| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps
[docker/build-push-action](https://github.com/docker/build-push-action)
from 6.15.0 to 6.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.16.0</h2>
<ul>
<li>Handle no default attestations env var by <a
href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1343">docker/build-push-action#1343</a></li>
<li>Only print secret keys in build summary output by <a
href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1353">docker/build-push-action#1353</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.59.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1352">docker/build-push-action#1352</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0">https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/build-push-action/commit/14487ce63c7a62a4a324b0bfb37086795e31c6c1"><code>14487ce</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1343">#1343</a>
from crazy-max/fix-no-default-attest</li>
<li><a
href="https://github.com/docker/build-push-action/commit/0ec91264d895acf7dfe05d54d8a3cc28f95b6346"><code>0ec9126</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1366">#1366</a>
from crazy-max/pr-assign-author</li>
<li><a
href="https://github.com/docker/build-push-action/commit/b749522b90af1b517f52d8c1e67b2a965cea5eae"><code>b749522</code></a>
pr-assign-author workflow</li>
<li><a
href="https://github.com/docker/build-push-action/commit/c566248492c912e39910ac79e2f05a82260233a8"><code>c566248</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1363">#1363</a>
from crazy-max/fix-codecov</li>
<li><a
href="https://github.com/docker/build-push-action/commit/13275dd76e44afdffdd61da8b8ae8e26ee11671f"><code>13275dd</code></a>
ci: fix missing source for codecov</li>
<li><a
href="https://github.com/docker/build-push-action/commit/67dc78bbaf388b3265f7e1c880e681f4b90d5f48"><code>67dc78b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1361">#1361</a>
from mschoettle/patch-1</li>
<li><a
href="https://github.com/docker/build-push-action/commit/0760504437ba8d0d98e7d5b625560bdede11b3b5"><code>0760504</code></a>
docs: add validating build configuration example</li>
<li><a
href="https://github.com/docker/build-push-action/commit/1c198f4467ce458288d816cabd773cd574f16977"><code>1c198f4</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/build-push-action/commit/288d9e2e4a70c24711ba959b94c2209b9205347e"><code>288d9e2</code></a>
handle no default attestations env var</li>
<li><a
href="https://github.com/docker/build-push-action/commit/88844b95d8cbbb41035fa9c94e5967a33b92db78"><code>88844b9</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1353">#1353</a>
from crazy-max/summary-secret-keys</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/build-push-action/compare/471d1dc4e07e5cdedd4c2171150001c434f0b7a4...14487ce63c7a62a4a324b0bfb37086795e31c6c1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
After the [recent supply chain attack](https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup)
in `tj-actions/changed-files` and actions based on it, it's become clear
that relying on git tags to pin our dependencies is not enough (as tags
can simply be replaced). Therefore we need to switch to hashes.
Dependabot should continue to update these dependencies for us.
Best reviewed commit-by-commit. Though if CI passes, we're *probably*
fine.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 3.8.0 to 3.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>use cosign 2.4.3 and other updates by <a
href="https://github.com/cpanato"><code>@cpanato</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/182">sigstore/cosign-installer#182</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1">https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a"><code>d7d6bc7</code></a>
use cosign 2.4.3 and other updates (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/182">#182</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.8.0...v3.8.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
|
| |
As currently all docker builds are failing.
https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/
https://github.com/actions/runner-images/issues/10636
|
| |
|
|
| |
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 3.4.0 to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump actions/checkout from 4.1.1 to 4.1.2 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/157">sigstore/cosign-installer#157</a></li>
<li>use go 1.22 now by <a
href="https://github.com/bobcallaway"><code>@bobcallaway</code></a> in
<a
href="https://redirect.github.com/sigstore/cosign-installer/pull/160">sigstore/cosign-installer#160</a></li>
<li>bump default version to v2.2.4, prep for v3.5.0 release by <a
href="https://github.com/bobcallaway"><code>@bobcallaway</code></a> in
<a
href="https://redirect.github.com/sigstore/cosign-installer/pull/159">sigstore/cosign-installer#159</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0">https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/59acb6260d9c0ba8f4a2f9d9b48431a222b68e20"><code>59acb62</code></a>
bump default version to v2.2.4, prep for v3.5.0 release (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/159">#159</a>)</li>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/22be4ce325f454c874ccf89af51803efd4e85129"><code>22be4ce</code></a>
use go 1.22 now (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/160">#160</a>)</li>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/162dfdf7b9ab8be88c95b4fc982792c4c273e27a"><code>162dfdf</code></a>
Bump actions/checkout from 4.1.1 to 4.1.2 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/157">#157</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| | |
|
| |
|
| |
Signed-off-by: Gaël Goinvic <gaelg@element.io>
|
| | |
|
| |
|
|
| |
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
| |
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
| |
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
| |
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
| |
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| | |
|
| |
|
|
| |
Co-authored-by: Mo Balaa <balaa@fractalnetworks.co>
|
| |
|
|
| |
(`ghcr.io/matrix-org/synapse`). (#15281)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Bump docker/build-push-action from 3 to 4
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Changelog
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>
|
| |
|
|
| |
This reverts commit f3f303aa22b9681c21468fb0bdce1b21d1bdbd92.
|
| | |
|
| | |
|
| |
|
| |
Co-authored-by: David Robertson <davidr@element.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Bump docker/login-action from 1 to 2
Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1...v2)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Changelog
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Bump docker/build-push-action from 2 to 3
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 3.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2...v3)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Changelog
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Robertson <davidr@element.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Bump docker/setup-qemu-action from 1 to 2
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2)
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Changelog
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Robertson <davidr@element.io>
|
| |
|
|
| |
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Robertson <davidr@element.io>
|
| |
|
|
|
|
|
| |
Update the "Build docker images" GitHub Actions workflow to use
`docker/metadata-action` to generate docker image tags, instead of a
custom shell script.
Signed-off-by: Henry <97804910+henryclw@users.noreply.github.com>
|
| |
|
|
|
| |
PyNaCl's recent 1.5.0 release on PyPi includes arm64 wheels, which means our
arm64 docker images now build in a sensible amount of time, so we can skip the
amd64-only build.
|
| |
|
|
| |
I'd find it helpful to have a docker image corresponding to current develop,
without having to build my own.
|
| | |
|
|
|
it's flaky on circleCI, and having to manage multiple CI providers is painful.
|
