dependabot[bot]
f1fcde2142
Bump dawidd6/action-download-artifact from 2.24.2 to 2.27.0 ( #1202 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.24.2 to 2.27.0.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](e6e25ac3a2...246dbf436b
2023-06-12 21:38:53 +10:00
dependabot[bot]
9f2fb716f7
Bump thollander/actions-comment-pull-request from 2.0.0 to 2.3.1 ( #1081 )
...
Bumps [thollander/actions-comment-pull-request](https://github.com/thollander/actions-comment-pull-request ) from 2.0.0 to 2.3.1.
- [Release notes](https://github.com/thollander/actions-comment-pull-request/releases )
- [Commits](c22fb30220...632cf9ce90
2023-06-12 21:36:13 +10:00
dependabot[bot]
14b4969a65
Bump actions/setup-node from 3.5.1 to 3.6.0 ( #1057 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v3.5.1...v3.6.0 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 21:34:23 +10:00
dependabot[bot]
15feac81c9
Bump actions/upload-artifact from 3.1.1 to 3.1.2 ( #1055 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.1...v3.1.2 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 21:32:10 +10:00
renovate[bot]
863612d1a1
fix(deps): update dependency matrix-js-sdk to v24 ( #1175 )
...
* fix(deps): update dependency matrix-js-sdk to v24
* Update build-pull-request.yml
* Update netlify-dev.yml
* Update prod-deploy.yml
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Krishan <33421343+kfiven@users.noreply.github.com>
2023-03-29 14:17:00 +11:00
Krishan
e33a887055
Change license to AGPLv3 ( #1115 )
...
* Add CLA github action
* Change license to AGPLv3
2023-02-24 17:28:04 +05:30
Krishan
44318d1ecd
Replace deprecated 'set-output' with '$GITHUB_OUTPUT'
2023-01-30 15:46:56 +11:00
Krishan
63cb564818
chore: update netlify site id secrets
2022-12-14 10:47:10 +05:30
dependabot[bot]
cb88a6fd9c
Bump actions/checkout from 3.1.0 to 3.2.0 ( #1017 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.1.0...v3.2.0 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-13 09:19:20 +05:30
dependabot[bot]
868f271588
Bump nwtgck/actions-netlify from 1.2.4 to 2.0.0 ( #1006 )
...
Bumps [nwtgck/actions-netlify](https://github.com/nwtgck/actions-netlify ) from 1.2.4 to 2.0.0.
- [Release notes](https://github.com/nwtgck/actions-netlify/releases )
- [Changelog](https://github.com/nwtgck/actions-netlify/blob/develop/CHANGELOG.md )
- [Commits](ac1cb16858...5da65c9f74
2022-12-09 16:52:04 +05:30
Krishan
52cbcb9128
Replace pull request action with one actively maintained ( #1004 )
...
* Replace pull request action with one actively maintained
* Add comment_tag to stop duplicate comments
2022-12-09 13:05:02 +05:30
dependabot[bot]
347d23641b
Bump softprops/action-gh-release from 0.1.14 to 0.1.15 ( #1000 )
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 0.1.14 to 0.1.15.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](1e07f43987...de2c0eb89a
2022-12-06 12:48:17 +05:30
dependabot[bot]
b8f3cf1b47
Bump dawidd6/action-download-artifact from 2.24.0 to 2.24.2 ( #972 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.24.0 to 2.24.2.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](46b4ae883b...e6e25ac3a2
2022-11-16 21:45:26 +05:30
Krishan
1531535151
Replace deprecated 'set-output' with '$GITHUB_OUTPUT' ( #968 )
2022-11-09 18:16:14 +05:30
Krishan
4fe4c8bb03
Use Node Hydrogen LTS ( #960 )
...
