dependabot[bot]
a99622763f
github: bump github/codeql-action from 2.2.5 to 2.2.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.5 to 2.2.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](32dc499307...16964e90ba
2023-03-13 17:43:41 +00:00
Martin von Zweigbergk
9ff422396a
github: pin version of codespell action by hash
...
The security scanner complained about this. It is what we do with all
other actions.
2023-03-10 13:00:03 -08:00
dependabot[bot]
5321201a8a
github: bump cachix/install-nix-action from 19 to 20
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 19 to 20.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](5c11eae19d...29bd9290ef
2023-03-02 00:02:57 +01:00
dependabot[bot]
f633534fc7
github: bump github/codeql-action from 2.2.4 to 2.2.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](17573ee1cc...32dc499307
2023-02-27 11:08:02 -08:00
Martin von Zweigbergk
9fc879747f
release: build Linux (musl) release using vendored OpenSSL
...
The 0.7.0 release build failed because it didn't find OpenSSL. I don't
know much about musl, but I think we added it in order to get a single
binary without dependencies, so I think vendoring is what we want.
2023-02-16 15:52:00 -08:00
dependabot[bot]
034dd3528d
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from 0a1713a447f74360b294fd86bc56dc23af3a9d3e to 52e69531e6f69a396bc9d1226284493a5db969ff.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](0a1713a447...52e69531e6
2023-02-16 08:39:18 -08:00
dependabot[bot]
2217a78df3
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from 25dc93b901a87e864900a8aec6c12e9aa794c0c3 to 0a1713a447f74360b294fd86bc56dc23af3a9d3e.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](25dc93b901...0a1713a447
2023-02-15 08:49:33 -08:00
dependabot[bot]
ebd9a94d4b
github: bump github/codeql-action from 2.2.3 to 2.2.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8775e86802...17573ee1cc
2023-02-13 22:52:07 +00:00
dependabot[bot]
e21ae8b9d0
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from c758e63728211bd4acda6501cfa2a16c5c751fc4 to 25dc93b901a87e864900a8aec6c12e9aa794c0c3.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](c758e63728...25dc93b901
2023-02-13 23:39:24 +01:00
dependabot[bot]
123d677aed
github: bump github/codeql-action from 2.2.2 to 2.2.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](39d8d7e78f...8775e86802
2023-02-09 16:32:36 +01:00
dependabot[bot]
e7c9493506
github: bump github/codeql-action from 2.2.1 to 2.2.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ebbd71c74...39d8d7e78f
2023-02-07 08:24:19 -08:00
dependabot[bot]
52ff0ae9e6
github: bump cachix/install-nix-action from 18 to 19
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 18 to 19.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](daddc62a2e...5c11eae19d
2023-02-06 15:26:46 +00:00
dependabot[bot]
bd5cbbdbaa
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from ce8f65846d7180d2ce63b1e74483d981800b9e22 to c758e63728211bd4acda6501cfa2a16c5c751fc4.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](ce8f65846d...c758e63728
2023-02-01 15:19:38 +00:00
Samuel Tardieu
615862dde8
ci: add codespell to the workflow
2023-01-28 07:23:45 -08:00
dependabot[bot]
9336a4518a
github: bump github/codeql-action from 2.1.39 to 2.2.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...3ebbd71c74
2023-01-27 08:08:43 -08:00
dependabot[bot]
efe72f714a
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from 22cb70465de2ebc761c76f91046abd5a6986040f to ce8f65846d7180d2ce63b1e74483d981800b9e22.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](22cb70465d...ce8f65846d
2023-01-23 08:32:50 -08:00
dependabot[bot]
a29b19fa9d
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from e645b0cf01249a964ec099494d38d2da0f0b349f to 22cb70465de2ebc761c76f91046abd5a6986040f.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](e645b0cf01...22cb70465d
2023-01-20 15:18:40 +00:00
dependabot[bot]
24e03e2ff5
github: bump github/codeql-action from 2.1.38 to 2.1.39
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](515828d974...a34ca99b46
2023-01-19 08:10:30 -08:00
Michael Forster
27228ce292
Update MSRV to 1.61
...
This is needed for compatibility with the sapling dag crate.
2023-01-19 10:29:39 +01:00
Martin von Zweigbergk
ff3edb642f
github: build and test all targets
...
