Commit graph

144 commits

Author SHA1 Message Date
Matt Corallo
95b814b751
Reduce third-party build script dependencies and reduce GITHUB_TOKEN perms in CI (#541)
* Reduce dependence on third-party build scripts in release pipeline

This removes one third-party build script from the release
pipeline for the release tar.gz, though one is still used in the
now-separate netlify deploy.

* Reduce GITHUB_TOKEN perms in actions when using 3rd party scripts

This avoids allowing third parties to arbitrarily overwrite the
repository.

* Replace PGP signing action with the bash script from the same

The PGP signing action ultimately just calls gpg with arguments
set in
https://github.com/actionhippie/gpgsign/blob/v1/overlay/usr/local/bin/entrypoint
so its rather trivial to simply take the required arguments and
put them directly in CI.

This is substantially safer than the PGP signing action used as the
action currently downloads, unverified and un-pinned, a docker
image in order to access PGP.
2022-05-26 20:17:41 +05:30
dependabot[bot]
3bd4eda789
Bump actions/upload-artifact from 3.0.0 to 3.1.0 (#578)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-24 19:40:24 +05:30
dependabot[bot]
40de64078a
Bump docker/build-push-action from 2.10.0 to 3.0.0 (#538)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.10.0 to 3.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.10.0...v3.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-20 09:59:40 +05:30
dependabot[bot]
780bd5e65a
Bump docker/metadata-action from 3.8.0 to 4.0.1 (#539)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.8.0 to 4.0.1.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v3.8.0...v4.0.1)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-20 09:59:00 +05:30
dependabot[bot]
2cd74b4ea9
Bump docker/login-action from 1.14.1 to 2.0.0 (#540)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2.0.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.14.1...v2.0.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-20 09:58:34 +05:30
dependabot[bot]
fda71166df
Bump actions/github-script from 6.0.0 to 6.1.0 (#562)
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6.0.0...v6.1.0)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-20 09:16:55 +05:30
Ajay Bura
b7c322d473 Sign release tarball with PGP key (#392) 2022-05-03 16:43:16 +05:30
dependabot[bot]
2e050c066e
Bump docker/metadata-action from 3.7.0 to 3.8.0 (#523)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.7.0 to 3.8.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v3.7.0...v3.8.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 12:36:14 +05:30
Ajay Bura
e5bb386dd2
Use SHA instead of tag for 3rd party actions (#498) 2022-05-01 13:23:42 +05:30
dependabot[bot]
416fd02069
Bump actions/checkout from 3.0.1 to 3.0.2 (#508)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-26 17:23:22 +05:30
Krishan
ec26c03d58
Run docker check when someone change the action too (#495) 2022-04-20 08:58:58 +05:30
Krishan
3b1b3387e7
Replace forked action with original one (#496)
The reason to replace is that previous action fails when pull request content is empty and Beakyn/gha-comment-pull-request@v1.0.2 fixed this.
2022-04-20 08:58:47 +05:30
dependabot[bot]
bf264d5add
Bump actions/checkout from 3.0.0 to 3.0.1 (#491)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-19 09:34:33 +05:30
dependabot[bot]
afe3f2f3f3
Bump docker/metadata-action from 3.6.2 to 3.7.0 (#487)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.6.2 to 3.7.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v3.6.2...v3.7.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-12 10:14:31 +05:30
Krishan
44ab6f181c
Fix docker check to only run on Dockerfile change (#452) 2022-03-30 18:38:52 +05:30
Krishan
3a3a830706
Reverting .yaml as some things doesn't work (#451) 2022-03-30 15:01:41 +05:30
Krishan
1a6e3e73c5
String update and file extension name consistency (#436)
* Fixes #434

* Fixes #433

* Prtially fixes #432

* Disable auto labelling of issues

* Use yaml instead of yml as recommended by yaml.org

* shortened the strings

* simplified option description
2022-03-30 13:42:52 +05:30
Krishan
05eaa8d3e0
General fix and consistency changes (#428) 2022-03-23 19:40:39 +05:30
Krishan
6e9cd02b2b
Fix workflow name (#389) 2022-03-15 17:19:18 +05:30
dependabot[bot]
d0f90af251
Bump docker/build-push-action from 2.9.0 to 2.10.0 (#388)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-15 17:16:58 +05:30
Krishan
38773e89ff
Simplify GitHub actions (#387)
* Simplify production build actions 

This merges both the netlify-prod and docker action and also automatically add tarball to releases.

