Commit graph

145 commits

Author SHA1 Message Date
Martin Weinelt
4b36b3cd43 workflows/backport-action 0.0.8 -> 0.0.9
https://github.com/zeebe-io/backport-action/releases/tag/v0.0.9
2022-11-23 12:20:28 +01:00
Martin Weinelt
18c8904c11
workflows: add 24 hour periodic merges for 22.11 2022-11-21 00:08:44 +01:00
dependabot[bot]
a02320d951 build(deps): bump cachix/cachix-action from 11 to 12
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 11 to 12.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v11...v12)

---
updated-dependencies:
- dependency-name: cachix/cachix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-28 17:36:59 +10:00
zowoq
298378f8c3 .github/workflows: replace deprecated set-output
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
2022-10-16 07:41:12 +10:00
Naïm Favier
9b480c2739 .github/workflows: use ofborg-eval context for pending status
Instead of adding a pending status with context `Wait for ofborg`, make
the context `ofborg-eval` and the description "Wait for OfBorg...". That
way, the status will be reused by OfBorg when it starts evaluation and
we don't need to clear it any more.
2022-10-15 09:09:24 +10:00
zowoq
c9ac816a70 .github/workflows/update-terraform-providers.yml: add link to run log
also move git clean to separate step
2022-10-14 15:51:46 +10:00
dependabot[bot]
d2e6195f5b build(deps): bump cachix/install-nix-action from 17 to 18
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 17 to 18.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v17...v18)
2022-10-13 09:15:41 +10:00
dependabot[bot]
ff3f76ad39 build(deps): bump cachix/cachix-action from 10 to 11
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 10 to 11.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v10...v11)
2022-10-13 09:13:55 +10:00
zowoq
41173fb24d .github/workflows/update-terraform-providers.yml: set max-workers to 2
also add git clean so logs aren't committed
2022-10-08 06:00:07 +10:00
zowoq
98390bef9e .github/workflows/update-terraform-providers.yml: bypass interactive prompt 2022-10-07 19:38:55 +10:00
zowoq
a8d8d9fee5 .github/workflows/update-terraform-providers.yml: re-enable
- run daily with updateScript, will create a commit for each provider update
- drop wip label and failure comment
2022-10-04 13:01:16 +10:00
Domen Kožar
55b3eabbb4
Merge pull request #192981 from winterqt/update-backport-action
backport-action: 0.0.5 -> 0.0.8
2022-09-26 14:13:00 +02:00
Winter
6f3ce7a620 backport-action: 0.0.5 -> 0.0.8 2022-09-25 22:11:54 -04:00
zowoq
d3270d6b32 .github/workflows/update-terraform-providers.yml: add nixpkgs-unstable for nix-shell
nix_path was removed from the update scripts in 3e63fa279f
2022-09-21 14:43:03 +10:00
zowoq
5fabd2ba5a .github/workflows/update-terraform-providers.yml: disable scheduled update
try nixpkgs-update with passthru.updateScript
2022-09-15 06:00:33 +10:00
zowoq
bbe49339b8 .github/workflows: fix permissions
the merge actions comment on pull requests, seems this was broken by 2c71278a23

also:
- fix permissions on new manual rendering action
- drop unnecessary issues permission from the terraform action
2022-09-12 15:34:35 +10:00
pennae
fc6f0ea188 workflows: fix manual-rendering.yml
the check command didn't set NIX_PATH, so compare-manuals.sh (which is a nix-shell script) failed.
2022-09-11 13:14:44 +10:00
pennae
c45deeb2aa workflows: add check for docbook/md manual equality
we want to make sure that rendering the manual from markdown without
going through docbook produces (semantically) the same output as with
going through docbook. to ensure this we'll build the manual twice, run
each manual through html-tidy to generate a normalized form and diff
the normalized forms. we don't want to compare raw output because that
exposes us to a lot of whitespace we'd have to reproduce exactly in the
MD render.

this check may be relaxed even further in the future, but hopefully not
by much.
2022-09-10 18:23:13 +02:00
pennae
ec75c8efff workflows: check that nixos manual does not use docbook option docs
the nixos manual should not use docbook for module option documentation,
only markdown, to make future transition to a markdown-only world easier
and less painful. this check will ensure that all options
documentation (even plain text that would not be interpreted specially
by neither markdown nor docbook) is declared as being markdown.
2022-09-10 18:23:13 +02:00
zowoq
25b464c8b3
terraform-full: remove (#184649)
* terraform-full: remove

