system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 18:24:38 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
70998 commits 5 branches 385 tags 506 MiB
Commit graph

7 commits

Author SHA1 Message Date
Evgeny Vereshchagin e46c743a57 ci: update GHActions once a month 
Apparently some actions like CodeQL are released a few times a week so let's
just update them once a month in one fell swoop.
 2022-01-29 19:26:14 +00:00
Evgeny Vereshchagin 81f84a2c0b ci: use CFLite to test forks (including systemd-stable) 
It's like CIFuzz but unlike CIFuzz it's compatible with forks and
it should make it possible to run the fuzzers to make sure that
patches backported to them are backported correctly without introducing
new bugs and regressions.
 2022-01-29 18:37:17 +00:00
Evgeny Vereshchagin 4997d1b965 ci: pin python dependencies and let Dependabot keep track of them 2021-12-07 09:08:26 +00:00
Evgeny Vereshchagin 0da6973c17 ci: switch to weekly dependabot updates 
Apparently some dependencies get updated much more often
than I would have exepected.

It can always be triggered manually at https://github.com/systemd/systemd/network/dependencies
if there are any urgent updates
 2021-11-17 12:16:57 +00:00
Evgeny Vereshchagin b3a1fb795a ci: LGPLv2+ify dependapot config and codeql action 2021-11-14 09:48:22 +00:00
Evgeny Vereshchagin 38ac3ab10a ci: allow Dependabot to open up to 2 PRs 
Apparently version updates aren't always disabled on old forks,
which leads to new PRs opened there. To somewhat mitigate the
issue let's limit the number of PRs Dependabot can create.

It was reported in https://github.com/yuwata/systemd/pull/2#issuecomment-967737195
 2021-11-11 17:20:30 +00:00
Evgeny Vereshchagin 5570313421 ci: pin labeler 
Turns out GHActions where `pull_request_target` is used are capable
of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

labeler doesn't check out the source code or build anything so
it's safe in its current form but to avoid surprises let's just pin
it to the latest version. It's annoying to manage dependencies like this
manually so additionally dependabot.yml is introduced to make it
easier to keep GHActions up to date more or less automatically:
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
 2021-11-11 10:19:06 +00:00