* Delete docker.yaml

* Delete netlify-prod.yaml

* Cosmetic changes and add dockerhub check

* Cosmetic changes

* Fix check runs on Tuesdays only
2022-03-15 17:04:14 +05:30
dependabot[bot]
22d8d5a0b8
Bump actions/upload-artifact from 2.3.1 to 3.0.0 (#362)
* Bump actions/upload-artifact from 2.3.1 to 3

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.3.1...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Use exact version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Krishan <33421343+kfiven@users.noreply.github.com>
2022-03-08 16:42:59 +05:30
dependabot[bot]
631ed997ba
Bump actions/checkout from 2.4.0 to 3.0.0 (#363)
* Bump actions/checkout from 2.4.0 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Use exact version

* Use exact version

* Use exact version

* Use exact version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Krishan <33421343+kfiven@users.noreply.github.com>
2022-03-08 16:42:31 +05:30
dependabot[bot]
01930ab0cf
Bump docker/login-action from 1.14.0 to 1.14.1 (#364)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.14.0...v1.14.1)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-08 16:41:39 +05:30
dependabot[bot]
f5c907af33
Bump docker/login-action from 1.13.0 to 1.14.0 (#350)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-01 10:15:58 +05:30
dependabot[bot]
2eee3736df
Bump actions/github-script from 3.1.0 to 6.0.0 (#314)
* Bump actions/github-script from 3.1.0 to 6

Bumps [actions/github-script](https://github.com/actions/github-script) from 3.1.0 to 6.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3.1.0...v6)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update build-pull-request.yml

* Update deploy-pull-request.yml

* reference rest method by github.rest

this broke in v5 see https://github.com/actions/github-script#breaking-changes-in-v5

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ajay Bura <32841439+ajbura@users.noreply.github.com>
Co-authored-by: Krishan <33421343+kfiven@users.noreply.github.com>
2022-02-24 08:19:14 +05:30
dependabot[bot]
7a31f84d34
Bump docker/login-action from 1.12.0 to 1.13.0 (#325)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-22 18:44:38 +05:30
dependabot[bot]
1dccb1bb64
Bump docker/build-push-action from 2.8.0 to 2.9.0 (#308)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.8.0...v2.9.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-09 08:30:21 +05:30
Ajay Bura
e4571bf668 Remove unused deps, restore github-script to 3.1.0 2022-01-31 22:29:18 +05:30
Ajay Bura
fe7c7660d3 Use specific and latest version in actions x2 2022-01-31 10:03:31 +05:30
Ajay Bura
56de33c821 Use specific and latest version in actions 2022-01-31 09:59:36 +05:30
Krishan
c79d7957f6
Update build-pull-request.yml to use npm ci (#271) 2022-01-30 20:59:37 +05:30
Ajay Bura
8e1fe9558e Specified sha for build script
Signed-off-by: Ajay Bura <ajbura@gmail.com>
2021-11-18 18:19:04 +05:30
Ajay Bura
38c3e53ce7 Specified node version to workflows x 2
Signed-off-by: Ajay Bura <ajbura@gmail.com>
2021-11-18 18:14:49 +05:30
Ajay Bura
9627766f7d Specified node version to workflows
Signed-off-by: Ajay Bura <ajbura@gmail.com>
2021-11-18 18:11:12 +05:30
Krishan
a4b27fdeab
Fixed pull request preview deploys (#166)
* Update and rename pull-request.yml to build-pull-request.yml

* Create deploy-pull-request.yml
2021-11-14 12:54:17 +05:30
Ajay Bura
8d95fd0ca0
Update pull-request.yml 2021-10-14 10:42:07 +05:30
Ajay Bura
332e95701e
Update pull-request.yml 2021-10-14 10:34:04 +05:30
Ajay Bura
124b24ab76
Fixed deploy on PR 2021-10-14 10:28:31 +05:30
Ajay Bura
6ccd1e43bc
Update pull-request.yml 2021-10-12 15:00:09 +05:30
Ajay Bura
5c09d04912
added action for pull request previews 2021-10-11 15:22:15 +05:30
unknown
c2faa605d3 Changed prod workflows back on published 2021-09-09 19:08:29 +05:30
unknown
2e58757bc9 Build prod on master push 2021-09-05 14:19:55 +05:30
unknown
e7f4a5bd59 Added workflows for docker/netlify 2021-09-01 21:01:24 +05:30