c2341032a4
Bump actions/upload-artifact from 4 to 5
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-12 10:35:18 +01:00
ec82920a93
Bump actions/setup-node from 5 to 6
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-12 10:35:05 +01:00
2894ac430a
unify workflow code styles
2025-11-12 10:28:56 +01:00
aea562a1b4
attempting to make the condition list more readable
2025-11-12 10:27:26 +01:00
86d39434a3
disable running snyk if triggering user doesn't have access to the secret
2025-11-12 10:27:15 +01:00
7eec8caae3
apply explicit permissions as per CodeQL suggestion
...
as per rule ID actions/missing-workflow-permissions
2025-11-12 10:24:57 +01:00
bab4d50cd4
update codeql actions to release 4 (node 24) and enable github action scanning
2025-11-12 10:24:36 +01:00
d4ebb12828
Bump actions/checkout from 4 to 5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-12 10:23:56 +01:00
d544d1281d
Bump dawidd6/action-download-artifact from 10 to 11
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 10 to 11.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/4c1e823582f43b179e2cbb49c3eade4e41f992e2...ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 )
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-version: '11'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-06-16 12:22:51 +00:00
3a1eb8d534
Bump dawidd6/action-download-artifact from 9 to 10
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 9 to 10.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/07ab29fd4a977ae4d2b275087cf67563dfdf0295...4c1e823582f43b179e2cbb49c3eade4e41f992e2 )
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-version: '10'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-06-02 12:46:39 +00:00
37871eac69
node 20 seems to fail with the updated jsdom, locally I had tested with 18 - lets downgrade till we can find a solution
2025-04-09 21:11:10 +02:00
d89bc1b97b
Bump dawidd6/action-download-artifact from 8 to 9
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 8 to 9.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/20319c5641d495c8a52e688b7dc5fada6c3a9fbc...07ab29fd4a977ae4d2b275087cf67563dfdf0295 )
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-27 11:25:13 +00:00
478b79b7b7
Bump slsa-framework/slsa-github-generator from 2.0.0 to 2.1.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-25 11:57:15 +00:00
6dbd9bd157
Bump dawidd6/action-download-artifact from 7 to 8
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 7 to 8.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/80620a5d27ce0ae443b965134db88467fc607b43...20319c5641d495c8a52e688b7dc5fada6c3a9fbc )
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-01-22 11:07:30 +00:00
8b7ccb0fd4
PHP 8.4 is no longer a development release
2024-12-22 12:14:25 +01:00
7ee6bcafc4
Bump dawidd6/action-download-artifact from 6 to 7
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 6 to 7.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/bf251b5aa9c2f7eeb574a96ee720e24f801b7c11...80620a5d27ce0ae443b965134db88467fc607b43 )
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-11-29 11:11:25 +00:00
d097631469
possibly not necessary?
2024-07-07 14:28:29 +02:00
84d4d31c73
composer is not part of the matrix, don't try and process event.json
2024-07-07 14:22:48 +02:00
17f924118e
address warnings and errors in github actions
2024-07-07 14:13:59 +02:00
4d912b082b
Bump dawidd6/action-download-artifact from 5 to 6
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 5 to 6.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/deb3bb83256a78589fef6a7b942e5f2573ad7c13...bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 )
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-06-12 11:12:15 +00:00
48b4c6ce5b
Bump dawidd6/action-download-artifact from 3.1.4 to 5
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 3.1.4 to 5.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/09f2f74827fd3a8607589e5ad7f9398816f540fe...deb3bb83256a78589fef6a7b942e5f2573ad7c13 )
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-06-04 11:09:50 +00:00
b32efe0187
disable snyk scan on forks, they won't have the necessary secret
2024-05-30 07:54:19 +02:00
2aeec14a52
Bump dawidd6/action-download-artifact from 3.0.0 to 3.1.4
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 3.0.0 to 3.1.4.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/e7466d1a7587ed14867642c2ca74b5bcc1e19a2d...09f2f74827fd3a8607589e5ad7f9398816f540fe )
---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-05-13 12:00:22 +00:00
74cc2c3c92
Merge pull request #1326 from PrivateBin/unset-platform-matrix
...
