Commit graph

167 commits

Author SHA1 Message Date
zowoq
ab69305066 .github/workflows/update-terraform-providers.yml: various
- removed outdated permissions comment

- add failed updates step

- add failed updates and ofborg rebuild to PR body
2023-03-25 12:41:02 +10:00
dependabot[bot]
32abfcc923 build(deps): bump cachix/install-nix-action from 19 to 20
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 19 to 20.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v19...v20)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 22:30:02 +10:00
pennae
2daba98981 workflows: check maintainers sortedness on pull_request_target
`pull_request` workflows need approval to run, `pull_request_target`
does not. this one isn't particularly vulnerable and doesn't take long
to run, so we may as well run it without approval.
2023-03-19 22:45:33 +01:00
pennae
4a694fc500 maintainers: add script and workflows to check sortedness
the script can output a list of sed commands to create the order it
expects to find. this was mainly useful for initially sorting the list,
but we'll keep it here for later reference.

Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2023-03-15 11:07:54 +01:00
Martin Weinelt
b5f0fdc371
workflows/backport: Copy security label in backport PRs
Since v1.2.0 the backport action supports copying labels from the source
to the backport PR. This is useful for copying the security label from
the original PR to the backport PR, so relevant security updates don't
get lost.
2023-03-06 09:14:20 +00:00
Naïm Favier
568c84c7db
.github: build nixpkgs manual on lib changes
The nixpkgs manual includes documentation for `lib` functions.
2023-03-04 13:23:38 +01:00
zowoq
9df748f599 Revert "workflows: pin install-nix-action to use nix 2.13.3"
This reverts commit 3563c178ca.

fixed in cachix/install-nix-action@v20
2023-03-01 16:17:36 +10:00
zowoq
6a174c65c2 .github/workflows: update cachix/install-nix-action to v20 2023-03-01 16:16:57 +10:00
pennae
3563c178ca workflows: pin install-nix-action to use nix 2.13.3
same reasoning as #218858, only now for an action we depend on and can't
fix quite as easily. cachix-action also uses nix-env and will thus not
work correctly, so pin the nix version used to the last known good one.
2023-03-01 07:08:14 +10:00
Weijia Wang
31ce09b377
Merge pull request #218858 from cole-h/fixup-editorconfig-action
Fixup editorconfig action with Nix 2.14.0
2023-02-28 22:23:59 +02:00
Cole Helbling
19a122e092 ci: editorconfig: use nix-shell instead of nix-env 2023-02-28 11:36:32 -08:00
dependabot[bot]
43760d9cc4 build(deps): bump korthout/backport-action from 1.1.0 to 1.2.0
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-28 18:08:44 +10:00
dependabot[bot]
f1787f39a5 build(deps): bump cachix/install-nix-action from 18 to 19
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 18 to 19.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v18...v19)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 08:10:43 +10:00
pennae
d041641b1a nixos/manual: remove md-to-db
with manual chapters no longer needing pandoc for their conversion to
xml we can get rid of this source of confusion, and its huge cache of
xml files.
2023-02-10 06:40:15 +01:00
dependabot[bot]
08fdf29658 build(deps): bump korthout/backport-action from 1.0.1 to 1.1.0
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.0.1...v1.1.0)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-24 06:38:25 +10:00
zowoq
3a1f02b46b .github/workflows/labels.yml: fix typo
mistake in d1570428a2
2023-01-21 11:30:55 +10:00
zowoq
d1570428a2 .github/workflows/labels.yml: allow PRs to skip labels 2023-01-21 09:33:59 +10:00
zowoq
552af48e79 .github/workflows/editorconfig.yml: change to skip treewide 2023-01-21 09:33:59 +10:00
dependabot[bot]
656548c44a build(deps): bump korthout/backport-action from 1.0.0 to 1.0.1
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-10 06:45:05 +10:00
dependabot[bot]
8877cc2874 build(deps): bump zeebe-io/backport-action from 0.0.9 to 1.0.0
Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action) from 0.0.9 to 1.0.0.
- [Release notes](https://github.com/zeebe-io/backport-action/releases)
- [Commits](https://github.com/zeebe-io/backport-action/compare/v0.0.9...v1.0.0)

---
updated-dependencies:
- dependency-name: zeebe-io/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-03 07:31:48 +10:00
zowoq
9fde2b66f8 terraform-providers: add github token to update-providers 2023-01-02 13:48:28 +10:00
Martin Weinelt
4e6337bdce
workflows/periodic-merge: Remove 22.05 jobs 2023-01-01 14:55:34 +01:00
Martin Weinelt
4b36b3cd43 workflows/backport-action 0.0.8 -> 0.0.9
https://github.com/zeebe-io/backport-action/releases/tag/v0.0.9
2022-11-23 12:20:28 +01:00
Martin Weinelt
18c8904c11
workflows: add 24 hour periodic merges for 22.11 2022-11-21 00:08:44 +01:00
dependabot[bot]
a02320d951 build(deps): bump cachix/cachix-action from 11 to 12
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 11 to 12.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v11...v12)

