dependabot[bot]
5507db8950
Bump VeryGoodOpenSource/very_good_coverage from 2.0.0 to 2.1.0
...
Bumps [VeryGoodOpenSource/very_good_coverage](https://github.com/VeryGoodOpenSource/very_good_coverage ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/VeryGoodOpenSource/very_good_coverage/releases )
- [Changelog](https://github.com/VeryGoodOpenSource/very_good_coverage/blob/main/CHANGELOG.md )
- [Commits](https://github.com/VeryGoodOpenSource/very_good_coverage/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: VeryGoodOpenSource/very_good_coverage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 20:04:34 +00:00
dependabot[bot]
c9466c688b
Bump actions/dependency-review-action from 2 to 3
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2 to 3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-14 20:04:55 +00:00
Lauri Ojansivu
e06390362b
Merge pull request #4720 from wekan/dependabot/github_actions/docker/build-push-action-3.2.0
...
Bump docker/build-push-action from 3.1.1 to 3.2.0
2022-10-17 23:37:43 +03:00
Lauri Ojansivu
88cb35e75c
Merge pull request #4719 from wekan/dependabot/github_actions/docker/metadata-action-4.1.1
...
Bump docker/metadata-action from 4.0.1 to 4.1.1
2022-10-17 23:36:51 +03:00
dependabot[bot]
4543fd73df
Bump docker/build-push-action from 3.1.1 to 3.2.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](c84f382811...c56af95754
2022-10-17 20:21:41 +00:00
dependabot[bot]
4d47f6b80b
Bump docker/metadata-action from 4.0.1 to 4.1.1
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.0.1 to 4.1.1.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](69f6fc9d46...57396166ad
2022-10-17 20:21:35 +00:00
dependabot[bot]
5f8f5f2892
Bump docker/login-action from 2.0.0 to 2.1.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](49ed152c8e...f4ef78c080
2022-10-17 20:21:32 +00:00
dependabot[bot]
d1dfffb4b2
Bump VeryGoodOpenSource/very_good_coverage from 1.2.1 to 2.0.0
...
Bumps [VeryGoodOpenSource/very_good_coverage](https://github.com/VeryGoodOpenSource/very_good_coverage ) from 1.2.1 to 2.0.0.
- [Release notes](https://github.com/VeryGoodOpenSource/very_good_coverage/releases )
- [Changelog](https://github.com/VeryGoodOpenSource/very_good_coverage/blob/main/CHANGELOG.md )
- [Commits](https://github.com/VeryGoodOpenSource/very_good_coverage/compare/v1.2.1...v2.0.0 )
---
updated-dependencies:
- dependency-name: VeryGoodOpenSource/very_good_coverage
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-10 20:32:20 +00:00
dependabot[bot]
1155cb8d68
Bump helm/chart-releaser-action from 1.4.0 to 1.4.1
...
Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/helm/chart-releaser-action/releases )
- [Commits](https://github.com/helm/chart-releaser-action/compare/v1.4.0...v1.4.1 )
---
updated-dependencies:
- dependency-name: helm/chart-releaser-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-03 20:28:35 +00:00
Alex
81e847a153
build: harden GitHub Workflow permissions
...
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
2022-09-19 17:02:31 +02:00
Alex
834408c740
a new commit message
2022-09-19 17:00:13 +02:00
dependabot[bot]
3762768ed3
Bump docker/build-push-action from 3.1.0 to 3.1.1
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](1cb9d22b93...c84f382811
2022-08-08 20:25:06 +00:00
dependabot[bot]
72c44e703f
Bump docker/build-push-action from 3.0.0 to 3.1.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](e551b19e49...1cb9d22b93
2022-07-25 20:54:30 +00:00
dependabot[bot]
b4c74b8d4c
Bump actions/dependency-review-action from 1 to 2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 20:34:39 +00:00
Lauri Ojansivu
947692693c
Merge pull request #4552 from wekan/dependabot/github_actions/VeryGoodOpenSource/very_good_coverage-1.2.1
...
Bump VeryGoodOpenSource/very_good_coverage from 1.1.1 to 1.2.1
2022-06-07 00:37:24 +03:00
Lauri Ojansivu
0c8e812991
Merge pull request #4555 from wekan/dependabot/github_actions/helm/chart-releaser-action-1.4.0
...
Bump helm/chart-releaser-action from 1.1.0 to 1.4.0
2022-06-07 00:35:01 +03:00
Lauri Ojansivu
fb1742b149
Merge pull request #4554 from wekan/dependabot/github_actions/docker/build-push-action-3
...
Bump docker/build-push-action from 2.5.0 to 3
2022-06-07 00:34:37 +03:00
Lauri Ojansivu
054915031e
Merge pull request #4553 from wekan/dependabot/github_actions/actions/download-artifact-3
...
Bump actions/download-artifact from 2 to 3
2022-06-07 00:34:19 +03:00
dependabot[bot]
63e0597c68
Bump actions/upload-artifact from 2 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 20:20:26 +00:00
dependabot[bot]
c71cedf9f4
Bump helm/chart-releaser-action from 1.1.0 to 1.4.0
...
Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action ) from 1.1.0 to 1.4.0.
- [Release notes](https://github.com/helm/chart-releaser-action/releases )
- [Commits](https://github.com/helm/chart-releaser-action/compare/v1.1.0...v1.4.0 )
---
updated-dependencies:
- dependency-name: helm/chart-releaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 20:20:23 +00:00
dependabot[bot]
f6ee321d0f
Bump docker/build-push-action from 2.5.0 to 3
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 2.5.0 to 3.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](ad44023a93...e551b19e49
2022-06-06 20:20:19 +00:00
dependabot[bot]
2a24720fad
Bump actions/download-artifact from 2 to 3
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 20:20:14 +00:00
dependabot[bot]
a7fd512124
Bump VeryGoodOpenSource/very_good_coverage from 1.1.1 to 1.2.1
...
Bumps [VeryGoodOpenSource/very_good_coverage](https://github.com/VeryGoodOpenSource/very_good_coverage ) from 1.1.1 to 1.2.1.
- [Release notes](https://github.com/VeryGoodOpenSource/very_good_coverage/releases )
- [Changelog](https://github.com/VeryGoodOpenSource/very_good_coverage/blob/main/CHANGELOG.md )
- [Commits](https://github.com/VeryGoodOpenSource/very_good_coverage/compare/v1.1.1...v1.2.1 )
---
updated-dependencies:
- dependency-name: VeryGoodOpenSource/very_good_coverage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 20:20:09 +00:00
Lauri Ojansivu
0d7d38b358
Merge pull request #4543 from turrisxyz/Dependency-GitHub
2022-06-02 05:51:49 +03:00
naveen
680770a7df
chore(deps): Included dependency review
...
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-01 23:35:00 +00:00
Lauri Ojansivu
14c3432896
Merge pull request #4539 from wekan/dependabot/github_actions/github/codeql-action-2
...
Bump github/codeql-action from 1 to 2
2022-05-31 05:17:43 +03:00
dependabot[bot]
1ed2c3b45a
Bump docker/login-action from 1.9.0 to 2
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.9.0 to 2.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](28218f9b04...49ed152c8e
2022-05-31 02:16:56 +00:00
Lauri Ojansivu
81f74f4db6
Merge pull request #4536 from wekan/dependabot/github_actions/docker/metadata-action-4.0.1
...
Bump docker/metadata-action from 3.3.0 to 4.0.1
2022-05-31 05:16:33 +03:00
Lauri Ojansivu
b5bc07d2e7
Merge pull request #4535 from wekan/dependabot/github_actions/actions/checkout-3
...
Bump actions/checkout from 2 to 3
2022-05-31 05:15:57 +03:00
dependabot[bot]
d5247daf8a
Bump github/codeql-action from 1 to 2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 02:12:27 +00:00
dependabot[bot]
9ff87d189f
Bump actions/cache from 2 to 3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 02:12:24 +00:00
dependabot[bot]
2d36116823
Bump docker/metadata-action from 3.3.0 to 4.0.1
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 3.3.0 to 4.0.1.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md )
- [Commits](98669ae865...69f6fc9d46
2022-05-31 02:12:17 +00:00
dependabot[bot]
9f0b9b29a5
Bump actions/checkout from 2 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 02:12:13 +00:00
neilnaveen
355b358fe2
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
2022-05-30 01:09:08 +00:00
Lauri Ojansivu
62efb67d06
Fix typo in tests.
2022-01-30 01:32:52 +02:00
Lauri Ojansivu
b12312f998
Create release.yml
2021-10-12 23:58:35 +03:00
Lauri Ojansivu
70ba1eca78
Create docker-publish.yml
2021-09-18 20:46:00 +03:00
Lauri Ojansivu
e925877ae4
Delete not working workflow
2021-09-18 20:44:25 +03:00
Lauri Ojansivu
0e7cc1ef87
Create docker-publish.yml
2021-09-18 20:41:43 +03:00
Lauri Ojansivu
78555f57a7
Try to fix tests.
...
Thanks to xet7 !
2021-06-24 22:52:53 +03:00
Jan Küster
6387d32c2f
ci fix script name
2021-06-23 12:25:02 +02:00
Jan Küster
4d9ba8d73b
tests ci added
2021-06-23 11:52:34 +02:00
Lauri Ojansivu
5dd6466c0a
Removed not working GitHub workflow.
...
Thanks to xet7 !
2021-05-10 20:26:23 +03:00
Lauri Ojansivu
b9405bfb64
Update owasp-zap-scan.yml
2021-02-22 19:07:15 +02:00
Lauri Ojansivu
5d8856a1c7
Update owasp-zap-scan.yml
2021-02-22 19:04:16 +02:00
Lauri Ojansivu
5073c0e9ad
Create owasp-zap-scan.yml
...
https://github.com/marketplace/actions/owasp-zap-baseline-scan
2021-02-22 18:43:24 +02:00
Lauri Ojansivu
df35683043
Create codeql-analysis.yml
2020-09-03 19:32:02 +03:00
Lauri Ojansivu
8670561f78
Create dockerimage.yml
2019-12-05 10:31:32 +02:00
