dependabot[bot]
ad19f8cfe6
Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.10.0 to 2.0.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-23 11:43:14 +00:00
dependabot[bot]
383dbf1c79
Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 11:46:25 +00:00
dependabot[bot]
ba25ab8fa9
Bump actions/cache from 3 to 4
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-18 11:21:35 +00:00
dependabot[bot]
03e3e4fa06
Bump github/codeql-action from 2 to 3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-14 11:52:46 +00:00
El RIDO
826444bef7
fix shasum in release pipeline, hope this fixes #1169
2023-12-09 10:50:49 +01:00
El RIDO
8d97569de0
enable testing on PHP 8.3 and 8.4
...
at this time both are still installed out of nightly builds, though 8.3
got released last week, see:
https://github.com/shivammathur/setup-php#tada-php-support
2023-11-26 09:54:28 +01:00
rugk
b9d74ecd35
Use Node20 for tests
...
A try following https://github.com/PrivateBin/PrivateBin/pull/1189#pullrequestreview-1695447526
2023-10-24 19:03:47 +02:00
dependabot[bot]
9114ca00bf
Bump actions/setup-node from 3 to 4
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-24 11:05:40 +00:00
dependabot[bot]
58f919ecdd
Bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-22 11:33:49 +00:00
El RIDO
ad50950b3c
Extract latest changelog entry and attach it to draft
2023-09-18 20:50:14 +02:00
El RIDO
73c13af10d
add workflow attaching SLSA provinence to draft release
2023-09-18 20:47:16 +02:00
rugk
db2d8f1598
Also add FAQ sectiontick box requirement for bug template
...
It's apparently not enough to have in the Q/A, best is we have it here to.
The next step would be converting that into the same form like the QA template. After all, it may mostly just be copy paste as it is nearly identical but well…
2023-09-14 00:02:01 +02:00
rugk
168fb46767
Fix error message about QA template
...
GitHub complains:
> title must be of type String and cannot be empty. Learn more about this error.
Well then… as we don't want to provide a default title (see https://github.com/PrivateBin/PrivateBin/pull/1155 ) let's remove it.
2023-09-13 23:56:35 +02:00
dependabot[bot]
5bd2eb97e6
Bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 11:13:01 +00:00
R4SAS
617b421d8f
Fix comment in bug report issue template
2023-09-03 19:30:32 +03:00
rugk
876a59cedc
Apprently GitHub
...
Apparently GitHub now adds a security policy button by default (this is new, is not it?)?
Also they have a policy report form behind that button. So reports can apparently now be made online at GitHub? (IMHO that is fine, just need to be aware of that)
As such, IMHO two buttons would be confusing, so let's remove our custom one here?
2023-08-28 18:49:27 +02:00
rugk
1470b0cb9c
QA tenplate: remove prefilled title
...
Let's remove that.
1. With label and A&A category we have more than enough options for filtering such requests.
2. Actually, as you can see in https://github.com/orgs/PrivateBin/discussions/1152 , as it is a required field, but already filled out… we want them to write proper titles.
2023-08-24 22:14:15 +02:00
rugk
61457c46c0
doc: link FAQ in option too
...
The doc says MD is supported for that here, too.
2023-08-24 21:35:42 +02:00
rugk
11fd21f8a8
doc: improve wording/grammar
2023-08-24 21:32:42 +02:00
rugk
906c115a97
Make QA template more strict and helpful
...
1. Require to fill out STRs.
2. Add more fields for client stuff, i.e. web browser and OS.
3. Add more placeholders and descriptions to guide users.
4. Adjust the reproducibility thing to be more clear. I.e. before the result was sth. like "Issue reproducibility: Yes" - this could be confused with "Is it always reproducible? Yes", and not "It is reproducible on our test instance."
2023-08-24 21:30:25 +02:00
El RIDO
5047e6c550
Merge pull request #1149 from PrivateBin/delete-shifleft
...
Delete shiftleft-analysis.yml
2023-08-18 06:33:12 +02:00
R4SAS
1c42576575
[GH] update discussion q-a template ( #1143 )
2023-08-17 03:05:39 +03:00
El RIDO
81ae359dfc
Delete shiftleft-analysis.yml
...
Development on this stopped in 2021 and apart from the (false positive) secret scan, dev suggests CodeQL replaces it, feature wise: https://github.com/ShiftLeftSecurity/sast-scan/issues/352
2023-08-17 00:00:30 +02:00
El RIDO
ad35c30d45
Update q-a.yml, one more try
...
body[12]: options must not include booleans. Please wrap values such as 'yes', and 'true' in quotes.
2023-08-16 23:14:07 +02:00
R4SAS
7f28e8cc0c
Update discussion template
...
Try to fix #1143 .
2023-08-16 23:21:46 +03:00
El RIDO
0e582e8934
fix syntax, standardize form attributes
...
radio buttons are not supported, checkboxes would allow selecting
multiple things, so dropdown it is
2023-08-11 20:53:06 +02:00
El RIDO
e89593b4fc
comment fix, kudos @r4sas
2023-08-11 20:51:12 +02:00
rugk
1bb23ef9ca
Remove markdown from issue selector
...
