Commit graph

134 commits

Author SHA1 Message Date
dependabot[bot] 2d0f5a0791
chore(deps): Bump docker/build-push-action from 3.1.0 to 3.1.1 (#2714)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-08 16:37:07 +02:00
dependabot[bot] 73ef30e14c
chore(deps): Bump docker/build-push-action from 3.0.0 to 3.1.0 (#2694) 2022-07-25 18:18:37 +02:00
Brennan Kinney 8a0c71bd0c
docs(fix): Update to fix regression causing broken links (#2681) 2022-07-15 10:07:45 +12:00
dependabot[bot] 2a590113fd
chore(deps): Bump myrotvorets/set-commit-status-action from 1.1.4 to 1.1.5 (#2664)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-06-28 09:03:57 +00:00
Frederic Werner ea8e293dcc
docs(deps): bump mkdocs-material to v8.3.5 (#2641)
* docs(deps): bump mkdocs-material to v8.3.4

* docs(deps): bump mkdocs-material to v8.3.5
2022-06-15 11:38:32 +12:00
Naveen 13a194466b
chore: Set permissions for GitHub actions (#2555)
* chore: Set permissions for GitHub actions

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Update docs-production-deploy.yml

* added `packages: write` permissions

this is apparently needed by GH so this repository can push new images.

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-05-11 09:51:15 +02:00
dependabot[bot] 28dfb1bd00
chore(deps): Bump docker/setup-qemu-action from 1.2.0 to 2.0.0 (#2580)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1.2.0 to 2.0.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1.2.0...v2.0.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-05-10 18:07:49 +02:00
dependabot[bot] 66949604a2
chore(deps): Bump docker/login-action from 1.14.1 to 2.0.0 (#2584)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2.0.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.14.1...v2.0.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-05-10 08:46:44 +02:00
dependabot[bot] fc454b62ba
chore(deps): Bump docker/metadata-action from 3.8.0 to 4.0.1 (#2581)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.8.0 to 4.0.1.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v3.8.0...v4.0.1)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-05-10 08:45:36 +02:00
dependabot[bot] 18f697970f
chore(deps): Bump docker/build-push-action from 2.10.0 to 3.0.0 (#2582)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.10.0 to 3.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.10.0...v3.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-05-10 08:43:00 +02:00
dependabot[bot] a7c02365ce
chore(deps): Bump docker/setup-buildx-action from 1.7.0 to 2.0.0 (#2583)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.7.0 to 2.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1.7.0...v2.0.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-10 08:32:18 +02:00
dependabot[bot] 94fff05424
chore(deps): Bump docker/setup-buildx-action from 1.6.0 to 1.7.0 (#2574)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-05-02 15:52:19 +02:00
dependabot[bot] 25678694b5
chore(deps): Bump docker/metadata-action from 3.7.0 to 3.8.0 (#2573)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.7.0 to 3.8.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v3.7.0...v3.8.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-02 15:24:58 +02:00
dependabot[bot] 3cb5668b6f
chore(deps): Bump docker/metadata-action from 3.6.2 to 3.7.0 (#2543) 2022-04-11 21:30:15 +02:00
dependabot[bot] f3fe454b43
chore(deps): Bump actions/upload-artifact from 2 to 3 (#2542) 2022-04-11 16:19:53 +02:00
dependabot[bot] 6553f627e8
chore(deps): Bump actions/stale from 4 to 5 (#2544)
Bumps [actions/stale](https://github.com/actions/stale) from 4 to 5.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-11 15:29:38 +02:00
dependabot[bot] 7c150402a0
chore(deps): Bump peterjgrainger/action-create-branch (#2528)
Bumps [peterjgrainger/action-create-branch](https://github.com/peterjgrainger/action-create-branch) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/peterjgrainger/action-create-branch/releases)
- [Commits](https://github.com/peterjgrainger/action-create-branch/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: peterjgrainger/action-create-branch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-05 10:43:58 +12:00
Frederic Werner 7655c788ee
docs(deps): bump mkdocs-material to v8.2.8 (#2516) 2022-03-31 14:21:43 +02:00
dependabot[bot] 00dffb21f0
chore(deps): Bump actions/cache from 2.1.7 to 3 (#2502) 2022-03-21 18:43:58 +01:00
dependabot[bot] 0dc80e6d13
chore(deps): Bump docker/build-push-action from 2.9.0 to 2.10.0 (#2501) 2022-03-21 15:03:38 +01:00
dependabot[bot] 542c1f4e8d
chore(deps): bump docker/login-action from 1.14.0 to 1.14.1 (#2471)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.14.0...v1.14.1)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-03-09 11:59:00 +13:00
dependabot[bot] bf7fba68bd
chore(deps): bump actions/checkout from 2 to 3 (#2470)
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>
2022-03-09 11:57:01 +13:00
dependabot[bot] 59712122ff
chore(deps): bump docker/login-action from 1.13.0 to 1.14.0 (#2442) 2022-02-28 22:17:22 +01:00
dependabot[bot] 6d6a3de47b
chore(deps): bump docker/login-action from 1.12.0 to 1.13.0 (#2427)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-02-22 08:37:44 +13:00
Frederic Werner 358df6ada2
docs(deps): bump mkdocs-material to v8.2.1 (#2422)
* docs(deps): bump mkdocs-material to v8.2.1

