Commit Graph

92 Commits

Author SHA1 Message Date
Naveen
e0c04fa0d3
Set permissions for GitHub actions (#3698)
* chore: Set permissions for GitHub actions

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

* Leave comment close to code

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
2022-05-07 13:49:24 +01:00
dependabot[bot]
4a55787920
Bump stefanzweifel/git-auto-commit-action from 4.14.0 to 4.14.1 (#3677)
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.14.0 to 4.14.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1)

---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-13 10:03:22 +01:00
dependabot[bot]
39adcd5115
Bump stefanzweifel/git-auto-commit-action from 4.13.1 to 4.14.0 (#3641)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-27 14:32:36 +01:00
dependabot[bot]
59b01a3462
Bump peter-evans/create-pull-request from 3.14.0 to 4 (#3645)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3.14.0 to 4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.14.0...v4)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-23 19:55:45 +00:00
Bruno Alla
ab4a32d558
Unify compressor, gulp and custom bootstrap options (#3535) 2022-03-20 15:00:40 +00:00
dependabot[bot]
3eaeb83760
Bump actions/checkout from 2 to 3 (#3619)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bruno Alla <alla.brunoo@gmail.com>
2022-03-02 09:17:47 +00:00
dependabot[bot]
318c018276
Bump actions/setup-python from 2 to 3 (#3617)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-01 15:25:18 +00:00
dependabot[bot]
8fa66e8593
Bump peter-evans/create-pull-request from 3.13.0 to 3.14.0 (#3618)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3.13.0 to 3.14.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.13.0...v3.14.0)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-01 08:20:39 +00:00
dependabot[bot]
92e88bca2a
Bump peter-evans/create-pull-request from 3.12.1 to 3.13.0 (#3616)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-28 18:45:23 +00:00
dependabot[bot]
5646c81ea1
Bump actions/setup-node from 2 to 3 (#3614)
* Bump actions/setup-node from 2 to 3.0.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2 to 3.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2...v3.0.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Use major version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
2022-02-25 20:32:43 +00:00
Bruno Alla
7e444e6aa4
Cancel previous CI runs on successive PR pushes with GitHub actions (#3575) 2022-02-21 22:50:19 +00:00
dependabot[bot]
3512e63cf2
Bump peter-evans/create-pull-request from 3.12.0 to 3.12.1 (#3558)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-07 14:33:52 +00:00
dependabot[bot]
b2686f3fe2
Bump stefanzweifel/git-auto-commit-action from 4.13.0 to 4.13.1 (#3532)
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.13.0 to 4.13.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.0...v4.13.1)

---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-14 07:53:05 +00:00
dependabot[bot]
b3fb4f9a0f
Bump stefanzweifel/git-auto-commit-action from 4.12.0 to 4.13.0 (#3527)
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.12.0 to 4.13.0.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.12.0...v4.13.0)

