public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,054 Commits
190 Branches
71 Tags
55 MiB
Commit Graph

93 Commits (5ba7ad88b19742cec656d26ab7850eb344de7412)

Author SHA1 Message Date
dependabot[bot] d4b5ce2db3 build(deps): bump docker/build-push-action from 2 to 4 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2...v4)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-20 13:43:20 +01:00
Alex efe32ac333
GitHub Workflows security hardening (#5598) 
* build: harden frontend-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden frontend-admin-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
 2023-06-20 13:27:03 +01:00
dependabot[bot] 156348e314 build(deps): bump docker/setup-qemu-action from 1 to 2 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-25 00:09:13 +02:00
webzwo0i c28177388a Drop support for Node v12. 
Add v18 to test matrix
 2022-09-24 22:58:32 +02:00
webzwo0i 21d03c1924 stale workflow: fix syntax 2022-09-24 20:15:55 +02:00
webzwo0i 111ad5c52e fix cypress config 2022-09-24 18:44:15 +02:00
Richard Hansen a059a653ba ci: stale: Don't auto-close issues or PRs 
Users can't reopen them, so auto-closing tends to irritate users.
Also, when developer activity drops, stale is less meaningful.
 2022-07-16 15:08:32 -04:00
Richard Hansen 3018c33efd ci: stale: Use wontfix for close label, not stale 2022-07-16 15:04:40 -04:00
Richard Hansen a95c7b61ea ci: stale: Switch from app to action 
The stale app seems to be unmaintained.
 2022-07-16 15:03:42 -04:00
Richard Hansen 00173cf55d Windows build: Consolidate Windows workflows 2022-05-14 18:25:29 -04:00
Richard Hansen b1d48bb333 Windows build: Extract .zip outside repo clone 2022-05-14 17:50:46 -04:00
Richard Hansen 52dd6a26bc Windows build: Rename the `.exe` for consistency 2022-05-14 17:46:32 -04:00
Richard Hansen 8a2ef69873 Windows build: Move NSIS installer script to this repo 2022-05-14 17:46:32 -04:00
Richard Hansen e71f69ec72 Windows build: Rename zip to `etherpad-win.zip` 2022-05-14 17:45:30 -04:00
dependabot[bot] 0adc027e25 build(deps): bump github/codeql-action from 1 to 2 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-02 21:30:46 -04:00
Naveen 77e036e8d3 chore(deps): Included dependency review 
> Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
 2022-05-02 21:27:57 -04:00
naveen 2929a3c0bd chore: Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-05-02 20:48:01 -04:00
dependabot[bot] 5e99ae772a build(deps): bump actions/upload-artifact from 2 to 3 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-08 21:44:53 -04:00
dependabot[bot] d7c44c5725 build(deps): bump actions/download-artifact from 2 to 3 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-08 21:44:21 -04:00
Grant Slater a11cf67de7 Docker: use buildx to build amd64 and arm64 images 2022-03-20 22:11:09 -04:00
Richard Hansen 5748c76db3 ci: docker: Show Etherpad logs 2022-03-12 00:40:48 -05:00
Richard Hansen 178db7508f ci: docker: Wait for container to be healthy 2022-03-12 00:40:48 -05:00
Richard Hansen a6b969c811 ci: Bump actions/checkout to v3 2022-03-01 17:17:16 -05:00
dependabot[bot] 90d1ae87a7 build(deps): bump actions/setup-node from 2 to 3 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2 to 3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-25 23:51:38 -05:00
Richard Hansen c568bb1baa ci: Skip frontend tests for Dependabot PRs 2022-01-28 01:51:15 -05:00
Richard Hansen 43aa1e4aeb ci: Reformat `.yml` files for readability 2022-01-28 01:39:45 -05:00
dependabot[bot] 84c7da82cf
build(deps): bump saucelabs/sauce-connect-action from 2.0.0 to 2.1.1 
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action) from 2.0.0 to 2.1.1.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases)
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v2.0.0...v2.1.1)

