heaven/vojo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
752 commits 3 branches 63 tags 40 MiB
Commit graph

44 commits

Author SHA1 Message Date
Matt Corallo
0f21878819 Reduce third-party build script dependencies and reduce GITHUB_TOKEN perms in CI (#541) 
* Reduce dependence on third-party build scripts in release pipeline

This removes one third-party build script from the release
pipeline for the release tar.gz, though one is still used in the
now-separate netlify deploy.

* Reduce GITHUB_TOKEN perms in actions when using 3rd party scripts

This avoids allowing third parties to arbitrarily overwrite the
repository.

* Replace PGP signing action with the bash script from the same

The PGP signing action ultimately just calls gpg with arguments
set in
https://github.com/actionhippie/gpgsign/blob/v1/overlay/usr/local/bin/entrypoint
so its rather trivial to simply take the required arguments and
put them directly in CI.

This is substantially safer than the PGP signing action used as the
action currently downloads, unverified and un-pinned, a docker
image in order to access PGP.
 2022-05-26 20:17:41 +05:30
dependabot[bot]
ab308c4a1b Bump actions/upload-artifact from 3.0.0 to 3.1.0 (#578) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-24 19:40:24 +05:30
dependabot[bot]
8708cf1d49 Bump docker/build-push-action from 2.10.0 to 3.0.0 (#538) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.10.0 to 3.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.10.0...v3.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-20 09:59:40 +05:30
dependabot[bot]
d3b334e4fa Bump docker/metadata-action from 3.8.0 to 4.0.1 (#539) 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.8.0 to 4.0.1.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v3.8.0...v4.0.1)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-20 09:59:00 +05:30
dependabot[bot]
0cfe2df7d6 Bump docker/login-action from 1.14.1 to 2.0.0 (#540) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2.0.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.14.1...v2.0.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-20 09:58:34 +05:30
dependabot[bot]
680c331af9 Bump actions/github-script from 6.0.0 to 6.1.0 (#562) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6.0.0...v6.1.0)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-20 09:16:55 +05:30
Ajay Bura
b1888f2595 Sign release tarball with PGP key (#392) 2022-05-03 16:43:16 +05:30
dependabot[bot]
048f405e50 Bump docker/metadata-action from 3.7.0 to 3.8.0 (#523) 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.7.0 to 3.8.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v3.7.0...v3.8.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-03 12:36:14 +05:30
Ajay Bura
919c7cdc4e Use SHA instead of tag for 3rd party actions (#498) 2022-05-01 13:23:42 +05:30
dependabot[bot]
3929b44b2a Bump actions/checkout from 3.0.1 to 3.0.2 (#508) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-26 17:23:22 +05:30
Krishan
d04db4965e Run docker check when someone change the action too (#495) 2022-04-20 08:58:58 +05:30
Krishan
f1dfcf2c3a Replace forked action with original one (#496) 
The reason to replace is that previous action fails when pull request content is empty and Beakyn/gha-comment-pull-request@v1.0.2 fixed this.
 2022-04-20 08:58:47 +05:30
dependabot[bot]
50ade8717c Bump actions/checkout from 3.0.0 to 3.0.1 (#491) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-19 09:34:33 +05:30
dependabot[bot]
62f3b7dd26 Bump docker/metadata-action from 3.6.2 to 3.7.0 (#487) 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.6.2 to 3.7.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v3.6.2...v3.7.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-12 10:14:31 +05:30
Krishan
7ea0435572 Fix docker check to only run on Dockerfile change (#452) 2022-03-30 18:38:52 +05:30
Krishan
d61eef7747 Reverting .yaml as some things doesn't work (#451) 2022-03-30 15:01:41 +05:30
Krishan
fe12d6298d String update and file extension name consistency (#436) 
* Fixes #434

* Fixes #433

* Prtially fixes #432

* Disable auto labelling of issues

* Use yaml instead of yml as recommended by yaml.org

* shortened the strings

* simplified option description
 2022-03-30 13:42:52 +05:30
Krishan
be17905b00 General fix and consistency changes (#428) 2022-03-23 19:40:39 +05:30
Krishan
8c76008e3f Fix workflow name (#389) 2022-03-15 17:19:18 +05:30
dependabot[bot]
b51c7529c6 Bump docker/build-push-action from 2.9.0 to 2.10.0 (#388) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-15 17:16:58 +05:30
Krishan
c78cea857c Simplify GitHub actions (#387) 
* Simplify production build actions 

This merges both the netlify-prod and docker action and also automatically add tarball to releases.