* Use node hydrogen lts in dockerfile
* Use node v18.12.0
* Use node v18.12.0
* Use node v18.12.0
* use lts syntax
* Update Nodejs LTS to v18.12.1
* Update Dockerfile
* Update Dockerfile
* Update readme
2022-11-08 20:21:51 +05:30
dependabot[bot]
eeb4ec0e73
Bump actions/upload-artifact from 3.1.0 to 3.1.1 ( #942 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...v3.1.1 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:45:59 +05:30
dependabot[bot]
bf79618221
Bump docker/setup-buildx-action from 2.2.0 to 2.2.1 ( #937 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-19 21:05:05 +05:30
dependabot[bot]
89e93be091
Bump docker/setup-buildx-action from 2.1.0 to 2.2.0 ( #929 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-18 11:48:41 +05:30
dependabot[bot]
9b42077f7a
Bump docker/metadata-action from 4.1.0 to 4.1.1 ( #928 )
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](https://github.com/docker/metadata-action/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-18 11:47:57 +05:30
dependabot[bot]
81b88477bd
Bump docker/metadata-action from 4.0.1 to 4.1.0 ( #925 )
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](https://github.com/docker/metadata-action/compare/v4.0.1...v4.1.0 )
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-15 15:19:18 +05:30
dependabot[bot]
52376e10a5
Bump docker/setup-buildx-action from 2.0.0 to 2.1.0 ( #924 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-15 15:18:02 +05:30
dependabot[bot]
b8b3f9e7ec
Bump docker/login-action from 2.0.0 to 2.1.0 ( #923 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-15 15:17:21 +05:30
dependabot[bot]
194eb30042
Bump dawidd6/action-download-artifact from 2.23.0 to 2.24.0 ( #922 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.23.0 to 2.24.0.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](7847792dd4...46b4ae883b
2022-10-15 15:16:49 +05:30
dependabot[bot]
b52aa9ac76
Bump nwtgck/actions-netlify from 1.2.3 to 1.2.4 ( #920 )
...
Bumps [nwtgck/actions-netlify](https://github.com/nwtgck/actions-netlify ) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/nwtgck/actions-netlify/releases )
- [Changelog](https://github.com/nwtgck/actions-netlify/blob/develop/CHANGELOG.md )
- [Commits](b7c1504e00...ac1cb16858
2022-10-15 15:16:01 +05:30
dependabot[bot]
c825c41aed
Bump docker/setup-qemu-action from 2.0.0 to 2.1.0 ( #921 )
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-15 15:15:17 +05:30
dependabot[bot]
6d8f704542
Bump docker/build-push-action from 3.1.1 to 3.2.0 ( #919 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3.1.1...v3.2.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-15 15:14:48 +05:30
dependabot[bot]
10a399f7e6
Bump actions/setup-node from 3.5.0 to 3.5.1 ( #918 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-15 15:13:55 +05:30
dependabot[bot]
c3396780d7
Bump actions/checkout from 3.0.2 to 3.1.0 ( #904 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.0.2...v3.1.0 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-11 08:57:58 +05:30
renovate[bot]
7db4146c8d
Update actions/setup-node action to v3.5.0 ( #878 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-28 22:13:06 +05:30
Krishan
0225204b4d
Require approval before opening dep update PR ( #865 )
2022-09-19 20:32:40 +05:30
Ajay Bura
29ddcfa1f9
Update command strings
2022-09-11 08:27:59 +05:30
Krishan
831bb83f4e
Update and simplify actions ( #831 )
...
* Replace action with one we use already
* Simplify PR actions
* fix name
2022-09-07 13:46:44 +05:30
renovate[bot]
e1adc6a3bc
Configure Renovate ( #819 )
...
* Add renovate.json
* Add renovate config
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Krishan <33421343+kfiven@users.noreply.github.com>
2022-09-05 19:43:11 +05:30
Krishan
bcedab5113
Add lockfile changes action ( #818 )
2022-09-05 19:26:28 +05:30
dependabot[bot]
f7ff1ef2bd
Bump actions/github-script from 6.1.1 to 6.2.0 ( #794 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.1.1 to 6.2.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v6.1.1...v6.2.0 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ajay Bura <32841439+ajbura@users.noreply.github.com>
2022-09-02 19:15:03 +05:30
dependabot[bot]
984fad811c
Bump actions/github-script from 6.1.0 to 6.1.1 ( #755 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v6.1.0...v6.1.1 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-20 21:09:36 +05:30
Krishan
f93b666bbf
Push Docker image to ghcr registry ( #764 )
...