---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-28 04:54:58 +00:00
Richard Hansen 35a182e053 ci: dependabot: Set `versioning-strategy` to `increase` 
This keeps `package.json` in sync with `package-lock.json`.
 2022-01-27 23:54:28 -05:00
Richard Hansen 63a02ec5fa ci: Enable caching 2022-01-27 22:40:38 -05:00
Richard Hansen e80e1c0221 ci: docker: Combine test and build+publish workflows 2022-01-27 22:05:47 -05:00
Richard Hansen a6fcc92d2a ci: docker: Set up Docker Buildx 
This isn't required, but it's recommended everywhere I look.
 2022-01-27 22:05:47 -05:00
Richard Hansen 3a31ebde4b ci: docker: Style improvements 2022-01-27 22:05:47 -05:00
Richard Hansen f334fb8280 ci: lockfile-lint: Whitelist specific sqlite version 2022-01-27 22:05:47 -05:00
Richard Hansen f925b481c6 ci: lockfile-lint: Pass `--no-save` to npm 2022-01-27 22:05:47 -05:00
Felix 578ae17aa8
Add docker & npm ecosystem to dependabot 2022-01-26 19:34:27 -05:00
dependabot[bot] e4944b8bfa Bump saucelabs/sauce-connect-action from 1.1.2 to 2.0.0 
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action) from 1.1.2 to 2.0.0.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases)
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v1.1.2...v2.0.0)

---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-29 22:32:27 -05:00
dependabot[bot] 68933718f6
Bump joncloud/makensis-action from 3.4 to 3.6 
Bumps [joncloud/makensis-action](https://github.com/joncloud/makensis-action) from 3.4 to 3.6.
- [Release notes](https://github.com/joncloud/makensis-action/releases)
- [Commits](https://github.com/joncloud/makensis-action/compare/v3.4...v3.6)

---
updated-dependencies:
- dependency-name: joncloud/makensis-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-30 02:05:07 +00:00
Richard Hansen 40854b0cfd GitHub workflow to build and publish Docker images 2021-11-29 21:02:41 -05:00
Richard Hansen df459c1278 Enable Dependabot for GitHub Actions 2021-11-29 20:35:29 -05:00
Richard Hansen 9cd59a84af
Fix bug_report.md bug template 2021-11-22 17:25:00 -05:00
Peter VandeHaar 9987834b15 Clarify instructions in PULL_REQUEST_TEMPLATE.md 
This change
- removes instructions about commit headers that nobody follows,
- links to useful resources for first-time contributors,
- simplifies some text, and
- hides all text inside <!--  -->.
 2021-10-31 02:40:03 -04:00
John McLear c47134b3ab
Update bug_report.md 2021-10-09 14:44:48 +01:00
webzwo0i d3890bc2c2 admin tests: Increase `maxHttpBufferSize` to fit `settings.json` 2021-09-29 23:48:03 -04:00
Hossein d262e31bbf fix: install all dependencies and symlink 2021-09-28 19:01:19 -04:00
webzwo0i b475296cee stop closing feature requests by stale bot 2021-07-02 14:07:29 -04:00
Richard Hansen 44343e5c5e tests: Replace Node.js v15 with v16 2021-06-14 23:17:17 +02:00
Richard Hansen ef1ba21104 deps: Drop support for Node.js < 12.13.0 2021-06-14 23:17:17 +02:00
Richard Hansen c2ac5e6145 tests: Fix missing commit in "Upgrade from latest release" workflow 2021-04-20 13:20:33 -04:00
Richard Hansen 96208e8239 tests: Rename workflow to "Upgrade from latest release" 2021-04-20 13:20:04 -04:00
John McLear 536db7553f
tests: CI of updating from master > this commit. (#4912) 
* tests: CI of updating from master > this commit.

In response to cypress eslint I thought I'd put some CI testing for if a PR might break automated upgrading.

Matrix usage is probably overkill.

* Update major-version-git-pull-update.yml

* Name...

* include a front end test

* fix pathing

* Clarity on what's happening

* Update .github/workflows/major-version-git-pull-update.yml

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* Update .github/workflows/major-version-git-pull-update.yml

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* Update .github/workflows/major-version-git-pull-update.yml

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-03-05 06:38:50 +00:00