in PHP matrix tests, we don't want to constrain the platform
2024-05-13 06:58:53 +02:00
df377d9652
in PHP matrix tests, we don't want to constrain the platform
...
setting the platform allow composer to prevent upgrades to versions that would exceed the configured version, for the matrix tests we want to use the latest ones for that release
2024-05-09 19:33:50 +02:00
9df90ece78
Merge branch 'experimental-8.4' into test-improvments
2024-05-05 18:27:08 +02:00
4ff9dea9cf
ci: try fixing intendation
2024-05-05 15:10:00 +02:00
6144caae85
ci: fix test results publishing being a totally separate action
2024-05-05 15:01:47 +02:00
33df5fbd2f
Actually make tests continue on experimental builds
2024-05-04 16:02:31 +02:00
1d6a14ba14
Switch to better artifact download action
2024-05-04 13:29:58 +02:00
93f59d6456
Upload and use event file, too, for test runs
...
To support forked repos: https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
**NOTE:** Do _not_ use with `pull_request_target` as that causes issues!
2024-05-04 13:21:57 +02:00
00fca44986
Fix npm syntax
2024-05-04 13:14:25 +02:00
f92edf0026
Run mocha tests properly
2024-05-04 13:13:22 +02:00
91957838be
Add upload test results job
...
As per https://github.com/marketplace/actions/publish-test-results#use-with-matrix-strategy only one job should upload all results.
2024-05-04 13:07:53 +02:00
04822aa643
Actually make tests continue on experimental builds
2024-05-04 12:40:44 +02:00
55dec46cf4
Mark PHP v8.4 tests as experimental
...
As per this doc: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#handling-failures
Workaround for https://github.com/PrivateBin/PrivateBin/issues/1301 for now. I hope this ignores failures?
2024-05-04 12:16:37 +02:00
baf8c4a11d
tolerate test failures in the PHP development release
...
at this time, guzzle, dependency of google cloud storage library, raises deprecation warnings in PHP 8.4, which caused the tests to be considered failed
2024-05-04 08:58:20 +02:00
ad19f8cfe6
Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.10.0 to 2.0.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-04-23 11:43:14 +00:00
383dbf1c79
Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-03-21 11:46:25 +00:00
ba25ab8fa9
Bump actions/cache from 3 to 4
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-01-18 11:21:35 +00:00
03e3e4fa06
Bump github/codeql-action from 2 to 3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-12-14 11:52:46 +00:00
826444bef7
fix shasum in release pipeline, hope this fixes #1169
2023-12-09 10:50:49 +01:00
8d97569de0
enable testing on PHP 8.3 and 8.4
...
at this time both are still installed out of nightly builds, though 8.3
got released last week, see:
https://github.com/shivammathur/setup-php#tada-php-support
2023-11-26 09:54:28 +01:00
b9d74ecd35
Use Node20 for tests
...
A try following https://github.com/PrivateBin/PrivateBin/pull/1189#pullrequestreview-1695447526
2023-10-24 19:03:47 +02:00
9114ca00bf
Bump actions/setup-node from 3 to 4
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-24 11:05:40 +00:00
58f919ecdd
Bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-22 11:33:49 +00:00
ad50950b3c
Extract latest changelog entry and attach it to draft
2023-09-18 20:50:14 +02:00
73c13af10d
add workflow attaching SLSA provinence to draft release
2023-09-18 20:47:16 +02:00
db2d8f1598
Also add FAQ sectiontick box requirement for bug template
...
It's apparently not enough to have in the Q/A, best is we have it here to.
The next step would be converting that into the same form like the QA template. After all, it may mostly just be copy paste as it is nearly identical but well…
2023-09-14 00:02:01 +02:00
168fb46767
Fix error message about QA template
...
GitHub complains:
> title must be of type String and cannot be empty. Learn more about this error.
Well then… as we don't want to provide a default title (see https://github.com/PrivateBin/PrivateBin/pull/1155 ) let's remove it.
2023-09-13 23:56:35 +02:00
dependabot[bot]
El RIDO
rugk