| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
| |
Unlike LGTM, the CodeQL Action requires the custom queries to have their
own qlpack.yml file, so let's provide one.
|
|
|
|
| |
Just to make sure we didn't break anything.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.24 to 1.0.25.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/e095058bfa09de8070f94e98f5dc059531bc6235...546b30f35ae5a3db0e0be1843008c2224f71c3b0)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
| |
otherwise we end up with more than one job with the same identifier in
one run, causing some of them to get cancelled unexpectedly.
A quick follow-up to 85bd394df57fe45c2873605e2c1d1d79e83e853d.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.23 to 1.0.24.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/a627e9fa504113bfa8e90a9b429b157a38b1cdbd...e095058bfa09de8070f94e98f5dc059531bc6235)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.22 to 1.0.23.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/5581e08a65fc3811c3ac78939dd59e7a8adbf003...a627e9fa504113bfa8e90a9b429b157a38b1cdbd)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
| |
Apparently some dependencies get updated much more often
than I would have exepected.
It can always be triggered manually at https://github.com/systemd/systemd/network/dependencies
if there are any urgent updates
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.8.3 to 4.8.4.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](https://github.com/github/super-linter/compare/7d5dc989c55aaba9d3b7194a7496cdfaa4866af3...563be7dc5568017515b9e700329e9c6d3862f2b7)
---
updated-dependencies:
- dependency-name: github/super-linter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
| |
To make sure PRs like https://github.com/systemd/systemd/pull/21409
don't break anything.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.8.1 to 4.8.3.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](https://github.com/github/super-linter/compare/fd9c4286d3de3fdd9258a395570cae287f13f974...7d5dc989c55aaba9d3b7194a7496cdfaa4866af3)
---
updated-dependencies:
- dependency-name: github/super-linter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
| |
by moving the read permissions to the top level and
granting additional permissions to the specific jobs.
It should help to prevent new jobs that could be added
there eventually from having write access to resources they
most likely would never need.
|
| |
|
|
|
|
|
|
|
| |
It's a follow-up to https://github.com/systemd/systemd/pull/21316.
Judging by https://github.com/evverx/systemd/pull/36, Dependabot
supports their release cycle
|
|
|
|
|
|
|
|
|
|
| |
Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
it should be enough to grant the "read contents" permission to
most of our actions. The "read metadata" permission is set impliciclty
somewhere and can't be set via the "permissions" setting:
```
The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata'
```
|
|
|
|
| |
with https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...ec3a7ce113134d7a93b817d10a8272cb61118579)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\
| |
| | |
ci: try to fix a Dependabot error
|
| |
| |
| |
| |
| |
| |
| |
| | |
Apparently version updates aren't always disabled on old forks,
which leads to new PRs opened there. To somewhat mitigate the
issue let's limit the number of PRs Dependabot can create.
It was reported in https://github.com/yuwata/systemd/pull/2#issuecomment-967737195
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```
updater | ERROR <job_232492775> Error processing actions/checkout (RuntimeError)
updater | ERROR <job_232492775> No files changed!
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-github_actions-0.166.0/lib/dependabot/github_actions/file_updater.rb:28:in `updated_dependency_files'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:676:in `generate_dependency_files_for'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:274:in `check_and_create_pull_request'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:82:in `check_and_create_pr_with_error_handling'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `block in run'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `each'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `run'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/update_files_job.rb:17:in `perform_job'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/base_job.rb:28:in `run'
updater | ERROR <job_232492775> bin/update_files.rb:21:in `<main>`
```
|
|/
|
|
|
|
| |
To provide more coverage for the systemd-stable repo.