* .github/workflows/update-terraform-providers.yml: switch to terraform.full
2022-08-02 19:45:05 +02:00
Winter
3707cc5a0d
Revert "backport-action: 0.0.5 -> 0.0.8" 2022-07-24 23:30:11 -04:00
Winter
fee30801b2 backport-action: 0.0.5 -> 0.0.8 2022-07-24 13:20:39 -04:00
github-actions[bot]
33be3debd5 terraform-providers: update 2022-07-10 2022-07-10 16:20:44 +10:00
Varun Sharma
2c71278a23 ci: Add GitHub token permissions for workflows
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2022-07-08 10:53:38 -07:00
Robert Hensing
3a27c40463 workflows/nixos-manual: Add command to run to error message 2022-07-06 07:32:17 +02:00
Janne Heß
8befefd1a7
workflows: Remove 21.11 merges
Channel is EOL
2022-07-04 20:04:17 +02:00
nathannaveen
5deff9583c chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
2022-07-04 01:09:50 +00:00
Janne Heß
e728029b30
workflows: Replace 21.05 with 22.05 2022-05-23 19:57:42 +02:00
dependabot[bot]
646ed065e5 build(deps): bump peter-evans/create-pull-request from 3 to 4
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v4)
2022-04-29 17:58:49 +10:00
zowoq
c19e9b776d .github/workflows/update-terraform-providers.yml: minor fixes
- simplify comment
- move `ofborg` command into block for clickable copying
2022-04-28 08:13:24 +10:00
dependabot[bot]
23e9e781e2 build(deps): bump cachix/install-nix-action from 16 to 17
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 16 to 17.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v16...v17)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-08 17:59:26 +10:00
Artturin
36c36411b8 .github/workflows/basic-eval.yml: only run if manually triggered
ofborg should have obsoleted this with https://github.com/NixOS/ofborg/pull/588#issuecomment-1078451552
https://github.com/NixOS/nixpkgs/pull/166599#issuecomment-1085069938

this is still useful to have around for act usage
2022-04-01 09:48:20 +03:00
Sandro
319145c9dc
Merge pull request #165397 from Mic92/create-or-update-comment 2022-03-27 12:12:23 +02:00
dependabot[bot]
1f161a57c2 build(deps): bump peter-evans/commit-comment from 1 to 2
Bumps [peter-evans/commit-comment](https://github.com/peter-evans/commit-comment) from 1 to 2.
- [Release notes](https://github.com/peter-evans/commit-comment/releases)
- [Commits](https://github.com/peter-evans/commit-comment/compare/v1...v2)

---
updated-dependencies:
- dependency-name: peter-evans/commit-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-23 08:24:13 +01:00
dependabot[bot]
180dada3ed build(deps): bump peter-evans/create-or-update-comment from 1 to 2
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 1 to 2.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v1...v2)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-23 08:23:37 +01:00
Jörg Thalheim
92a720cbac ci: add warning to actions with writeable GITHUB_TOKEN
Co-authored-by: ckie <25263210+ckiee@users.noreply.github.com>
2022-03-21 08:54:42 +01:00
zowoq
1d41af9bc9 .github/workflows/basic-eval.yml: add cachix cache
Avoids rebuilding nix in every PR if it hasn't been build on hydra yet.
2022-03-14 08:12:25 +10:00
zowoq
65268fe99a .github/workflows: update cachix cache comment 2022-03-14 08:12:24 +10:00
Jörg Thalheim
a385dd1ae3
Merge pull request #162450 from Mic92/actions-labeler
build(deps): bump actions/labeler from 3 to 4
2022-03-02 04:57:15 +00:00
dependabot[bot]
3f2c2d0afa
build(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)
2022-03-02 05:13:13 +01:00
dependabot[bot]
e07220a5ad
build(deps): bump actions/labeler from 3 to 4
Bumps [actions/labeler](https://github.com/actions/labeler) from 3 to 4.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v3...v4)
2022-03-02 05:08:31 +01:00
zowoq
215002fb9f terraform-providers: update scripts
- add flag to skip building updated providers
- have the github action skip building providers so we don't need to handle build failures in the script
- remove outdated `vendor` flag, all providers use `buildGoModule`
2022-02-07 12:02:36 +10:00
zowoq
fc7fb0d528 .github/workflows/update-terraform-providers.yml: minor fixes
- change ofborg command into a comment
- use WIP label instead of draft so codeowner notification works
2022-01-04 18:18:48 +10:00
zowoq
bcd238a027 .github/workflows/update-terraform-providers.yml: init
weekly update of terraform providers which can also be run manually
2022-01-04 11:00:15 +10:00
zowoq
1b8f795c94 .github/workflows/editorconfig.yml: 2.3.5 -> 2.4.0 2021-12-16 21:43:53 +10:00
zowoq
c3338bcdc4 .github/workflows/editorconfig.yml: allow PRs to skip check
Intended for treewide reformatting PRs so we don't hit the API ratelimit.
2021-12-03 12:54:08 +10:00
zowoq
0d02ab2028 .github/workflows/editorconfig.yml: write changed files to disk
This avoids errors when exporting long lists to $GITHUB_ENV.

Co-authored-by: Moritz Hedtke <Moritz.Hedtke@t-online.de>
2021-12-02 09:11:21 +10:00
zowoq
34fa1ffbe4 Revert ".github/workflows/editorconfig.yml: Don't use GitHub API for PR diff."
This reverts commit 4db84ed126.

Causing CI errors.
2021-11-30 10:42:57 +10:00
Moritz Hedtke
4db84ed126 .github/workflows/editorconfig.yml: Don't use GitHub API for PR diff.
This caused ratelimits for large PRs (reformatting PRs)
2021-11-30 09:41:52 +10:00
Martin Weinelt
3eb5d85beb .github/workflows/periodic-merge: configure 21.11 release 2021-11-28 17:00:50 -08:00