Commit Graph

31 Commits

Author SHA1 Message Date
Victor Engmark
4177297b14 ci: pin third party actions
For reproducibility.

Command:

```shell
for file in .github/workflows/*.y*ml; do
    npx pin-github-action --comment=' {ref}' "$file"
done
```

Then had to manually replace all the versions with accurate specifiers
(for example, "v4" → "v4.1.1" in case of `actions/checkout`).
2023-11-29 09:51:22 +01:00
dependabot[bot]
afaf639666 build(deps): bump korthout/backport-action from 2.1.0 to 2.1.1
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v2.1.0...v2.1.1)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-13 13:49:56 +01:00
dependabot[bot]
3036ac33ed build(deps): bump korthout/backport-action from 2.0.0 to 2.1.0
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-07 09:40:56 +01:00
dependabot[bot]
eea756868f
build(deps): bump korthout/backport-action from 1.3.1 to 2.0.0
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.3.1 to 2.0.0.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.3.1...v2.0.0)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 11:17:29 +00:00
dependabot[bot]
9a70b1e242 build(deps): bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-11 13:55:35 +02:00
Silvan Mosberger
6d95b1aebb workflows/backport: Fix link and reword 2023-09-06 20:12:48 +02:00
dependabot[bot]
be335749cf
build(deps): bump korthout/backport-action from 1.2.0 to 1.3.1
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.2.0 to 1.3.1.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.2.0...v1.3.1)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-12 12:00:30 +00:00
Martin Weinelt
b5f0fdc371
workflows/backport: Copy security label in backport PRs
Since v1.2.0 the backport action supports copying labels from the source
to the backport PR. This is useful for copying the security label from
the original PR to the backport PR, so relevant security updates don't
get lost.
2023-03-06 09:14:20 +00:00
dependabot[bot]
43760d9cc4 build(deps): bump korthout/backport-action from 1.1.0 to 1.2.0
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-28 18:08:44 +10:00
dependabot[bot]
08fdf29658 build(deps): bump korthout/backport-action from 1.0.1 to 1.1.0
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.0.1...v1.1.0)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-24 06:38:25 +10:00
dependabot[bot]
656548c44a build(deps): bump korthout/backport-action from 1.0.0 to 1.0.1
Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-10 06:45:05 +10:00
dependabot[bot]
8877cc2874 build(deps): bump zeebe-io/backport-action from 0.0.9 to 1.0.0
Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action) from 0.0.9 to 1.0.0.
- [Release notes](https://github.com/zeebe-io/backport-action/releases)
- [Commits](https://github.com/zeebe-io/backport-action/compare/v0.0.9...v1.0.0)

---
updated-dependencies:
- dependency-name: zeebe-io/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-03 07:31:48 +10:00
Martin Weinelt
4b36b3cd43 workflows/backport-action 0.0.8 -> 0.0.9
https://github.com/zeebe-io/backport-action/releases/tag/v0.0.9
2022-11-23 12:20:28 +01:00
Winter
6f3ce7a620 backport-action: 0.0.5 -> 0.0.8 2022-09-25 22:11:54 -04:00
Varun Sharma
2c71278a23 ci: Add GitHub token permissions for workflows
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2022-07-08 10:53:38 -07:00
Jörg Thalheim
92a720cbac ci: add warning to actions with writeable GITHUB_TOKEN
Co-authored-by: ckie <25263210+ckiee@users.noreply.github.com>
2022-03-21 08:54:42 +01:00
dependabot[bot]
3f2c2d0afa
build(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)
2022-03-02 05:13:13 +01:00
Domen Kožar
6954a396d1 Revert "build(deps): bump zeebe-io/backport-action from 0.0.5 to 0.0.6 (#140848)"
This reverts commit 50341b0cd8.

It breaks the backport action.
2021-10-31 11:42:05 -06:00
Domen Kožar
a8ac0dd944 Revert "backport-action: 0.0.6 -> 0.0.7"
This reverts commit 7e3ba3e88b.

It breaks the backport.
2021-10-31 11:42:04 -06:00
Domen Kožar
7e3ba3e88b backport-action: 0.0.6 -> 0.0.7 2021-10-29 13:30:51 -05:00
Jörg Thalheim
50341b0cd8
build(deps): bump zeebe-io/backport-action from 0.0.5 to 0.0.6 (#140848)
* build(deps): bump zeebe-io/backport-action from 0.0.5 to 0.0.6

Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action) from 0.0.5 to 0.0.6.
- [Release notes](https://github.com/zeebe-io/backport-action/releases)
- [Commits](https://github.com/zeebe-io/backport-action/compare/v0.0.5...v0.0.6)

---
updated-dependencies:
- dependency-name: zeebe-io/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update .github/workflows/backport.yml

* Update .github/workflows/backport.yml

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Domen Kožar <domen@enlambda.com>
2021-10-28 20:22:14 +01:00
Jörg Thalheim
2f9cf506dd
build(deps): bump zeebe-io/backport-action (#131466)
* build(deps): bump zeebe-io/backport-action

Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action) from 2b994724142df0774855690db56bc6308fb99ffa to 0.0.5. This release includes the previously tagged commit.
- [Release notes](https://github.com/zeebe-io/backport-action/releases)
- [Commits](2b99472414...e5d4d7c39c)

---
updated-dependencies:
- dependency-name: zeebe-io/backport-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: zowoq <59103226+zowoq@users.noreply.github.com>
2021-07-25 19:22:26 +01:00
Niklas Hambüchen
3c29ced243 CONTRIBUTING.md: Move to repo root, where it is more visible.
We found that many users found it difficult to locate this document.

Github supports it in the root, see:
https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors
2021-06-26 04:51:38 +02:00
Niklas Hambüchen
f93aa9b94b backporting action: Link to backporting criteria.
Automation tools should instruct their users clearly what tasks are still on the user.

Updates the bot's version to get the `pull_description` feature:
https://github.com/zeebe-io/backport-action/pull/64
2021-06-26 04:51:11 +02:00
Domen Kožar
527686e761
backport action: run only when the label starts with 'backport' 2021-06-14 13:41:10 +02:00
Domen Kožar
9a80dbab1f
backport: trigger also if label is set after the merge 2021-05-28 16:36:02 +02:00
Domen Kožar
95fa2dda18
backport: set correct permissions 2021-05-28 16:35:13 +02:00
Domen Kožar
b26fc090cb
backport action: comment to keep pin in sync 2021-05-25 09:44:35 +02:00
Domen Kožar
68e65592e3
Update .github/workflows/backport.yml
Co-authored-by: zowoq <59103226+zowoq@users.noreply.github.com>
2021-05-25 09:41:07 +02:00
Domen Kožar
fb3da87aa3
Update .github/workflows/backport.yml
Co-authored-by: zowoq <59103226+zowoq@users.noreply.github.com>
2021-05-25 07:14:12 +02:00
Domen Kožar
031ea8124c
Add backporting action
If "backport <branch>" label is applied to a PR,
once the PR is merged, github-actions bot will create another PR targeting
<branch> and cherry-picking commits.
2021-05-24 17:54:29 +02:00