Commit graph

134 commits

Author SHA1 Message Date
dependabot[bot]
ad19f8cfe6
Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.10.0 to 2.0.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-23 11:43:14 +00:00
dependabot[bot]
383dbf1c79
Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 11:46:25 +00:00
dependabot[bot]
ba25ab8fa9
Bump actions/cache from 3 to 4
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-18 11:21:35 +00:00
dependabot[bot]
03e3e4fa06
Bump github/codeql-action from 2 to 3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-14 11:52:46 +00:00
El RIDO
826444bef7
fix shasum in release pipeline, hope this fixes #1169 2023-12-09 10:50:49 +01:00
El RIDO
8d97569de0
enable testing on PHP 8.3 and 8.4
at this time both are still installed out of nightly builds, though 8.3
got released last week, see:
https://github.com/shivammathur/setup-php#tada-php-support
2023-11-26 09:54:28 +01:00
rugk
b9d74ecd35
Use Node20 for tests
A try following https://github.com/PrivateBin/PrivateBin/pull/1189#pullrequestreview-1695447526
2023-10-24 19:03:47 +02:00
dependabot[bot]
9114ca00bf
Bump actions/setup-node from 3 to 4
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-24 11:05:40 +00:00
dependabot[bot]
58f919ecdd
Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-22 11:33:49 +00:00
El RIDO
ad50950b3c
Extract latest changelog entry and attach it to draft 2023-09-18 20:50:14 +02:00
El RIDO
73c13af10d
add workflow attaching SLSA provinence to draft release 2023-09-18 20:47:16 +02:00
rugk
db2d8f1598
Also add FAQ sectiontick box requirement for bug template
It's apparently not enough to have in the Q/A, best is we have it here to.

The next step would be converting that into the same form like the QA template. After all, it may mostly just be copy paste as it is nearly identical but well…
2023-09-14 00:02:01 +02:00
rugk
168fb46767
Fix error message about QA template
GitHub complains:
> title must be of type String and cannot be empty. Learn more about this error.

Well then… as we don't want to provide a default title (see https://github.com/PrivateBin/PrivateBin/pull/1155) let's remove it.
2023-09-13 23:56:35 +02:00
dependabot[bot]
5bd2eb97e6
Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 11:13:01 +00:00
R4SAS
617b421d8f
Fix comment in bug report issue template 2023-09-03 19:30:32 +03:00
rugk
876a59cedc
Apprently GitHub
Apparently GitHub now adds a security policy button by default (this is new, is not it?)?
Also they have a policy report form behind that button. So reports can apparently now be made online at GitHub? (IMHO that is fine, just need to be aware of that)

As such, IMHO two buttons would be confusing, so let's remove our custom one here?
2023-08-28 18:49:27 +02:00
rugk
1470b0cb9c
QA tenplate: remove prefilled title
Let's remove that.

1. With label and A&A category we have more than enough options for filtering such requests.
2. Actually, as you can see in https://github.com/orgs/PrivateBin/discussions/1152, as it is a required field, but already filled out… we want them to write proper titles.
2023-08-24 22:14:15 +02:00
rugk
61457c46c0
doc: link FAQ in option too
The doc says MD is supported for that here, too.
2023-08-24 21:35:42 +02:00
rugk
11fd21f8a8
doc: improve wording/grammar 2023-08-24 21:32:42 +02:00
rugk
906c115a97
Make QA template more strict and helpful
1. Require to fill out STRs.
2. Add more fields for client stuff, i.e. web browser and OS.
3. Add more placeholders and descriptions to guide users.
4. Adjust the reproducibility thing to be more clear. I.e. before the result was sth. like "Issue reproducibility: Yes" - this could be confused with "Is it always reproducible? Yes", and not "It is reproducible on our test instance."
2023-08-24 21:30:25 +02:00
El RIDO
5047e6c550
Merge pull request #1149 from PrivateBin/delete-shifleft
Delete shiftleft-analysis.yml
2023-08-18 06:33:12 +02:00
R4SAS
1c42576575
[GH] update discussion q-a template (#1143) 2023-08-17 03:05:39 +03:00
El RIDO
81ae359dfc
Delete shiftleft-analysis.yml
Development on this stopped in 2021 and apart from the (false positive) secret scan, dev suggests CodeQL replaces it, feature wise: https://github.com/ShiftLeftSecurity/sast-scan/issues/352
2023-08-17 00:00:30 +02:00
El RIDO
ad35c30d45
Update q-a.yml, one more try
body[12]: options must not include booleans. Please wrap values such as 'yes', and 'true' in quotes.
2023-08-16 23:14:07 +02:00
R4SAS
7f28e8cc0c
Update discussion template
Try to fix #1143.
2023-08-16 23:21:46 +03:00
El RIDO
0e582e8934 fix syntax, standardize form attributes
radio buttons are not supported, checkboxes would allow selecting
multiple things, so dropdown it is
2023-08-11 20:53:06 +02:00
El RIDO
e89593b4fc comment fix, kudos @r4sas 2023-08-11 20:51:12 +02:00
rugk
1bb23ef9ca
Remove markdown from issue selector
Was worth a try, but apparently markdown is not supported there.
2023-08-09 23:11:35 +02:00
rugk
991ec6ca22
Fix potential syntax error in YAML
Likely that online VSCode did a stupid line wrapping here, let's see whether that works.
2023-08-09 18:19:33 +02:00
El RIDO
e83f51b547
Merge pull request #1138 from PrivateBin/dependabot/github_actions/github/codeql-action-2
Bump github/codeql-action from 1 to 2
2023-08-08 20:19:02 +02:00
dependabot[bot]
cbff1c8488
Bump github/codeql-action from 1 to 2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-08 11:13:15 +00:00
dependabot[bot]
5f71c9de10
Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-08 11:13:08 +00:00
El RIDO
4796c7ff02
Merge pull request #807 from PrivateBin/siftleft-scan
Add Shiftleft scan
2023-08-07 20:46:43 +02:00
rugk
a22b96b7fc
style: fix typo 2023-08-07 20:02:36 +02:00
rugk
204d1756c9 refactor: redirect support questions to discussions including form + more links
Discussions apparently onyl support forms see,
so I quickly used ChatGPT to convert the Markdown file into the YAMl format
and after telling the format it seems to have done that in a good eay:
https://chat.openai.com/share/99718495-28d0-4382-ab5e-6a4a733c1ccb

