Alex
efe32ac333
GitHub Workflows security hardening ( #5598 )
...
* build: harden frontend-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
* build: harden frontend-admin-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2023-06-20 13:27:03 +01:00
dependabot[bot]
156348e314
build(deps): bump docker/setup-qemu-action from 1 to 2
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 1 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-25 00:09:13 +02:00
webzwo0i
c28177388a
Drop support for Node v12.
...
Add v18 to test matrix
2022-09-24 22:58:32 +02:00
webzwo0i
21d03c1924
stale workflow: fix syntax
2022-09-24 20:15:55 +02:00
webzwo0i
111ad5c52e
fix cypress config
2022-09-24 18:44:15 +02:00
Richard Hansen
a059a653ba
ci: stale: Don't auto-close issues or PRs
...
Users can't reopen them, so auto-closing tends to irritate users.
Also, when developer activity drops, stale is less meaningful.
2022-07-16 15:08:32 -04:00
Richard Hansen
3018c33efd
ci: stale: Use wontfix for close label, not stale
2022-07-16 15:04:40 -04:00
Richard Hansen
a95c7b61ea
ci: stale: Switch from app to action
...
The stale app seems to be unmaintained.
2022-07-16 15:03:42 -04:00
Richard Hansen
00173cf55d
Windows build: Consolidate Windows workflows
2022-05-14 18:25:29 -04:00
Richard Hansen
b1d48bb333
Windows build: Extract .zip outside repo clone
2022-05-14 17:50:46 -04:00
Richard Hansen
52dd6a26bc
Windows build: Rename the `.exe` for consistency
2022-05-14 17:46:32 -04:00
Richard Hansen
8a2ef69873
Windows build: Move NSIS installer script to this repo
2022-05-14 17:46:32 -04:00
Richard Hansen
e71f69ec72
Windows build: Rename zip to `etherpad-win.zip`
2022-05-14 17:45:30 -04:00
dependabot[bot]
0adc027e25
build(deps): bump github/codeql-action from 1 to 2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-02 21:30:46 -04:00
Naveen
77e036e8d3
chore(deps): Included dependency review
...
> Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
2022-05-02 21:27:57 -04:00
naveen
2929a3c0bd
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-05-02 20:48:01 -04:00
dependabot[bot]
5e99ae772a
build(deps): bump actions/upload-artifact from 2 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-08 21:44:53 -04:00
dependabot[bot]
d7c44c5725
build(deps): bump actions/download-artifact from 2 to 3
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-08 21:44:21 -04:00
Grant Slater
a11cf67de7
Docker: use buildx to build amd64 and arm64 images
2022-03-20 22:11:09 -04:00
Richard Hansen
5748c76db3
ci: docker: Show Etherpad logs
2022-03-12 00:40:48 -05:00
Richard Hansen
178db7508f
ci: docker: Wait for container to be healthy
2022-03-12 00:40:48 -05:00
Richard Hansen
a6b969c811
ci: Bump actions/checkout to v3
2022-03-01 17:17:16 -05:00
dependabot[bot]
90d1ae87a7
build(deps): bump actions/setup-node from 2 to 3
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 2 to 3.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-25 23:51:38 -05:00
Richard Hansen
c568bb1baa
ci: Skip frontend tests for Dependabot PRs
2022-01-28 01:51:15 -05:00
Richard Hansen
43aa1e4aeb
ci: Reformat `.yml` files for readability
2022-01-28 01:39:45 -05:00
dependabot[bot]
84c7da82cf
build(deps): bump saucelabs/sauce-connect-action from 2.0.0 to 2.1.1
...
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action ) from 2.0.0 to 2.1.1.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases )
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v2.0.0...v2.1.1 )
---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-28 04:54:58 +00:00
Richard Hansen
35a182e053
ci: dependabot: Set `versioning-strategy` to `increase`
...
This keeps `package.json` in sync with `package-lock.json`.
2022-01-27 23:54:28 -05:00
Richard Hansen
63a02ec5fa
ci: Enable caching
2022-01-27 22:40:38 -05:00
Richard Hansen
e80e1c0221
ci: docker: Combine test and build+publish workflows
2022-01-27 22:05:47 -05:00
Richard Hansen
a6fcc92d2a
ci: docker: Set up Docker Buildx
...
