actions/update-flake-lock
1
0
Fork 0
mirror of https://github.com/DeterminateSystems/update-flake-lock.git synced 2025-04-20 17:00:16 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
161 commits 5 branches 24 tags 18 MiB
Commit graph

64 commits

Author SHA1 Message Date
Luc Perkins
2bf08d195c
Merge 35168619ff into b0723e0fae 2024-06-28 13:32:14 +09:00
Arian van Putten
af9a980c7d Lock third-party actions 
A caller of this action can lock this action to a specific commit. However because the action itself does not lock its dependent actions to a specific commit this opens the end-user up to possible supply-chain attacks if the dependent actions rewrite their tags.

This PR changes all third party actions to be explicitly locked.

Dependabot will still work and update these hashes for you


I also suggest installing https://github.com/ossf/scorecard in this repo. It will report about these kind of issues.

Note that you should in turn have to audit all the third party deps of the actions that your action depends on. In general this is all a bit of a mess and GitHub's security model is very meh

e.g. see https://github.com/ossf/scorecard/issues/2189
 2024-06-18 09:17:15 -07:00
Luc Perkins
4e3e886d7a
Add missing env vars to inputs 2024-06-06 10:51:46 -07:00
Luc Perkins
0829421b88
Initial version of PR body rendering 2024-06-04 09:19:35 -07:00
Luc Perkins
8c5e8043f8
More test cases: 2024-06-04 08:44:31 -07:00
Luc Perkins
09b0ac8cd3
Enable supplying a commit message template 2024-06-04 08:28:12 -07:00
Luc Perkins
d3aa136776
Provide pr-body as output from step 2024-06-03 14:32:30 -07:00
Luc Perkins
f5dab0ead5
Rework input handling 2024-05-23 15:19:56 -03:00
Luc Perkins
6a1287939f
Add flake-dirs input 2024-05-23 15:16:12 -03:00
Luc Perkins
0e2a61b1f3
Add environment variable for strict mode input 2024-05-23 12:23:56 -03:00
Luc Perkins
7a7f13f9b5
Make strict mode input not required 2024-05-23 12:03:54 -03:00
Luc Perkins
7ce3b51a1d
Update detsys-ts 2024-05-22 15:40:01 -03:00
Graham Christensen
3fa85bcf4c nit: run line 2024-05-09 15:44:43 -04:00
Graham Christensen
d978837d43 Expose all inputs 2024-05-09 15:35:53 -04:00
Graham Christensen
8363f28293 Call the node action instead directly 2024-05-07 23:02:56 -04:00
Luc Perkins
dde5487502
Finish initial rework into TS 2024-04-26 11:55:19 -03:00
Luc Perkins
b1f8684b21
Update Nix shell and add envrc 2024-04-21 19:42:23 -03:00
Luc Perkins
cf6776dfd1
Add initial JS setup 2024-04-21 19:17:03 -03:00
Cole Helbling
a3ccb8f597 Update pedrolamas/handlebars-action to 2.4.0 2024-02-29 07:07:00 -08:00
Cole Helbling
56b3507bfe Update DamianReeves/write-file-action to v1.3 2024-02-28 15:06:00 -08:00
dependabot[bot]
70d01ca550 build(deps): bump pedrolamas/handlebars-action from 2.2.0 to 2.3.0 
Bumps [pedrolamas/handlebars-action](https://github.com/pedrolamas/handlebars-action) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/pedrolamas/handlebars-action/releases)
- [Commits](https://github.com/pedrolamas/handlebars-action/compare/v2.2.0...v2.3.0)

---
updated-dependencies:
- dependency-name: pedrolamas/handlebars-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-28 14:55:32 -08:00
dependabot[bot]
0631a12d9a build(deps): bump crazy-max/ghaction-import-gpg from 5 to 6 
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 5 to 6.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/v5...v6)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-28 14:54:51 -08:00
Morgan Helton
a72d3c5880 update peter-evans/create-pull-request to v6 2024-02-28 14:54:06 -08:00
Pol Dellaiera
e98d4358e3 Bump peter-evans/create-pull-request to v5 2023-10-10 13:22:51 -07:00
Graham Christensen
da2fd6f256
Update action.yml 2023-08-24 00:12:15 -04:00
xgroleau🐢
dec3bc3c9b fix: removed commented commit escaping code 2023-03-29 11:11:22 -07:00
xgroleau🐢
ad81b423ab fix: use multiline string 2023-03-29 11:11:22 -07:00
xgroleau🐢
8a88a06550 fix: pr message fix 2023-03-29 11:11:22 -07:00
xgroleau🐢
9af2d0f36a fix : replace action using deprecated node 12 2023-03-29 11:11:22 -07:00
xgroleau🐢
b55ee105d9 feat: Added nix option 
fix: nix options position