* feat(docs): enable mermaid integration

Configuration based on https://squidfunk.github.io/mkdocs-material/reference/diagrams/?h=mermaid#configuration

* fix: allow yaml value mapping

* chore: Adopt mkdocs-material mermaid integration support

Supported by the docs generator now, we no longer need to rely on external image generator or live editor link (both relied on large base64 encoding of mermaid markup). SVG will be rendered by docs now, although a little different style (can be fixed with custom CSS).

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-02-19 21:26:56 +01:00
dependabot[bot] 7b21db77cc
chore(deps): bump docker/build-push-action from 2.8.0 to 2.9.0 (#2399)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.8.0...v2.9.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-07 16:57:22 +01:00
dependabot[bot] b2b701a478
chore(deps): bump docker/build-push-action from 2.7.0 to 2.8.0 (#2376)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-24 20:28:14 +01:00
Frederic Werner 4f6db41d03
docs(deps): bump mkdocs-material to v8.1.7 (#2374) 2022-01-20 10:45:23 +01:00
Frederic Werner c6b6f680f5
docs(deps): bump mkdocs-material to v8.1.6 (#2368) 2022-01-12 18:10:18 +01:00
dependabot[bot] 014dddafbc
chore(deps): bump peterjgrainger/action-create-branch (#2345) 2021-12-27 21:54:10 +01:00
dependabot[bot] 6dd2c1d5d6
chore(deps): bump docker/login-action from 1.11.0 to 1.12.0 (#2346) 2021-12-27 21:27:02 +01:00
Casper d46e094280
Remove quotes to meet style guidelines (#2330)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-12-21 17:01:40 +01:00
Brennan Kinney bdb770a0aa
ci(fix): Do not trust user controlled input (#2337)
The prepare workflow runs in an untrusted context already and thus should not have anything worthwhile to exploit.

However care should still be taken to avoid interpolating expressions into shell scripts directly that is data a user can control the value of. Especially to avoid any maintainer referencing an existing workflow from copying a risky snippet unaware of different security contexts for workflows.

In this case, as per Github Documentation and referenced issue comment, the PR title is user controllable data, which if directly interpolated into the shell script being run (as it previously was), allows for injecting commands to execute.
2021-12-21 21:46:09 +13:00
dependabot[bot] ce4bc8a2bd
chore(deps): bump docker/login-action from 1.10.0 to 1.11.0 (#2335)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-20 15:57:02 +01:00
Georg Lauterbach 99cc9fec2a
Updated ShellCheck to 0.8.0 and Hadolint to 2.8.0 (#2329)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-12-19 11:56:22 +01:00
Frederic Werner 6ad9dd3063
docs(deps): bump mkdocs-material to v8.1.1 (#2324) 2021-12-14 23:10:29 +01:00
Frederic Werner 7f731ebca0
docs(deps): bump mkdocs-material to new major version 8 (#2311)
* docs(deps): bump mkdocs-material to 8.0.2