See: https://github.com/systemd/systemd-stable/issues/24
|
|
|
|
|
|
|
|
| |
to let Dependabot keep track of them using SHAs
codeql-actions doesn't point to SHAs because it isn't clear
whether Dependabot supports their release cycle mentioned
at https://github.com/github/codeql-action/issues/307
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turns out GHActions where `pull_request_target` is used are capable
of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
labeler doesn't check out the source code or build anything so
it's safe in its current form but to avoid surprises let's just pin
it to the latest version. It's annoying to manage dependencies like this
manually so additionally dependabot.yml is introduced to make it
easier to keep GHActions up to date more or less automatically:
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
|
|
|
|
|
|
|
| |
https://github.com/github/codeql-action
Apparently to judge from a couple of warnings I haven't seen
before it's a bit different from LGTM.
|
|
|
|
|
|
| |
Otherwise the jobs will try to cancel each other out.
Follow-up to 3884837610168e6fb69fc2d5709f6c017a30beb9.
|
|
|
|
|
|
|
| |
Let's save the environment (and reduce the number of jobs in GH Actions
queues) by cancelling old jobs on a ref update (force push).
See: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency
|
| |
|
|
|
|
|
|
| |
This reverts commit c1036042f5aa3369d771776fb6d57fac2543d80d.
Follow-up to 0ad536c16a940b4557322f3f811db73c4b374898.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit ab6df5208396b7069d5c12aa9c21b8ecdb689de1.
The image build failed during kernel RPM installation (bug in %post
scriptlet). This has been fixed in the package suse-module-tools 16.0.13
[1]. The fix is in openSUSE Tumbleweed repos so the tests can be enabled
again.
[1] https://github.com/openSUSE/suse-module-tools/pull/53
Fixes: #21019
|
|
|
|
|
|
|
| |
It is now ran on the nightly CentOS build, so that it can cover
integration tests too, and not just unit tests. It's nightly as
it considerably increases the integration test runtime, so it's
not appropriate for all PRs.
|
|
|
|
|
|
| |
Until https://github.com/systemd/systemd/issues/21019 is fixed,
there's no point in running the opensuse CI job so let's disable
it for now.
|
|
|
|
|
|
| |
ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
provided by the apt.llvm.org repositories. Let's use the system
llvm package if available in such cases to avoid that.
|
| |
|
|
|
|
|
| |
Also adjust the mention of location of mkosi files,
follow-up for d55ad7fe96eb1edf438a7a41a465723bd29d4b10.
|
|
|
|
| |
This mirros what 0aff7b7584 did for docs/.
|
|
|
|
| |
See: https://github.com/marketplace/actions/super-linter
|
| |
|
|
|
|
| |
This reverts commit 8b036b223a40fac9e53189db05d3798ec11eb475.
|
|
|
|
| |
Allows to get coverage data on coveralls.io
|
|
|
|
| |
It's slow and unaffected by compiler/flags, so no point in repeating it
|
| |
|
|
|
|
|
|
| |
It seems some of the tests break network connectivity on the host,
as the code coverage upload fails to establish a connection.
Run them in a network namespace with 'unshare -n'.
|
|
|
|
|
|
|
|
|
|
| |
\#20629 moved the mkosi configs to mkosi.default.d/ so we were building
for the host distro (Ubuntu) in each CI configuration. To fix it, we
write the distro we want to test to a mkosi.default file and mkosi
will apply the other necessary configs automatically from mkosi.default.d/<distro>
This commit also removes unnecessary CLI options that are already handled
by the config files.
|
|
|
|
| |
Also, drop clang-10 builds to conserve resources.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current pattern '#' triggers on the openSUSE kernel version that is
printed early during boot when no actual prompt is ready
> [ 0.000000] Linux version 5.12.10-1-default (geeko@buildhost) (gcc (SUSE Linux) 11.1.1 20210510 [revision 23855a176609fe8dda6abaf2b21846b4517966eb], GNU ld (GNU Binutils; openSUSE Tumbleweed) 2.36.1.20210326-4) #1 SMP Fri Jun 11 05:05:06 UTC 2021 (b92eaf7)
Instead wait for pattern that: a) should have fewer false positives, b)
still be with working on distro shells:
openSUSE (red color)
^[[1m^[[31mimage:~ #^[[m^O
arch
[root@image ~]#
debian
root@image:~#
ubuntu
root@image:~#
fedora
[root@image ~]#
|