This isn't required, but it's recommended everywhere I look.
2022-01-27 22:05:47 -05:00
Richard Hansen
3a31ebde4b
ci: docker: Style improvements
2022-01-27 22:05:47 -05:00
Richard Hansen
f334fb8280
ci: lockfile-lint: Whitelist specific sqlite version
2022-01-27 22:05:47 -05:00
Richard Hansen
f925b481c6
ci: lockfile-lint: Pass `--no-save` to npm
2022-01-27 22:05:47 -05:00
Felix
578ae17aa8
Add docker & npm ecosystem to dependabot
2022-01-26 19:34:27 -05:00
dependabot[bot]
e4944b8bfa
Bump saucelabs/sauce-connect-action from 1.1.2 to 2.0.0
...
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action ) from 1.1.2 to 2.0.0.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases )
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v1.1.2...v2.0.0 )
---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-29 22:32:27 -05:00
dependabot[bot]
68933718f6
Bump joncloud/makensis-action from 3.4 to 3.6
...
Bumps [joncloud/makensis-action](https://github.com/joncloud/makensis-action ) from 3.4 to 3.6.
- [Release notes](https://github.com/joncloud/makensis-action/releases )
- [Commits](https://github.com/joncloud/makensis-action/compare/v3.4...v3.6 )
---
updated-dependencies:
- dependency-name: joncloud/makensis-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-30 02:05:07 +00:00
Richard Hansen
40854b0cfd
GitHub workflow to build and publish Docker images
2021-11-29 21:02:41 -05:00
Richard Hansen
df459c1278
Enable Dependabot for GitHub Actions
2021-11-29 20:35:29 -05:00
Richard Hansen
9cd59a84af
Fix bug_report.md bug template
2021-11-22 17:25:00 -05:00
Peter VandeHaar
9987834b15
Clarify instructions in PULL_REQUEST_TEMPLATE.md
...
This change
- removes instructions about commit headers that nobody follows,
- links to useful resources for first-time contributors,
- simplifies some text, and
- hides all text inside <!-- -->.
2021-10-31 02:40:03 -04:00
John McLear
c47134b3ab
Update bug_report.md
2021-10-09 14:44:48 +01:00
webzwo0i
d3890bc2c2
admin tests: Increase `maxHttpBufferSize` to fit `settings.json`
2021-09-29 23:48:03 -04:00
Hossein
d262e31bbf
fix: install all dependencies and symlink
2021-09-28 19:01:19 -04:00
webzwo0i
b475296cee
stop closing feature requests by stale bot
2021-07-02 14:07:29 -04:00
Richard Hansen
44343e5c5e
tests: Replace Node.js v15 with v16
2021-06-14 23:17:17 +02:00
Richard Hansen
ef1ba21104
deps: Drop support for Node.js < 12.13.0
2021-06-14 23:17:17 +02:00
Richard Hansen
c2ac5e6145
tests: Fix missing commit in "Upgrade from latest release" workflow
2021-04-20 13:20:33 -04:00
Richard Hansen
96208e8239
tests: Rename workflow to "Upgrade from latest release"
2021-04-20 13:20:04 -04:00
John McLear
536db7553f
tests: CI of updating from master > this commit. ( #4912 )
...
* tests: CI of updating from master > this commit.
In response to cypress eslint I thought I'd put some CI testing for if a PR might break automated upgrading.
Matrix usage is probably overkill.
* Update major-version-git-pull-update.yml
* Name...
* include a front end test
* fix pathing
* Clarity on what's happening
* Update .github/workflows/major-version-git-pull-update.yml
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
* Update .github/workflows/major-version-git-pull-update.yml
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
* Update .github/workflows/major-version-git-pull-update.yml
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-03-05 06:38:50 +00:00
John McLear
a79f9efdb4
Include props to Sauce Labs for the tests they power. ( #4897 )
...
* Include props to Sauce Labs for the tests they power.
* include message in CI
2021-03-01 14:46:50 +00:00