* docs(deps): bump mkdocs-material to 8.0.3

* chore: add default version of docs

* feat: add version warning

* fix: remove version warning

* docs(deps): bump mkdocs-material to 8.0.5

* added code annotation feature

We can introduce new annotation with new PRs in the future. I'd advise against overhauling all code blocks with this feature in this PR - this PR should just introduce the feature.

* docs(deps): bump mkdocs-material to 8.1.0

* fix: remove unnecessary default value

re-add if version warning gets a thing in the future. See https://github.com/docker-mailserver/docker-mailserver/pull/2311#issuecomment-991805830

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-12-13 08:43:01 +01:00
dependabot[bot] c568e09e60
chore(deps): bump docker/metadata-action from 3.6.1 to 3.6.2 (#2320)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-11 18:23:44 +01:00
dependabot[bot] e92ecd04b4
chore(deps): bump docker/metadata-action from 3.6.0 to 3.6.1 (#2314)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v3.6.0...v3.6.1)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-06 15:02:00 +01:00
dependabot[bot] 7bf1b7eea4
chore(deps): bump actions/cache from 2.1.6 to 2.1.7 (#2309)
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.6...v2.1.7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-29 13:16:43 +01:00
Georg Lauterbach c7265450cd
corrected stale message format (#2307) 2021-11-29 12:39:27 +01:00
Georg Lauterbach ae70142d8f
Housekeeping (#2302)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-11-20 10:38:40 +01:00
Georg Lauterbach 30834eb250
Revise workflow for stalled objects (#2301) 2021-11-15 21:00:25 +01:00
Casper 984acb960d
Update close_stale_issues.yml (#2300) 2021-11-15 09:03:12 +01:00
Frederic Werner a0bd2c6df9
docs(deps): bump mkdocs-material to 7.3.6 (#2287) 2021-11-05 09:03:12 +13:00
Brennan Kinney fb72f3ad52
ci(docs): Fail when build aborts from broken links (#2266)
Using `set -ex` will exit the script as soon as a non-zero exit code is returned, such as when the docker image fails building the docs due to `build --strict` catching broken links. This also removes the need for `|| exit` when changing directory.

This seems fine for a small script, but AFAIK an alternative fix is just adding `|| exit` to the end of the `docker run` command too? There appears to be advice [against adopting `-e` carelessly](http://mywiki.wooledge.org/BashFAQ/105), while others [encourage `-e`](http://redsymbol.net/articles/unofficial-bash-strict-mode/). I know that several maintainers here have preference towards `set -e` so I've kept the original PR solution.

Additionally:

- `-x` is used to improve command visibility when reviewing the workflow log output.
- `--name` isn't necessary, but was part of the original PR.
- I've chosen not to include `-o pipefail`, only because no pipes are used in this script.

* docs(fix): Fix broken links

* ci(docs): Added inline docs

Extra documentation context for maintainers to quickly grok what's going on.

* chore(docs): Minor typo fix by wernerfred

Added from their related PR by request.
2021-10-31 09:13:18 +13:00
Frederic Werner ced1a27a88
docs(deps): bump mkdocs-material to 7.3.5 (#2265) 2021-10-30 15:10:24 +13:00
dependabot[bot] 45e8a7ed80
chore(deps): bump docker/metadata-action from 3.5.0 to 3.6.0 (#2258) 2021-10-26 12:08:19 +02:00
Frederic Werner ec6cc3c032
docs(deps): bump mkdocs-material to 7.3.2 (#2244)
* docs(deps): bump mkdocs-material to 7.3.3

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-10-17 23:50:02 +13:00
Casper e4eca00b25
Run contributors workflow monthly 2021-09-30 06:49:53 +00:00