---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-11 07:59:50 +00:00
Bruno Alla
a93773ac39
Use built-in pip caching from actions/setup-python in generated project (#3481) 2021-12-22 21:52:45 +00:00
Bruno Alla
2186caf11d
Speed up CI tests on macOS (#3480) 2021-12-22 08:14:00 +00:00
Bruno Alla
ce1c76e34e
Fix carriage return in .gitignore on Windows (#3456) 2021-12-16 11:07:47 +00:00
dependabot[bot]
2a1ea27ba1
Bump peter-evans/create-pull-request from 3.11.0 to 3.12.0 (#3469)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-14 08:59:56 +00:00
Bruno Alla
953ed5503d Update Issue Manager triggers 2021-12-10 19:30:41 +00:00
Bruno Alla
c4aa645094 Auto-update pre-commit hooks for template 2021-12-08 18:18:36 +00:00
Bruno Alla
5916b88097 Disable issue-manager workflow on forks 2021-12-06 12:01:31 +00:00
Bruno Alla
031f4efbd0 Simplify config for issue-manager.yml 2021-12-06 11:58:02 +00:00
Bruno Alla
4a63cecebc Disable a few workflows on forks 2021-12-06 11:50:50 +00:00
Bruno Alla
407a7d8bbc
Setup pre-commit for the template files (#3433) 2021-11-26 15:41:50 +00:00
Bruno Alla
9255ffc14e Cache python dependencies on CI 2021-11-24 16:12:24 +00:00
Bruno Alla
dfbce8afdf Don't run scheduled workflow on forks 2021-11-20 10:47:37 +00:00
Bruno Alla
6542067138 Auto-format YAML in the .github folder 2021-11-19 22:06:56 +00:00
Bruno Alla
401b4a6f23 Reference official actions using major version only 2021-11-19 21:53:51 +00:00
Bruno Alla
b0dbee3c17 Quote Python versions 2021-11-19 21:52:04 +00:00
Bruno Alla
57b7623225 Build all branches 2021-11-19 21:49:13 +00:00
Bruno Alla
183ca2088a
Switch template to calendar versioning & automate releases (#3415) 2021-11-18 09:36:42 +00:00
Bruno Alla
9f359939a9
Upgrade JS dependencies and upgrade to node 16 (#3400) 2021-11-16 20:29:43 +00:00
Bruno Alla
f8036406ce
Merge pull request #3288 from Andrew-Chen-Wang/djangoissuer
Add Django major/minor release table maker in GitHub issues
2021-11-12 18:41:35 +00:00
Bruno Alla
e7ea358496 Better job names on CI
(cherry picked from commit 4373830c705a392b411d533f0e3776c51914eb8b)
2021-11-11 19:13:34 +00:00
Bruno Alla
6f5dac8e5c Change workflow schedule 2021-11-09 12:07:25 +00:00
Bruno Alla
d42d57e949 Merge branch 'master' into djangoissuer
# Conflicts:
#	requirements.txt
2021-11-09 00:30:57 +00:00
Bruno Alla
5672b3f4c7 Merge branch 'master' into djangoissuer 2021-11-08 22:49:57 +00:00
Bruno Alla
f77906d135 Reference official GH actions by major version only 2021-11-04 14:55:32 +00:00
dependabot[bot]
06d44987f3
Bump peter-evans/create-pull-request from 3.10.1 to 3.11.0
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3.10.1 to 3.11.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.10.1...v3.11.0)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-04 05:18:08 +00:00
dependabot[bot]
78bf26c503
Bump stefanzweifel/git-auto-commit-action from 4.11.0 to 4.12.0
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.11.0 to 4.12.0.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.11.0...v4.12.0)

---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-13 05:03:48 +00:00
dependabot[bot]
af47398ddd
Bump peter-evans/create-pull-request from 3.10.0 to 3.10.1
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.10.0...v3.10.1)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-23 05:02:27 +00:00
Andrew-Chen-Wang
30e9e99296 Add create_django_issue.py script for GitHub actions cron
Signed-off-by: Andrew-Chen-Wang <acwangpython@gmail.com>
2021-07-27 05:25:05 -04:00
dependabot[bot]
bd0bba6e6c
Bump peter-evans/create-pull-request from 3.9.2 to 3.10.0
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3.9.2 to 3.10.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.9.2...v3.10.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-25 05:29:46 +00:00
dependabot[bot]
fd7e575fa8
Bump tiangolo/issue-manager from 0.3.0 to 0.4.0
Bumps [tiangolo/issue-manager](https://github.com/tiangolo/issue-manager) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/tiangolo/issue-manager/releases)
- [Commits](https://github.com/tiangolo/issue-manager/compare/0.3.0...0.4.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 06:20:08 +00:00
Fábio C. Barrionuevo da Luz
f0ab9ad2bd
Merge pull request #3171 from pydanny/dependabot/github_actions/stefanzweifel/git-auto-commit-action-4.11.0
Bump stefanzweifel/git-auto-commit-action from 4.10.0 to 4.11.0
2021-05-15 15:50:07 -03:00
Fábio C. Barrionuevo da Luz
82bf33b279
Merge pull request #3173 from pydanny/dependabot/github_actions/actions/setup-python-2.2.2
Bump actions/setup-python from 2 to 2.2.2
2021-05-15 15:49:29 -03:00
dependabot[bot]
577603c55c
Bump peter-evans/create-pull-request from 3.8.2 to 3.9.2
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3.8.2 to 3.9.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3.8.2...v3.9.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-14 05:31:45 +00:00
dependabot[bot]
05ac73b7b9
Bump actions/setup-python from 2 to 2.2.2
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 2.2.2.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v2.2.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 05:12:25 +00:00
dependabot[bot]
f75de19e26
Bump stefanzweifel/git-auto-commit-action from 4.10.0 to 4.11.0
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.10.0 to 4.11.0.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.10.0...v4.11.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 05:11:28 +00:00
dependabot[bot]
43e3eff627
Bump stefanzweifel/git-auto-commit-action from v4.9.2 to v4.10.0
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from v4.9.2 to v4.10.0.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.9.2...48d37c1ffbe4639e16d47fef924857386bc4a44a)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-13 05:53:38 +00:00