Commit Graph

71 Commits

Author SHA1 Message Date
dependabot[bot]
7441a6dc76 Bump actions/dependency-review-action from 4.7.3 to 4.8.0
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.7.3 to 4.8.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](595b5aeba7...56339e523c)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-01 00:01:54 +00:00
XhmikosR
44da0697fb CI: pin actions
This is considered a better practice security-wise since hashes are immutable.
Dependabot handles updating hashes the same way, so there should be no problem
updating actions.
2025-09-17 07:34:51 +03:00
dependabot[bot]
d888b26ad8 Bump actions/checkout from 4 to 5
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-09-01 00:02:56 +00:00
XhmikosR
8f17aa5b35 CI: remove Python 3.8 and add 3.13
Python 3.8 is EOL
2025-07-03 21:04:06 +03:00
Steven Black
67be1d7f25 Revert commit 4c2c419009
Wrong repo.
2024-09-14 19:45:30 -04:00
Steven Black
4c2c419009 Turn off CI for now, until we figure out cache issues. 2024-09-14 12:38:26 -04:00
Steven Black
8f9fbea8cb Merge pull request #2684 from StevenBlack/dependabot/github_actions/docker/build-push-action-6
Bump docker/build-push-action from 5 to 6
2024-07-04 11:04:01 -04:00
XhmikosR
4fd06daa6d dependabot.yml: move actions before pip 2024-04-03 17:00:59 +03:00
XhmikosR
11f8e20042 Minor whitespace/line endings consistency changes 2024-04-03 17:00:58 +03:00
dependabot[bot]
afd066e8e6 Bump actions/dependency-review-action from 3 to 4
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3 to 4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-01 00:31:45 +00:00
Steven Black
88f178710e Merge pull request #2548 from StevenBlack/dependabot/github_actions/github/codeql-action-3
Bump github/codeql-action from 2 to 3
2024-01-15 20:21:30 -05:00
dependabot[bot]
1bdbdfe097 Bump github/codeql-action from 2 to 3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 01:08:09 +00:00
dependabot[bot]
a225bbddef Bump actions/setup-python from 4 to 5
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 01:07:59 +00:00
XhmikosR
e2d262809e CI: reduce CI matrix
Run the oldest and the latest supported versions on macOS and Windows
2023-12-10 09:18:04 +02:00
XhmikosR
45276ff4bc CI: remove Python 3.7, add Python 3.12 2023-12-10 08:50:50 +02:00
Steven Black
581cc63395 Removing stale bot; thank you for your service. 2023-10-12 09:29:28 -04:00
Sean
b46f32728d Invert logo color for dark theme 2023-10-06 00:57:11 +08:00
Steven Black
c557e2e856 Merge pull request #2470 from StevenBlack/dependabot/github_actions/actions/checkout-4
Bump actions/checkout from 3 to 4
2023-10-01 15:14:43 -04:00
Steven Black
df52f06ff4 Merge pull request #2469 from StevenBlack/dependabot/github_actions/docker/setup-buildx-action-3
Bump docker/setup-buildx-action from 2 to 3
2023-10-01 15:14:17 -04:00
Steven Black
232ec8443f Merge pull request #2468 from StevenBlack/dependabot/github_actions/docker/login-action-3
Bump docker/login-action from 2 to 3
2023-10-01 15:14:06 -04:00
Steven Black
79958bb0e6 Merge pull request #2467 from StevenBlack/dependabot/github_actions/docker/build-push-action-5
Bump docker/build-push-action from 4 to 5
2023-10-01 15:13:47 -04:00
dependabot[bot]
5cca0e924c Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-01 00:32:59 +00:00
dependabot[bot]
d28f94c9dd Bump docker/setup-buildx-action from 2 to 3
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-01 00:32:54 +00:00
dependabot[bot]
0a0ca47ac6 Bump docker/login-action from 2 to 3
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-01 00:32:49 +00:00
dependabot[bot]
51995304ea Bump docker/build-push-action from 4 to 5
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-01 00:32:45 +00:00
dependabot[bot]
257b52c13b Bump docker/metadata-action from 4 to 5
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4 to 5.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-01 00:32:41 +00:00
Steven Black
3dc0b5f962 Merge pull request #2281 from XhmikosR/patch-2 2023-04-08 11:30:03 -04:00
XhmikosR
d3d4124e7e Remove unneeded trailing whitespaces 2023-04-08 14:55:22 +03:00
XhmikosR
82e6358811 CI: limit pushes to master 2023-04-08 14:29:41 +03:00
dependabot[bot]
9c17dc5f71 Bump docker/build-push-action from 3 to 4
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 00:02:43 +00:00
dependabot[bot]
a8d0b8cd76 Bump actions/dependency-review-action from 2 to 3
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2 to 3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 00:01:28 +00:00
XhmikosR
f9a8908b24 CI: add Python 3.11 2022-11-13 08:06:30 +02:00
XhmikosR
5b8e0707fe CI: remove git credentials after checkout 2022-11-13 08:02:41 +02:00
XhmikosR
56e34ab5a6 Update CodeQL workflow 2022-11-13 08:02:31 +02:00
Ruben ten Hove
787401a440 push on tags as well 2022-07-06 13:19:05 -04:00
Ruben ten Hove
dccb1e220f remove 3.6; fix tests 2022-07-06 12:47:38 -04:00
Ruben ten Hove
258b10edc9 refactor: more containerization 2022-07-05 12:39:02 -04:00
Steven Black
1af0c9620c Merge pull request #1993 from StevenBlack/dependabot/github_actions/actions/dependency-review-action-2
Bump actions/dependency-review-action from 1 to 2
2022-07-01 23:12:34 -04:00
dependabot[bot]
a9d214f57d Bump actions/setup-python from 3 to 4
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-01 00:07:39 +00:00
dependabot[bot]
c1232095bf Bump actions/dependency-review-action from 1 to 2
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-01 00:07:34 +00:00
Steven Black
a0e307373d Merge pull request #1980 from turrisxyz/Dependency-GitHub
chore(deps): Included dependency review
2022-06-13 12:11:17 -04:00
naveen
4c18fb82dd chore(deps): Included dependency review
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-13 02:36:28 +00:00
dependabot[bot]
10db0f1783 Bump github/codeql-action from 1 to 2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-01 00:21:59 +00:00
naveensrinivasan
b742118cd1 Set permissions for GitHub actions
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-07 23:00:53 +00:00
XhmikosR
83a58c60a0 Update dependabot.yml 2022-03-12 17:32:00 +02:00
Steven Black
d96a4a98fc Merge pull request #1921 from XhmikosR/dependabot
Add dependabot for pip and action updates
2022-03-12 10:25:44 -05:00
XhmikosR
1714afb293 Update CI
* drop Python 3.5
* add pip caching back
* run makeHosts.py too
2022-03-12 10:22:11 +02:00
XhmikosR
dd5334d1d3 Add dependabot for pip and action updates 2022-03-12 10:16:37 +02:00
XhmikosR
071a3a1e0e CI: combine version steps 2022-03-07 08:58:22 +02:00
XhmikosR
491f45e017 CI: remove Python cache
Since we are still testing obsolete/unsupported Python versions, this is a workaround for the Windows Python 3.5 error.

It should be reverted later when support for Python 3.5 is dropped.
2022-03-07 08:53:37 +02:00