Commit graph

109 commits

Author SHA1 Message Date
dependabot[bot]
48b4c6ce5b
Bump dawidd6/action-download-artifact from 3.1.4 to 5
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 3.1.4 to 5.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](09f2f74827...deb3bb8325)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-04 11:09:50 +00:00
El RIDO
b32efe0187 disable snyk scan on forks, they won't have the necessary secret 2024-05-30 07:54:19 +02:00
dependabot[bot]
2aeec14a52
Bump dawidd6/action-download-artifact from 3.0.0 to 3.1.4
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 3.0.0 to 3.1.4.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](e7466d1a75...09f2f74827)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-13 12:00:22 +00:00
El RIDO
74cc2c3c92
Merge pull request #1326 from PrivateBin/unset-platform-matrix
in PHP matrix tests, we don't want to constrain the platform
2024-05-13 06:58:53 +02:00
El RIDO
df377d9652
in PHP matrix tests, we don't want to constrain the platform
setting the platform allow composer to prevent upgrades to versions that would exceed the configured version, for the matrix tests we want to use the latest ones for that release
2024-05-09 19:33:50 +02:00
rugk
9df90ece78
Merge branch 'experimental-8.4' into test-improvments 2024-05-05 18:27:08 +02:00
rugk
4ff9dea9cf
ci: try fixing intendation 2024-05-05 15:10:00 +02:00
rugk
6144caae85
ci: fix test results publishing being a totally separate action 2024-05-05 15:01:47 +02:00
rugk
33df5fbd2f
Actually make tests continue on experimental builds 2024-05-04 16:02:31 +02:00
rugk
1d6a14ba14
Switch to better artifact download action 2024-05-04 13:29:58 +02:00
rugk
93f59d6456
Upload and use event file, too, for test runs
To support forked repos: https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches

**NOTE:** Do _not_ use with `pull_request_target` as that causes issues!
2024-05-04 13:21:57 +02:00
rugk
00fca44986
Fix npm syntax 2024-05-04 13:14:25 +02:00
rugk
f92edf0026
Run mocha tests properly 2024-05-04 13:13:22 +02:00
rugk
91957838be
Add upload test results job
As per https://github.com/marketplace/actions/publish-test-results#use-with-matrix-strategy only one job should upload all results.
2024-05-04 13:07:53 +02:00
rugk
04822aa643
Actually make tests continue on experimental builds 2024-05-04 12:40:44 +02:00
rugk
55dec46cf4
Mark PHP v8.4 tests as experimental
As per this doc: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#handling-failures

