Evgeny Vereshchagin
e46c743a57
ci: update GHActions once a month
...
Apparently some actions like CodeQL are released a few times a week so let's
just update them once a month in one fell swoop.
2022-01-29 19:26:14 +00:00
Evgeny Vereshchagin
81f84a2c0b
ci: use CFLite to test forks (including systemd-stable)
...
It's like CIFuzz but unlike CIFuzz it's compatible with forks and
it should make it possible to run the fuzzers to make sure that
patches backported to them are backported correctly without introducing
new bugs and regressions.
2022-01-29 18:37:17 +00:00
Evgeny Vereshchagin
4997d1b965
ci: pin python dependencies and let Dependabot keep track of them
2021-12-07 09:08:26 +00:00
Evgeny Vereshchagin
0da6973c17
ci: switch to weekly dependabot updates
...
Apparently some dependencies get updated much more often
than I would have exepected.
It can always be triggered manually at https://github.com/systemd/systemd/network/dependencies
if there are any urgent updates
2021-11-17 12:16:57 +00:00
Evgeny Vereshchagin
b3a1fb795a
ci: LGPLv2+ify dependapot config and codeql action
2021-11-14 09:48:22 +00:00
Evgeny Vereshchagin
38ac3ab10a
ci: allow Dependabot to open up to 2 PRs
...
Apparently version updates aren't always disabled on old forks,
which leads to new PRs opened there. To somewhat mitigate the
issue let's limit the number of PRs Dependabot can create.
It was reported in https://github.com/yuwata/systemd/pull/2#issuecomment-967737195
2021-11-11 17:20:30 +00:00
Evgeny Vereshchagin
5570313421
ci: pin labeler
...
Turns out GHActions where `pull_request_target` is used are capable
of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
labeler doesn't check out the source code or build anything so
it's safe in its current form but to avoid surprises let's just pin
it to the latest version. It's annoying to manage dependencies like this
manually so additionally dependabot.yml is introduced to make it
easier to keep GHActions up to date more or less automatically:
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
2021-11-11 10:19:06 +00:00