Was worth a try, but apparently markdown is not supported there.
2023-08-09 23:11:35 +02:00
rugk
991ec6ca22
Fix potential syntax error in YAML
...
Likely that online VSCode did a stupid line wrapping here, let's see whether that works.
2023-08-09 18:19:33 +02:00
El RIDO
e83f51b547
Merge pull request #1138 from PrivateBin/dependabot/github_actions/github/codeql-action-2
...
Bump github/codeql-action from 1 to 2
2023-08-08 20:19:02 +02:00
dependabot[bot]
cbff1c8488
Bump github/codeql-action from 1 to 2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-08 11:13:15 +00:00
dependabot[bot]
5f71c9de10
Bump actions/checkout from 2 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-08 11:13:08 +00:00
El RIDO
4796c7ff02
Merge pull request #807 from PrivateBin/siftleft-scan
...
Add Shiftleft scan
2023-08-07 20:46:43 +02:00
rugk
a22b96b7fc
style: fix typo
2023-08-07 20:02:36 +02:00
rugk
204d1756c9
refactor: redirect support questions to discussions including form + more links
...
Discussions apparently onyl support forms see,
so I quickly used ChatGPT to convert the Markdown file into the YAMl format
and after telling the format it seems to have done that in a good eay:
https://chat.openai.com/share/99718495-28d0-4382-ab5e-6a4a733c1ccb
(maybe GitHub introduced that after end of 2021 hehe, so the LLM could not know that)
2023-08-07 17:59:07 +00:00
rugk
8deb68c2da
chore: remove old issue template
2023-08-07 17:26:26 +00:00
rugk
1a37f7b865
Update and create new issue templates for better ctageorisation
...
[128 of 600 issues are just questions and support and this is getting out of hand IMHO](https://github.com/PrivateBin/PrivateBin/issues?q=is%3Aissue+is%3Aopen+label%3Aquestion%2Fsupport ), so I thought we need to do something while of course IMHO keeping support in some sense that is vital to an open-source project.
Anyway, this here now:
* Converts the "one and only issue template" to multiple ones with the new GitHub way, see https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/
Note this uses mostly the templates they have, modifies them to use proper headers (sorry but I don't get why they always want to use **bold text** as headers, when you have real markdown headings) and adjusts/ports the
* We could use even more elaborate issue forms, but that was too much for me to do now and is also beta, so maybe when they have a visual editor for that or so 😉 https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#creating-issue-forms
The aim:
* is to get support requests and stuff directly sorted and tagged, so they are out the way
* is to nudge people to improve the quality of issues/reports by providing a more useful template or their use case
* is to redirect people to the appropriate resource (give me a moment)
2023-08-07 19:24:13 +02:00
El RIDO
ecf100551d
document change, raise minimum PHP version to 7.3, remove branch refresh
2023-07-23 10:04:57 +02:00
El RIDO
34264cb7f5
Merge branch 'master' into php8
2022-10-26 08:24:41 +02:00
El RIDO
ba4878056b
misleading documentation
2022-10-26 05:51:36 +02:00
El RIDO
ae6248e27e
handle github actions deprecation warnings
...
see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
2022-10-26 05:48:51 +02:00
El RIDO
7b98d7381f
allow tests to be manually triggered
2022-10-26 05:30:37 +02:00
El RIDO
b890d768d1
enable use of PHP 8.2
2022-10-25 06:53:26 +02:00
El RIDO
8c2cc18b66
Merge branch 'master' into php8
2022-07-31 08:53:52 +02:00
rugk
48bb2fdf0f
Use NodeJs v16 for tests
...
So 14 worked, let's try 16. (Actually noticed fedora uses v16 not 14 which makes sense if you see the support time.)
2022-07-10 00:13:47 +02:00
El RIDO
b46b4300ec
Merge pull request #955 from PrivateBin/node14
...
chore: run tests with NodeJS 14
2022-07-09 17:45:23 +02:00
rugk
e536db9b7e
style: run tests via npm script insread of custom command
...
I.e. not call mocha directly but let the script defined in package.json do it's job.
2022-07-09 17:04:28 +02:00
rugk
9a476ac34d
chore: switch to proper cache file now we have it, i.e. package-lock.json
...
as per https://github.com/actions/setup-node#caching-global-packages-data
2022-07-09 17:00:45 +02:00
rugk
79fd33d21f
chore: run tests with NodeJS 14
...
I expect no stuff to break or so, so let's just try to use the current recommend LTS version. (v14 will also die at some time, but Fedora e.g. still seems to use it for now by default. Likely we may upgrade soon even more.)
Ref https://nodejs.org/en/about/releases/
2022-07-09 16:57:06 +02:00
rugk
08946d1cab
Use npm ci instead of npm install for tests in CI
...
So it uses the package-json.lock file actually.
2022-07-09 16:48:21 +02:00