Workaround for https://github.com/PrivateBin/PrivateBin/issues/1301 for now. I hope this ignores failures?
2024-05-04 12:16:37 +02:00
El RIDO
baf8c4a11d tolerate test failures in the PHP development release
at this time, guzzle, dependency of google cloud storage library, raises deprecation warnings in PHP 8.4, which caused the tests to be considered failed
2024-05-04 08:58:20 +02:00
dependabot[bot]
ad19f8cfe6
Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.10.0 to 2.0.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-23 11:43:14 +00:00
dependabot[bot]
383dbf1c79
Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 11:46:25 +00:00
dependabot[bot]
ba25ab8fa9
Bump actions/cache from 3 to 4
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-18 11:21:35 +00:00
dependabot[bot]
03e3e4fa06
Bump github/codeql-action from 2 to 3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-14 11:52:46 +00:00
El RIDO
826444bef7
fix shasum in release pipeline, hope this fixes #1169 2023-12-09 10:50:49 +01:00
El RIDO
8d97569de0
enable testing on PHP 8.3 and 8.4
at this time both are still installed out of nightly builds, though 8.3
got released last week, see:
https://github.com/shivammathur/setup-php#tada-php-support
2023-11-26 09:54:28 +01:00
rugk
b9d74ecd35
Use Node20 for tests
A try following https://github.com/PrivateBin/PrivateBin/pull/1189#pullrequestreview-1695447526
2023-10-24 19:03:47 +02:00
dependabot[bot]
9114ca00bf
Bump actions/setup-node from 3 to 4
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-24 11:05:40 +00:00
dependabot[bot]
58f919ecdd
Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-22 11:33:49 +00:00
El RIDO
ad50950b3c
Extract latest changelog entry and attach it to draft 2023-09-18 20:50:14 +02:00
El RIDO
73c13af10d
add workflow attaching SLSA provinence to draft release 2023-09-18 20:47:16 +02:00
dependabot[bot]
5bd2eb97e6
Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 11:13:01 +00:00
El RIDO
81ae359dfc
Delete shiftleft-analysis.yml
Development on this stopped in 2021 and apart from the (false positive) secret scan, dev suggests CodeQL replaces it, feature wise: https://github.com/ShiftLeftSecurity/sast-scan/issues/352
2023-08-17 00:00:30 +02:00
El RIDO
e83f51b547
Merge pull request #1138 from PrivateBin/dependabot/github_actions/github/codeql-action-2
Bump github/codeql-action from 1 to 2
2023-08-08 20:19:02 +02:00
dependabot[bot]
cbff1c8488
Bump github/codeql-action from 1 to 2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-08 11:13:15 +00:00
dependabot[bot]
5f71c9de10
Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-08 11:13:08 +00:00
El RIDO
4796c7ff02
Merge pull request #807 from PrivateBin/siftleft-scan
Add Shiftleft scan
2023-08-07 20:46:43 +02:00
El RIDO
ecf100551d document change, raise minimum PHP version to 7.3, remove branch refresh 2023-07-23 10:04:57 +02:00
El RIDO
34264cb7f5
Merge branch 'master' into php8 2022-10-26 08:24:41 +02:00
El RIDO
ba4878056b
misleading documentation 2022-10-26 05:51:36 +02:00
El RIDO
ae6248e27e
handle github actions deprecation warnings
see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
2022-10-26 05:48:51 +02:00
El RIDO
7b98d7381f
allow tests to be manually triggered 2022-10-26 05:30:37 +02:00
El RIDO
b890d768d1
enable use of PHP 8.2 2022-10-25 06:53:26 +02:00
El RIDO
8c2cc18b66
Merge branch 'master' into php8 2022-07-31 08:53:52 +02:00
rugk
48bb2fdf0f
Use NodeJs v16 for tests
So 14 worked, let's try 16. (Actually noticed fedora uses v16 not 14 which makes sense if you see the support time.)
2022-07-10 00:13:47 +02:00
El RIDO
b46b4300ec
Merge pull request #955 from PrivateBin/node14
chore: run tests with NodeJS 14
2022-07-09 17:45:23 +02:00
rugk
e536db9b7e
style: run tests via npm script insread of custom command
I.e. not call mocha directly but let the script defined in package.json do it's job.
2022-07-09 17:04:28 +02:00
rugk
9a476ac34d chore: switch to proper cache file now we have it, i.e. package-lock.json
as per https://github.com/actions/setup-node#caching-global-packages-data
2022-07-09 17:00:45 +02:00
rugk
79fd33d21f
chore: run tests with NodeJS 14
I expect no stuff to break or so, so let's just try to use the current recommend LTS version. (v14 will also die at some time, but Fedora e.g. still seems to use it for now by default. Likely we may upgrade soon even more.)

Ref https://nodejs.org/en/about/releases/
2022-07-09 16:57:06 +02:00
rugk
08946d1cab Use npm ci instead of npm install for tests in CI
So it uses the package-json.lock file actually.
2022-07-09 16:48:21 +02:00
El RIDO
9b132f4054
Merge pull request #941 from PrivateBin/dependabot/github_actions/actions/checkout-3
Bump actions/checkout from 2 to 3
2022-06-10 05:04:21 +02:00
El RIDO
e052dd9d83
Merge pull request #940 from PrivateBin/dependabot/github_actions/actions/cache-3
Bump actions/cache from 2 to 3
2022-06-10 05:03:19 +02:00
dependabot[bot]
b6f35fc8ab
Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-10 03:02:26 +00:00