* Push Docker image to ghcr registry
* Fix secret name
* add permission to token to write package to ghcr
Co-authored-by: Ajay Bura <32841439+ajbura@users.noreply.github.com>
2022-08-20 20:59:02 +05:30
dependabot[bot]
9f99320fda
Bump docker/build-push-action from 3.1.0 to 3.1.1 ( #725 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3.1.0...v3.1.1 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-09 09:30:34 +05:30
dependabot[bot]
48793f3a95
Bump docker/build-push-action from 3.0.0 to 3.1.0 ( #695 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3.0.0...v3.1.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-27 14:04:59 +05:30
dependabot[bot]
1979646b4b
Bump actions/setup-node from 3.3.0 to 3.4.1 ( #687 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-16 17:11:48 +05:30
Ajay Bura
5c0eb20cb4
Follow system theme by default
2022-07-09 18:08:35 +05:30
dependabot[bot]
2d3634d6bf
Bump jsmrcaga/action-netlify-deploy from 1.7.2 to 1.8.0 ( #618 )
...
Bumps [jsmrcaga/action-netlify-deploy](https://github.com/jsmrcaga/action-netlify-deploy ) from 1.7.2 to 1.8.0.
- [Release notes](https://github.com/jsmrcaga/action-netlify-deploy/releases )
- [Commits](fb6a5f936a...53de32e559
2022-06-14 20:19:46 +05:30
Ajay Bura
8b96e0ab98
Fix nodejs version in actions ( #627 )
...
* Update prod-deploy.yml
* Update netlify-dev.yml
* Update build-pull-request.yml
* Update build-pull-request.yml
* Update netlify-dev.yml
* Update prod-deploy.yml
Co-authored-by: Krishan <33421343+kfiven@users.noreply.github.com>
2022-06-14 19:55:48 +05:30
dependabot[bot]
e998438135
Bump docker/setup-buildx-action from 1.6.0 to 2.0.0 ( #595 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 1.6.0 to 2.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1.6.0...v2.0.0 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-04 21:28:18 +05:30
dependabot[bot]
5fd7d64d21
Bump docker/setup-qemu-action from 1.2.0 to 2.0.0 ( #596 )
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 1.2.0 to 2.0.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1.2.0...v2.0.0 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-04 21:24:43 +05:30
Krishan
d0fd654bf7
Add support for building docker image for linux/arm64 ( #494 )
...
* Update docker-pr.yml
* setup docker build for linux/arm64
* Update prod-deploy.yml
* Apply PR suggestion
2022-05-29 10:15:31 +05:30
Krishan
38b604ad41
Add PGP public key and fix engine versions in package.json ( #583 )
...
* nodejs 17.9.0 also works
* Add github sponser link
* Add Public PGP key of signed tarball
* Update README.md
* Add download badge also.
* Add docker pulls
2022-05-27 13:09:36 +05:30
Ajay Bura
2ca67bb61a
Consistent job naming
2022-05-26 20:20:28 +05:30
Matt Corallo
95b814b751
Reduce third-party build script dependencies and reduce GITHUB_TOKEN perms in CI ( #541 )
...
* Reduce dependence on third-party build scripts in release pipeline
This removes one third-party build script from the release
pipeline for the release tar.gz, though one is still used in the
now-separate netlify deploy.
* Reduce GITHUB_TOKEN perms in actions when using 3rd party scripts
This avoids allowing third parties to arbitrarily overwrite the
repository.
* Replace PGP signing action with the bash script from the same
The PGP signing action ultimately just calls gpg with arguments
set in
https://github.com/actionhippie/gpgsign/blob/v1/overlay/usr/local/bin/entrypoint
so its rather trivial to simply take the required arguments and
put them directly in CI.
This is substantially safer than the PGP signing action used as the
action currently downloads, unverified and un-pinned, a docker
image in order to access PGP.
2022-05-26 20:17:41 +05:30
dependabot[bot]
3bd4eda789
Bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #578 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3.0.0...v3.1.0 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-24 19:40:24 +05:30