(maybe GitHub introduced that after end of 2021 hehe, so the LLM could not know that)
2023-08-07 17:59:07 +00:00
rugk
8deb68c2da chore: remove old issue template 2023-08-07 17:26:26 +00:00
rugk
1a37f7b865
Update and create new issue templates for better ctageorisation
[128 of 600 issues are just questions and support and this is getting out of hand IMHO](https://github.com/PrivateBin/PrivateBin/issues?q=is%3Aissue+is%3Aopen+label%3Aquestion%2Fsupport), so I thought we need to do something while of course IMHO keeping support in some sense that is vital to an open-source project.

Anyway, this here now:
* Converts the "one and only issue template" to multiple ones with the new GitHub way, see https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/
  Note this uses mostly the templates they have, modifies them to use proper headers (sorry but I don't get why they always want to use **bold text** as headers, when you have real markdown headings) and adjusts/ports the
* We could use even more elaborate issue forms, but that  was too much for me to do now and is also beta, so maybe when they have a visual editor for that or so 😉 https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#creating-issue-forms

The aim:
* is to get support requests and stuff directly sorted and tagged, so they are out the way
* is to nudge people to improve the quality of issues/reports by providing a more useful template or their use case
* is to redirect people to the appropriate resource (give me a moment)
2023-08-07 19:24:13 +02:00
El RIDO
ecf100551d document change, raise minimum PHP version to 7.3, remove branch refresh 2023-07-23 10:04:57 +02:00
El RIDO
34264cb7f5
Merge branch 'master' into php8 2022-10-26 08:24:41 +02:00
El RIDO
ba4878056b
misleading documentation 2022-10-26 05:51:36 +02:00
El RIDO
ae6248e27e
handle github actions deprecation warnings
see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
2022-10-26 05:48:51 +02:00
El RIDO
7b98d7381f
allow tests to be manually triggered 2022-10-26 05:30:37 +02:00
El RIDO
b890d768d1
enable use of PHP 8.2 2022-10-25 06:53:26 +02:00
El RIDO
8c2cc18b66
Merge branch 'master' into php8 2022-07-31 08:53:52 +02:00
rugk
48bb2fdf0f
Use NodeJs v16 for tests
So 14 worked, let's try 16. (Actually noticed fedora uses v16 not 14 which makes sense if you see the support time.)
2022-07-10 00:13:47 +02:00
El RIDO
b46b4300ec
Merge pull request #955 from PrivateBin/node14
chore: run tests with NodeJS 14
2022-07-09 17:45:23 +02:00
rugk
e536db9b7e
style: run tests via npm script insread of custom command
I.e. not call mocha directly but let the script defined in package.json do it's job.
2022-07-09 17:04:28 +02:00
rugk
9a476ac34d chore: switch to proper cache file now we have it, i.e. package-lock.json
as per https://github.com/actions/setup-node#caching-global-packages-data
2022-07-09 17:00:45 +02:00
rugk
79fd33d21f
chore: run tests with NodeJS 14
I expect no stuff to break or so, so let's just try to use the current recommend LTS version. (v14 will also die at some time, but Fedora e.g. still seems to use it for now by default. Likely we may upgrade soon even more.)

Ref https://nodejs.org/en/about/releases/
2022-07-09 16:57:06 +02:00
rugk
08946d1cab Use npm ci instead of npm install for tests in CI
So it uses the package-json.lock file actually.
2022-07-09 16:48:21 +02:00