Naveen
e0c04fa0d3
Set permissions for GitHub actions ( #3698 )
...
* chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
* Leave comment close to code
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
2022-05-07 13:49:24 +01:00
dependabot[bot]
4a55787920
Bump stefanzweifel/git-auto-commit-action from 4.14.0 to 4.14.1 ( #3677 )
...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from 4.14.0 to 4.14.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1 )
---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-13 10:03:22 +01:00
dependabot[bot]
39adcd5115
Bump stefanzweifel/git-auto-commit-action from 4.13.1 to 4.14.0 ( #3641 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-27 14:32:36 +01:00
dependabot[bot]
59b01a3462
Bump peter-evans/create-pull-request from 3.14.0 to 4 ( #3645 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 3.14.0 to 4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.14.0...v4 )
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-23 19:55:45 +00:00
Bruno Alla
ab4a32d558
Unify compressor, gulp and custom bootstrap options ( #3535 )
2022-03-20 15:00:40 +00:00
dependabot[bot]
3eaeb83760
Bump actions/checkout from 2 to 3 ( #3619 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bruno Alla <alla.brunoo@gmail.com>
2022-03-02 09:17:47 +00:00
dependabot[bot]
318c018276
Bump actions/setup-python from 2 to 3 ( #3617 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-01 15:25:18 +00:00
dependabot[bot]
8fa66e8593
Bump peter-evans/create-pull-request from 3.13.0 to 3.14.0 ( #3618 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 3.13.0 to 3.14.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.13.0...v3.14.0 )
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-01 08:20:39 +00:00
dependabot[bot]
92e88bca2a
Bump peter-evans/create-pull-request from 3.12.1 to 3.13.0 ( #3616 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-28 18:45:23 +00:00
dependabot[bot]
5646c81ea1
Bump actions/setup-node from 2 to 3 ( #3614 )
...
* Bump actions/setup-node from 2 to 3.0.0
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 2 to 3.0.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v2...v3.0.0 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Use major version
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
2022-02-25 20:32:43 +00:00
Bruno Alla
7e444e6aa4
Cancel previous CI runs on successive PR pushes with GitHub actions ( #3575 )
2022-02-21 22:50:19 +00:00
dependabot[bot]
3512e63cf2
Bump peter-evans/create-pull-request from 3.12.0 to 3.12.1 ( #3558 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-07 14:33:52 +00:00
dependabot[bot]
b2686f3fe2
Bump stefanzweifel/git-auto-commit-action from 4.13.0 to 4.13.1 ( #3532 )
...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from 4.13.0 to 4.13.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.0...v4.13.1 )
---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-14 07:53:05 +00:00
dependabot[bot]
b3fb4f9a0f
Bump stefanzweifel/git-auto-commit-action from 4.12.0 to 4.13.0 ( #3527 )
...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from 4.12.0 to 4.13.0.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.12.0...v4.13.0 )
---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-11 07:59:50 +00:00
Bruno Alla
a93773ac39
Use built-in pip caching from actions/setup-python in generated project ( #3481 )
2021-12-22 21:52:45 +00:00
Bruno Alla
2186caf11d
Speed up CI tests on macOS ( #3480 )
2021-12-22 08:14:00 +00:00
Bruno Alla
ce1c76e34e
Fix carriage return in .gitignore
on Windows ( #3456 )
2021-12-16 11:07:47 +00:00
dependabot[bot]
2a1ea27ba1
Bump peter-evans/create-pull-request from 3.11.0 to 3.12.0 ( #3469 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-14 08:59:56 +00:00
Bruno Alla
953ed5503d
Update Issue Manager triggers
2021-12-10 19:30:41 +00:00
Bruno Alla
c4aa645094
Auto-update pre-commit hooks for template
2021-12-08 18:18:36 +00:00
Bruno Alla
5916b88097
Disable issue-manager workflow on forks
2021-12-06 12:01:31 +00:00
Bruno Alla
031f4efbd0
Simplify config for issue-manager.yml
2021-12-06 11:58:02 +00:00
Bruno Alla
4a63cecebc
Disable a few workflows on forks
2021-12-06 11:50:50 +00:00
Bruno Alla
407a7d8bbc
Setup pre-commit for the template files ( #3433 )
2021-11-26 15:41:50 +00:00
Bruno Alla
9255ffc14e
Cache python dependencies on CI
2021-11-24 16:12:24 +00:00
Bruno Alla
dfbce8afdf
Don't run scheduled workflow on forks
2021-11-20 10:47:37 +00:00
Bruno Alla
6542067138
Auto-format YAML in the .github folder
2021-11-19 22:06:56 +00:00
Bruno Alla
401b4a6f23
Reference official actions using major version only
2021-11-19 21:53:51 +00:00
Bruno Alla
b0dbee3c17
Quote Python versions
2021-11-19 21:52:04 +00:00
Bruno Alla
57b7623225
Build all branches
2021-11-19 21:49:13 +00:00
Bruno Alla
183ca2088a
Switch template to calendar versioning & automate releases ( #3415 )
2021-11-18 09:36:42 +00:00
Bruno Alla
9f359939a9
Upgrade JS dependencies and upgrade to node 16 ( #3400 )
2021-11-16 20:29:43 +00:00
Bruno Alla
f8036406ce
Merge pull request #3288 from Andrew-Chen-Wang/djangoissuer
...