* Delete docker.yaml

* Delete netlify-prod.yaml

* Cosmetic changes and add dockerhub check

* Cosmetic changes

* Fix check runs on Tuesdays only
 2022-03-15 17:04:14 +05:30
dependabot[bot]
1664913265 Bump actions/upload-artifact from 2.3.1 to 3.0.0 (#362) 
* Bump actions/upload-artifact from 2.3.1 to 3

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.3.1...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Use exact version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Krishan <33421343+kfiven@users.noreply.github.com>
 2022-03-08 16:42:59 +05:30
dependabot[bot]
33fafac8ae Bump actions/checkout from 2.4.0 to 3.0.0 (#363) 
* Bump actions/checkout from 2.4.0 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Use exact version

* Use exact version

* Use exact version

* Use exact version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Krishan <33421343+kfiven@users.noreply.github.com>
 2022-03-08 16:42:31 +05:30
dependabot[bot]
0bc119a5ab Bump docker/login-action from 1.14.0 to 1.14.1 (#364) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.14.0...v1.14.1)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-08 16:41:39 +05:30
dependabot[bot]
a9d2b565d2 Bump docker/login-action from 1.13.0 to 1.14.0 (#350) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-01 10:15:58 +05:30
dependabot[bot]
96fefc7ab3 Bump actions/github-script from 3.1.0 to 6.0.0 (#314) 
* Bump actions/github-script from 3.1.0 to 6

Bumps [actions/github-script](https://github.com/actions/github-script) from 3.1.0 to 6.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3.1.0...v6)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update build-pull-request.yml

* Update deploy-pull-request.yml

* reference rest method by github.rest

this broke in v5 see https://github.com/actions/github-script#breaking-changes-in-v5

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ajay Bura <32841439+ajbura@users.noreply.github.com>
Co-authored-by: Krishan <33421343+kfiven@users.noreply.github.com>
 2022-02-24 08:19:14 +05:30
dependabot[bot]
bd07272b15 Bump docker/login-action from 1.12.0 to 1.13.0 (#325) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-22 18:44:38 +05:30
dependabot[bot]
3cae1e7f63 Bump docker/build-push-action from 2.8.0 to 2.9.0 (#308) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.8.0...v2.9.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-09 08:30:21 +05:30
Ajay Bura
91d0876611 Remove unused deps, restore github-script to 3.1.0 2022-01-31 22:29:18 +05:30
Ajay Bura
8f4c13e3ba Use specific and latest version in actions x2 2022-01-31 10:03:31 +05:30
Ajay Bura
d90edd2cb0 Use specific and latest version in actions 2022-01-31 09:59:36 +05:30
Krishan
03cc648234 Update build-pull-request.yml to use npm ci (#271) 2022-01-30 20:59:37 +05:30
Ajay Bura
3e39557dd9 Specified sha for build script 
Signed-off-by: Ajay Bura <ajbura@gmail.com>
 2021-11-18 18:19:04 +05:30
Ajay Bura
beaaa5d674 Specified node version to workflows x 2 
Signed-off-by: Ajay Bura <ajbura@gmail.com>
 2021-11-18 18:14:49 +05:30
Ajay Bura
ad6dae9dd3 Specified node version to workflows 
Signed-off-by: Ajay Bura <ajbura@gmail.com>
 2021-11-18 18:11:12 +05:30
Krishan
6a1865a36a Fixed pull request preview deploys (#166) 
* Update and rename pull-request.yml to build-pull-request.yml

* Create deploy-pull-request.yml
 2021-11-14 12:54:17 +05:30
Ajay Bura
c2f1e07951 Update pull-request.yml 2021-10-14 10:42:07 +05:30
Ajay Bura
6ed93ab830 Update pull-request.yml 2021-10-14 10:34:04 +05:30
Ajay Bura
1b1f035b1a Fixed deploy on PR 2021-10-14 10:28:31 +05:30
Ajay Bura
65d404b2ea Update pull-request.yml 2021-10-12 15:00:09 +05:30
Ajay Bura
2e4a3b1dbf added action for pull request previews 2021-10-11 15:22:15 +05:30
unknown
86eec05a24 Changed prod workflows back on published 2021-09-09 19:08:29 +05:30
unknown
eb30fd12ae Build prod on master push 2021-09-05 14:19:55 +05:30
unknown
00f45fd203 Added workflows for docker/netlify 2021-09-01 21:01:24 +05:30