Commit Graph

99 Commits (d6c0badfd43e4dd535d3a2fea12963784ee488ab)

Author SHA1 Message Date
dependabot[bot] ed8b8f0893 build(deps): bump saucelabs/sauce-connect-action from 2.1.1 to 2.3.4
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action) from 2.1.1 to 2.3.4.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases)
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v2.1.1...v2.3.4)

---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 13:11:20 +01:00
dependabot[bot] 5c376ea17a build(deps): bump joncloud/makensis-action from 3.6 to 3.7
Bumps [joncloud/makensis-action](https://github.com/joncloud/makensis-action) from 3.6 to 3.7.
- [Release notes](https://github.com/joncloud/makensis-action/releases)
- [Commits](https://github.com/joncloud/makensis-action/compare/v3.6...v3.7)

---
updated-dependencies:
- dependency-name: joncloud/makensis-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 13:11:06 +01:00
dependabot[bot] 0dea4cb1c8 build(deps): bump docker/setup-buildx-action from 1 to 2
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 14:11:58 +01:00
dependabot[bot] 0f557909ba build(deps): bump docker/metadata-action from 3 to 4
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3 to 4.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 13:48:05 +01:00
dependabot[bot] 3879763656 build(deps): bump docker/login-action from 1 to 2
Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 13:46:10 +01:00
dependabot[bot] c175d1ea36 build(deps): bump actions/stale from 5 to 7
Bumps [actions/stale](https://github.com/actions/stale) from 5 to 7.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v5...v7)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 13:44:15 +01:00
dependabot[bot] d4b5ce2db3 build(deps): bump docker/build-push-action from 2 to 4
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2...v4)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 13:43:20 +01:00
Alex efe32ac333
GitHub Workflows security hardening (#5598)
* build: harden frontend-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden frontend-admin-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2023-06-20 13:27:03 +01:00
dependabot[bot] 156348e314 build(deps): bump docker/setup-qemu-action from 1 to 2
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-25 00:09:13 +02:00
webzwo0i c28177388a Drop support for Node v12.
Add v18 to test matrix
2022-09-24 22:58:32 +02:00
webzwo0i 21d03c1924 stale workflow: fix syntax 2022-09-24 20:15:55 +02:00
webzwo0i 111ad5c52e fix cypress config 2022-09-24 18:44:15 +02:00
Richard Hansen a059a653ba ci: stale: Don't auto-close issues or PRs
Users can't reopen them, so auto-closing tends to irritate users.
Also, when developer activity drops, stale is less meaningful.
2022-07-16 15:08:32 -04:00
Richard Hansen 3018c33efd ci: stale: Use wontfix for close label, not stale 2022-07-16 15:04:40 -04:00
Richard Hansen a95c7b61ea ci: stale: Switch from app to action
The stale app seems to be unmaintained.
2022-07-16 15:03:42 -04:00
Richard Hansen 00173cf55d Windows build: Consolidate Windows workflows 2022-05-14 18:25:29 -04:00
Richard Hansen b1d48bb333 Windows build: Extract .zip outside repo clone 2022-05-14 17:50:46 -04:00
Richard Hansen 52dd6a26bc Windows build: Rename the `.exe` for consistency 2022-05-14 17:46:32 -04:00
Richard Hansen 8a2ef69873 Windows build: Move NSIS installer script to this repo 2022-05-14 17:46:32 -04:00
Richard Hansen e71f69ec72 Windows build: Rename zip to `etherpad-win.zip` 2022-05-14 17:45:30 -04:00
dependabot[bot] 0adc027e25 build(deps): bump github/codeql-action from 1 to 2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-02 21:30:46 -04:00
Naveen 77e036e8d3 chore(deps): Included dependency review
> Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
2022-05-02 21:27:57 -04:00
naveen 2929a3c0bd chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-05-02 20:48:01 -04:00
dependabot[bot] 5e99ae772a build(deps): bump actions/upload-artifact from 2 to 3
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-08 21:44:53 -04:00
dependabot[bot] d7c44c5725 build(deps): bump actions/download-artifact from 2 to 3
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-08 21:44:21 -04:00
Grant Slater a11cf67de7 Docker: use buildx to build amd64 and arm64 images 2022-03-20 22:11:09 -04:00
Richard Hansen 5748c76db3 ci: docker: Show Etherpad logs 2022-03-12 00:40:48 -05:00
Richard Hansen 178db7508f ci: docker: Wait for container to be healthy 2022-03-12 00:40:48 -05:00
Richard Hansen a6b969c811 ci: Bump actions/checkout to v3 2022-03-01 17:17:16 -05:00
dependabot[bot] 90d1ae87a7 build(deps): bump actions/setup-node from 2 to 3
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2 to 3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-25 23:51:38 -05:00
Richard Hansen c568bb1baa ci: Skip frontend tests for Dependabot PRs 2022-01-28 01:51:15 -05:00
Richard Hansen 43aa1e4aeb ci: Reformat `.yml` files for readability 2022-01-28 01:39:45 -05:00
dependabot[bot] 84c7da82cf
build(deps): bump saucelabs/sauce-connect-action from 2.0.0 to 2.1.1
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action) from 2.0.0 to 2.1.1.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases)
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v2.0.0...v2.1.1)

