8.4' into test-improvments
2024-05-05 18:27:08 +02:00
rugk
4ff9dea9cf
ci: try fixing intendation
2024-05-05 15:10:00 +02:00
rugk
6144caae85
ci: fix test results publishing being a totally separate action
2024-05-05 15:01:47 +02:00
rugk
33df5fbd2f
Actually make tests continue on experimental builds
2024-05-04 16:02:31 +02:00
rugk
1d6a14ba14
Switch to better artifact download action
2024-05-04 13:29:58 +02:00
rugk
93f59d6456
Upload and use event file, too, for test runs
...
To support forked repos: https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
**NOTE:** Do _not_ use with `pull_request_target` as that causes issues!
2024-05-04 13:21:57 +02:00
rugk
00fca44986
Fix npm syntax
2024-05-04 13:14:25 +02:00
rugk
f92edf0026
Run mocha tests properly
2024-05-04 13:13:22 +02:00
rugk
91957838be
Add upload test results job
...
As per https://github.com/marketplace/actions/publish-test-results#use-with-matrix-strategy only one job should upload all results.
2024-05-04 13:07:53 +02:00
rugk
04822aa643
Actually make tests continue on experimental builds
2024-05-04 12:40:44 +02:00
rugk
55dec46cf4
Mark PHP v8.4 tests as experimental
...
As per this doc: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#handling-failures
Workaround for https://github.com/PrivateBin/PrivateBin/issues/1301 for now. I hope this ignores failures?
2024-05-04 12:16:37 +02:00
El RIDO
baf8c4a11d
tolerate test failures in the PHP development release
...
at this time, guzzle, dependency of google cloud storage library, raises deprecation warnings in PHP 8.4, which caused the tests to be considered failed
2024-05-04 08:58:20 +02:00
dependabot[bot]
ad19f8cfe6
Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.10.0 to 2.0.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-23 11:43:14 +00:00
dependabot[bot]
383dbf1c79
Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 11:46:25 +00:00
dependabot[bot]
ba25ab8fa9
Bump actions/cache from 3 to 4
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-18 11:21:35 +00:00
dependabot[bot]
03e3e4fa06
Bump github/codeql-action from 2 to 3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-14 11:52:46 +00:00
El RIDO
826444bef7
fix shasum in release pipeline, hope this fixes #1169
2023-12-09 10:50:49 +01:00
El RIDO
8d97569de0
enable testing on PHP 8.3 and 8.4
...
at this time both are still installed out of nightly builds, though 8.3
got released last week, see:
https://github.com/shivammathur/setup-php#tada-php-support
2023-11-26 09:54:28 +01:00
rugk
b9d74ecd35
Use Node20 for tests
...
A try following https://github.com/PrivateBin/PrivateBin/pull/1189#pullrequestreview-1695447526
2023-10-24 19:03:47 +02:00
dependabot[bot]
9114ca00bf
Bump actions/setup-node from 3 to 4
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-24 11:05:40 +00:00
dependabot[bot]
58f919ecdd
Bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-22 11:33:49 +00:00
El RIDO
ad50950b3c
Extract latest changelog entry and attach it to draft
2023-09-18 20:50:14 +02:00
El RIDO
73c13af10d
add workflow attaching SLSA provinence to draft release
2023-09-18 20:47:16 +02:00
rugk
db2d8f1598
Also add FAQ sectiontick box requirement for bug template
...
It's apparently not enough to have in the Q/A, best is we have it here to.
The next step would be converting that into the same form like the QA template. After all, it may mostly just be copy paste as it is nearly identical but well…
2023-09-14 00:02:01 +02:00
rugk
168fb46767
Fix error message about QA template
...
GitHub complains:
> title must be of type String and cannot be empty. Learn more about this error.
Well then… as we don't want to provide a default title (see https://github.com/PrivateBin/PrivateBin/pull/1155 ) let's remove it.
2023-09-13 23:56:35 +02:00
dependabot[bot]
5bd2eb97e6
Bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 11:13:01 +00:00
R4SAS
617b421d8f
Fix comment in bug report issue template
2023-09-03 19:30:32 +03:00
rugk
876a59cedc
Apprently GitHub
...
Apparently GitHub now adds a security policy button by default (this is new, is not it?)?
Also they have a policy report form behind that button. So reports can apparently now be made online at GitHub? (IMHO that is fine, just need to be aware of that)
As such, IMHO two buttons would be confusing, so let's remove our custom one here?
2023-08-28 18:49:27 +02:00
rugk
1470b0cb9c
QA tenplate: remove prefilled title
...
Let's remove that.
1. With label and A&A category we have more than enough options for filtering such requests.
2. Actually, as you can see in https://github.com/orgs/PrivateBin/discussions/1152 , as it is a required field, but already filled out… we want them to write proper titles.
2023-08-24 22:14:15 +02:00
rugk
61457c46c0
doc: link FAQ in option too
...
The doc says MD is supported for that here, too.
2023-08-24 21:35:42 +02:00
rugk
11fd21f8a8
doc: improve wording/grammar
2023-08-24 21:32:42 +02:00
rugk
906c115a97
Make QA template more strict and helpful
...
1. Require to fill out STRs.
2. Add more fields for client stuff, i.e. web browser and OS.
3. Add more placeholders and descriptions to guide users.
4. Adjust the reproducibility thing to be more clear. I.e. before the result was sth. like "Issue reproducibility: Yes" - this could be confused with "Is it always reproducible? Yes", and not "It is reproducible on our test instance."
2023-08-24 21:30:25 +02:00
El RIDO
5047e6c550
Merge pull request #1149 from PrivateBin/delete-shifleft
...
Delete shiftleft-analysis.yml
2023-08-18 06:33:12 +02:00
R4SAS
1c42576575
[GH] update discussion q-a template ( #1143 )
2023-08-17 03:05:39 +03:00
El RIDO
81ae359dfc
Delete shiftleft-analysis.yml
...
Development on this stopped in 2021 and apart from the (false positive) secret scan, dev suggests CodeQL replaces it, feature wise: https://github.com/ShiftLeftSecurity/sast-scan/issues/352
2023-08-17 00:00:30 +02:00
El RIDO
ad35c30d45
Update q-a.yml, one more try
...
body[12]: options must not include booleans. Please wrap values such as 'yes', and 'true' in quotes.
2023-08-16 23:14:07 +02:00
R4SAS
7f28e8cc0c
Update discussion template
...
Try to fix #1143 .
2023-08-16 23:21:46 +03:00
El RIDO
0e582e8934
fix syntax, standardize form attributes
...
radio buttons are not supported, checkboxes would allow selecting
multiple things, so dropdown it is
2023-08-11 20:53:06 +02:00
El RIDO
e89593b4fc
comment fix, kudos @r4sas
2023-08-11 20:51:12 +02:00
rugk
1bb23ef9ca
Remove markdown from issue selector
...
Was worth a try, but apparently markdown is not supported there.
2023-08-09 23:11:35 +02:00
rugk
991ec6ca22
Fix potential syntax error in YAML
...
Likely that online VSCode did a stupid line wrapping here, let's see whether that works.
2023-08-09 18:19:33 +02:00
El RIDO
e83f51b547
Merge pull request #1138 from PrivateBin/dependabot/github_actions/github/codeql-action-2
...
Bump github/codeql-action from 1 to 2
2023-08-08 20:19:02 +02:00
dependabot[bot]
cbff1c8488
Bump github/codeql-action from 1 to 2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-08 11:13:15 +00:00