---
updated-dependencies:
- dependency-name: cachix/cachix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-28 17:36:59 +10:00
zowoq
298378f8c3 .github/workflows: replace deprecated set-output
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
2022-10-16 07:41:12 +10:00
Naïm Favier
9b480c2739 .github/workflows: use ofborg-eval context for pending status
Instead of adding a pending status with context `Wait for ofborg`, make
the context `ofborg-eval` and the description "Wait for OfBorg...". That
way, the status will be reused by OfBorg when it starts evaluation and
we don't need to clear it any more.
2022-10-15 09:09:24 +10:00
zowoq
c9ac816a70 .github/workflows/update-terraform-providers.yml: add link to run log
also move git clean to separate step
2022-10-14 15:51:46 +10:00
dependabot[bot]
d2e6195f5b build(deps): bump cachix/install-nix-action from 17 to 18
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 17 to 18.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v17...v18)
2022-10-13 09:15:41 +10:00
dependabot[bot]
ff3f76ad39 build(deps): bump cachix/cachix-action from 10 to 11
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 10 to 11.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v10...v11)
2022-10-13 09:13:55 +10:00
zowoq
41173fb24d .github/workflows/update-terraform-providers.yml: set max-workers to 2
also add git clean so logs aren't committed
2022-10-08 06:00:07 +10:00
zowoq
98390bef9e .github/workflows/update-terraform-providers.yml: bypass interactive prompt 2022-10-07 19:38:55 +10:00
zowoq
a8d8d9fee5 .github/workflows/update-terraform-providers.yml: re-enable
- run daily with updateScript, will create a commit for each provider update
- drop wip label and failure comment
2022-10-04 13:01:16 +10:00
Domen Kožar
55b3eabbb4
Merge pull request #192981 from winterqt/update-backport-action
backport-action: 0.0.5 -> 0.0.8
2022-09-26 14:13:00 +02:00
Winter
6f3ce7a620 backport-action: 0.0.5 -> 0.0.8 2022-09-25 22:11:54 -04:00
zowoq
d3270d6b32 .github/workflows/update-terraform-providers.yml: add nixpkgs-unstable for nix-shell
nix_path was removed from the update scripts in 3e63fa279f
2022-09-21 14:43:03 +10:00
zowoq
5fabd2ba5a .github/workflows/update-terraform-providers.yml: disable scheduled update
try nixpkgs-update with passthru.updateScript
2022-09-15 06:00:33 +10:00
zowoq
bbe49339b8 .github/workflows: fix permissions
the merge actions comment on pull requests, seems this was broken by 2c71278a23

also:
- fix permissions on new manual rendering action
- drop unnecessary issues permission from the terraform action
2022-09-12 15:34:35 +10:00
pennae
fc6f0ea188 workflows: fix manual-rendering.yml
the check command didn't set NIX_PATH, so compare-manuals.sh (which is a nix-shell script) failed.
2022-09-11 13:14:44 +10:00
pennae
c45deeb2aa workflows: add check for docbook/md manual equality
we want to make sure that rendering the manual from markdown without
going through docbook produces (semantically) the same output as with
going through docbook. to ensure this we'll build the manual twice, run
each manual through html-tidy to generate a normalized form and diff
the normalized forms. we don't want to compare raw output because that
exposes us to a lot of whitespace we'd have to reproduce exactly in the
MD render.

this check may be relaxed even further in the future, but hopefully not
by much.
2022-09-10 18:23:13 +02:00
pennae
ec75c8efff workflows: check that nixos manual does not use docbook option docs
the nixos manual should not use docbook for module option documentation,
only markdown, to make future transition to a markdown-only world easier
and less painful. this check will ensure that all options
documentation (even plain text that would not be interpreted specially
by neither markdown nor docbook) is declared as being markdown.
2022-09-10 18:23:13 +02:00
zowoq
25b464c8b3
terraform-full: remove (#184649)
* terraform-full: remove

* .github/workflows/update-terraform-providers.yml: switch to terraform.full
2022-08-02 19:45:05 +02:00
Winter
3707cc5a0d
Revert "backport-action: 0.0.5 -> 0.0.8" 2022-07-24 23:30:11 -04:00
Winter
fee30801b2 backport-action: 0.0.5 -> 0.0.8 2022-07-24 13:20:39 -04:00
github-actions[bot]
33be3debd5 terraform-providers: update 2022-07-10 2022-07-10 16:20:44 +10:00
Varun Sharma
2c71278a23 ci: Add GitHub token permissions for workflows
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2022-07-08 10:53:38 -07:00
Robert Hensing
3a27c40463 workflows/nixos-manual: Add command to run to error message 2022-07-06 07:32:17 +02:00
Janne Heß
8befefd1a7
workflows: Remove 21.11 merges
Channel is EOL
2022-07-04 20:04:17 +02:00
nathannaveen
5deff9583c chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
2022-07-04 01:09:50 +00:00
Janne Heß
e728029b30
workflows: Replace 21.05 with 22.05 2022-05-23 19:57:42 +02:00