---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-28 04:54:58 +00:00
Richard Hansen 35a182e053 ci: dependabot: Set `versioning-strategy` to `increase`
This keeps `package.json` in sync with `package-lock.json`.
2022-01-27 23:54:28 -05:00
Richard Hansen 63a02ec5fa ci: Enable caching 2022-01-27 22:40:38 -05:00
Richard Hansen e80e1c0221 ci: docker: Combine test and build+publish workflows 2022-01-27 22:05:47 -05:00
Richard Hansen a6fcc92d2a ci: docker: Set up Docker Buildx
This isn't required, but it's recommended everywhere I look.
2022-01-27 22:05:47 -05:00
Richard Hansen 3a31ebde4b ci: docker: Style improvements 2022-01-27 22:05:47 -05:00
Richard Hansen f334fb8280 ci: lockfile-lint: Whitelist specific sqlite version 2022-01-27 22:05:47 -05:00
Richard Hansen f925b481c6 ci: lockfile-lint: Pass `--no-save` to npm 2022-01-27 22:05:47 -05:00
Felix 578ae17aa8
Add docker & npm ecosystem to dependabot 2022-01-26 19:34:27 -05:00
dependabot[bot] e4944b8bfa Bump saucelabs/sauce-connect-action from 1.1.2 to 2.0.0
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action) from 1.1.2 to 2.0.0.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases)
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v1.1.2...v2.0.0)

---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-29 22:32:27 -05:00
dependabot[bot] 68933718f6
Bump joncloud/makensis-action from 3.4 to 3.6
Bumps [joncloud/makensis-action](https://github.com/joncloud/makensis-action) from 3.4 to 3.6.
- [Release notes](https://github.com/joncloud/makensis-action/releases)
- [Commits](https://github.com/joncloud/makensis-action/compare/v3.4...v3.6)

---
updated-dependencies:
- dependency-name: joncloud/makensis-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-30 02:05:07 +00:00
Richard Hansen 40854b0cfd GitHub workflow to build and publish Docker images 2021-11-29 21:02:41 -05:00
Richard Hansen df459c1278 Enable Dependabot for GitHub Actions 2021-11-29 20:35:29 -05:00
Richard Hansen 9cd59a84af
Fix bug_report.md bug template 2021-11-22 17:25:00 -05:00
Peter VandeHaar 9987834b15 Clarify instructions in PULL_REQUEST_TEMPLATE.md
This change
- removes instructions about commit headers that nobody follows,
- links to useful resources for first-time contributors,
- simplifies some text, and
- hides all text inside <!--  -->.
2021-10-31 02:40:03 -04:00
John McLear c47134b3ab
Update bug_report.md 2021-10-09 14:44:48 +01:00
webzwo0i d3890bc2c2 admin tests: Increase `maxHttpBufferSize` to fit `settings.json` 2021-09-29 23:48:03 -04:00
Hossein d262e31bbf fix: install all dependencies and symlink 2021-09-28 19:01:19 -04:00