Use empty list


fix options
 2023-03-29 11:11:22 -07:00
Budiman Jojo
bc75a5b55e expose status of PR 2023-03-27 09:17:55 -07:00
Jörg Thalheim
786e5cf5a2 allow to set base branch of pull request 2023-03-27 08:43:21 -07:00
dependabot[bot]
085c3a0b6d build(deps): bump pedrolamas/handlebars-action from 2.1.0 to 2.2.0 
Bumps [pedrolamas/handlebars-action](https://github.com/pedrolamas/handlebars-action) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/pedrolamas/handlebars-action/releases)
- [Commits](https://github.com/pedrolamas/handlebars-action/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: pedrolamas/handlebars-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-06 05:55:07 -08:00
dependabot[bot]
cc83127440 build(deps): bump peter-evans/create-pull-request from 3 to 4 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v4)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-06 05:46:37 -08:00
Linus Heckemann
114dde340d
Merge pull request #57 from DeterminateSystems/dependabot/github_actions/pedrolamas/handlebars-action-2.1.0 
build(deps): bump pedrolamas/handlebars-action from 2.0.0 to 2.1.0
 2023-01-27 16:00:40 +01:00
Eric Crosson
876a472251 fix(deps): upgrade DamianReeves/write-file-action to v1.2 
https://github.com/DamianReeves/write-file-action/releases/tag/v1.2

This bumps the write-file-action from the Node.js 12 runtime to Node.js
16, avoiding a warning that Node.js 12 actions are deprecated[^1].

[^1]: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/
 2023-01-23 07:15:35 -08:00
Eric Crosson
a0c5484d59 feat: accept list of reviewers and assignees 
Pass a list of GitHub usernames through to
peter-evans/create-pull-request.

Assignees are specified with the `pr-assignees` property.
Reviewers are specified with the `pr-reviewers` property.

Both properties expect the value to be a list of GitHub usernames,
separated by either commas or newlines.
 2023-01-19 07:29:15 -08:00
Arman Bilge
913da8731c Remove stray > 2022-11-28 08:02:01 -08:00
Arman Bilge
867efeb864 Emails should be in < ... > 2022-11-28 08:02:01 -08:00
Arman Bilge
5e50e4bcfb Allow to customize git author/committer name+email 2022-11-28 08:02:01 -08:00
dependabot[bot]
766761fdfc
build(deps): bump pedrolamas/handlebars-action from 2.0.0 to 2.1.0 
Bumps [pedrolamas/handlebars-action](https://github.com/pedrolamas/handlebars-action) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/pedrolamas/handlebars-action/releases)
- [Commits](https://github.com/pedrolamas/handlebars-action/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: pedrolamas/handlebars-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-08 01:17:13 +00:00
Aaron Andersen
0ad9a55048 feat: allow specifying a path to flake.nix within the repository 2022-09-14 07:46:21 -07:00
Nicola Squartini
235f95922e chore: bump crazy-max/ghaction-import-gpg 2022-08-19 11:40:14 -07:00
Nicola Squartini
a8f58509de feat: allow using a subkey for GPG signing 2022-08-19 11:39:18 -07:00
Cole Helbling
4cf0d5d8d6 Prevent template files from being committed 2022-07-29 07:49:05 -07:00
Eduardo Robles Elvira
e23c52bb51
fixing sign-commits boolean variable conditionals 2022-07-15 12:22:17 +01:00
Eduardo Robles Elvira
96af8bfbfc
Adding documentation and support for custom pr-body 2022-07-15 11:44:21 +01:00
Eduardo Robles Elvira
1c5f270731
adding support for gpg commit signing 2022-07-15 05:40:47 +02:00
Arman Bilge
2026a4bf1a
Expose option to configure branch for PR (#36) 2022-06-22 15:44:48 -04:00
Cole Helbling
c58b7816fa Expose the number of the opened PR 2022-04-22 11:46:11 -07:00