Add Django major/minor release table maker in GitHub issues
2021-11-12 18:41:35 +00:00
Bruno Alla
e7ea358496
Better job names on CI
...
(cherry picked from commit 4373830c705a392b411d533f0e3776c51914eb8b)
2021-11-11 19:13:34 +00:00
Bruno Alla
6f5dac8e5c
Change workflow schedule
2021-11-09 12:07:25 +00:00
Bruno Alla
d42d57e949
Merge branch 'master' into djangoissuer
...
# Conflicts:
# requirements.txt
2021-11-09 00:30:57 +00:00
Bruno Alla
5672b3f4c7
Merge branch 'master' into djangoissuer
2021-11-08 22:49:57 +00:00
Bruno Alla
f77906d135
Reference official GH actions by major version only
2021-11-04 14:55:32 +00:00
dependabot[bot]
06d44987f3
Bump peter-evans/create-pull-request from 3.10.1 to 3.11.0
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 3.10.1 to 3.11.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.10.1...v3.11.0 )
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-04 05:18:08 +00:00
dependabot[bot]
78bf26c503
Bump stefanzweifel/git-auto-commit-action from 4.11.0 to 4.12.0
...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from 4.11.0 to 4.12.0.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.11.0...v4.12.0 )
---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-09-13 05:03:48 +00:00
dependabot[bot]
af47398ddd
Bump peter-evans/create-pull-request from 3.10.0 to 3.10.1
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.10.0...v3.10.1 )
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-23 05:02:27 +00:00
Andrew-Chen-Wang
30e9e99296
Add create_django_issue.py script for GitHub actions cron
...
Signed-off-by: Andrew-Chen-Wang <acwangpython@gmail.com>
2021-07-27 05:25:05 -04:00
dependabot[bot]
bd0bba6e6c
Bump peter-evans/create-pull-request from 3.9.2 to 3.10.0
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 3.9.2 to 3.10.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.9.2...v3.10.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-25 05:29:46 +00:00
dependabot[bot]
fd7e575fa8
Bump tiangolo/issue-manager from 0.3.0 to 0.4.0
...
Bumps [tiangolo/issue-manager](https://github.com/tiangolo/issue-manager ) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/tiangolo/issue-manager/releases )
- [Commits](https://github.com/tiangolo/issue-manager/compare/0.3.0...0.4.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 06:20:08 +00:00
Fábio C. Barrionuevo da Luz
f0ab9ad2bd
Merge pull request #3171 from pydanny/dependabot/github_actions/stefanzweifel/git-auto-commit-action-4.11.0
...
Bump stefanzweifel/git-auto-commit-action from 4.10.0 to 4.11.0
2021-05-15 15:50:07 -03:00
Fábio C. Barrionuevo da Luz
82bf33b279
Merge pull request #3173 from pydanny/dependabot/github_actions/actions/setup-python-2.2.2
...
Bump actions/setup-python from 2 to 2.2.2
2021-05-15 15:49:29 -03:00
dependabot[bot]
577603c55c
Bump peter-evans/create-pull-request from 3.8.2 to 3.9.2
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 3.8.2 to 3.9.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.8.2...v3.9.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-14 05:31:45 +00:00
dependabot[bot]
05ac73b7b9
Bump actions/setup-python from 2 to 2.2.2
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 2 to 2.2.2.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](https://github.com/actions/setup-python/compare/v2...v2.2.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 05:12:25 +00:00
dependabot[bot]
f75de19e26
Bump stefanzweifel/git-auto-commit-action from 4.10.0 to 4.11.0
...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from 4.10.0 to 4.11.0.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.10.0...v4.11.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 05:11:28 +00:00
dependabot[bot]
43e3eff627
Bump stefanzweifel/git-auto-commit-action from v4.9.2 to v4.10.0
...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from v4.9.2 to v4.10.0.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.9.2...48d37c1ffbe4639e16d47fef924857386bc4a44a )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-13 05:53:38 +00:00