It seems that at least examples are not included in the default set of
targets, and we clearly want to check that the examples compile, as
that's an important reason we have them. We don't have any tests for
the examples yet, but let's add the flag now so we don't forget it
later.
2023-01-18 23:03:30 -08:00
dependabot[bot]
7c1b796f3e
github: bump github/codeql-action from 2.1.37 to 2.1.38
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.37 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](959cbb7472...515828d974
2023-01-12 09:26:31 -08:00
dependabot[bot]
f2cba66029
github: bump actions/upload-artifact from 3.1.1 to 3.1.2
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](83fd05a356...0b7f8abb15
2023-01-06 07:52:03 -08:00
dependabot[bot]
6a6724fd87
github: bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
2023-01-05 15:33:10 +00:00
Martin von Zweigbergk
635f5a5cb8
build: don't use vendored OpenSSL by default
...
I added support for using a vendored OpenSSL in dbadbd68c0
2023-01-03 18:57:38 -08:00
dependabot[bot]
bb0cb7f8d1
github: bump ossf/scorecard-action from 2.1.1 to 2.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](15c10fcf1c...e38b1902ae
2022-12-22 15:15:44 +00:00
Benjamin Saunders
aaa175eca7
lib: replace protobuf crate with prost
2022-12-22 07:04:35 -08:00
dependabot[bot]
1a11679539
github: bump ossf/scorecard-action from 2.1.0 to 2.1.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](937ffa90d7...15c10fcf1c
2022-12-20 08:43:48 -08:00
dependabot[bot]
af32f0d3c3
github: bump ossf/scorecard-action from 2.0.6 to 2.1.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...937ffa90d7
2022-12-15 07:40:37 -08:00
dependabot[bot]
1f3cfcec9d
github: bump github/codeql-action from 2.1.36 to 2.1.37
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.36 to 2.1.37.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a669cc5936...959cbb7472
2022-12-14 07:35:59 -08:00
dependabot[bot]
ae981ff33a
github: bump actions/checkout from 3.1.0 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](93ea575cb5...755da8c3cf
2022-12-13 11:35:27 -08:00
Martin von Zweigbergk
b87c1cb514
github: new attempt at Dependabot auto-merge
...
This is an updated version of the workflow deleted in f5fc3c35f5https://github.com/cli/cli/issues/6695#issuecomment-1348430969 .
2022-12-13 10:39:58 -08:00
dependabot[bot]
15d40ffa54
github: bump github/codeql-action from 2.1.35 to 2.1.36
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2a92eb56d...a669cc5936
2022-12-09 11:09:59 -08:00
Martin von Zweigbergk
79d6779995
github: make Scorecard security scanner not use access token
...
Google's security team asked us to remove this use of a PAT. It's
apparently supposed to work without it, it's just that it won't be
able to check that we have bronch protection set up.
2022-12-08 14:54:28 -08:00
Martin von Zweigbergk
f5fc3c35f5
github: disable broken attempt to auto-merge Dependabot PRs again
...
Sigh, I thought it was fixed now, but it seems it's only `gh pr ready`
that works with `GITHUB_TOKEN`. This rolls back commit ee7e7e1b62
2022-12-05 14:23:43 -08:00
dependabot[bot]
9a36f1d6e3
github: bump github/codeql-action from 2.1.32 to 2.1.35
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.32 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4238421316...b2a92eb56d
2022-12-05 10:07:43 -08:00
Martin von Zweigbergk
ee7e7e1b62
github: new attempt at auto-enabling merge of Dependabot PRs
...
cli/cli#1314 is now marked fixed, so let's see if this works. This
rolls back commit 184280f8f801.
2022-12-01 19:28:39 -08:00
dependabot[bot]
d90a08676c
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from 55c7845fad90d0ae8b2e83715cb900e5e861e8cb to e645b0cf01249a964ec099494d38d2da0f0b349f.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](55c7845fad...e645b0cf01
2022-11-28 05:22:27 -10:00
dependabot[bot]
f9f4f8b520
github: bump EmbarkStudios/cargo-deny-action from 1.3.2 to 1.4.0
...
Bumps [EmbarkStudios/cargo-deny-action](https://github.com/EmbarkStudios/cargo-deny-action ) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/EmbarkStudios/cargo-deny-action/releases )
- [Commits](7257a18a9c...8a8607bd8e
2022-11-17 07:57:43 -08:00
dependabot[bot]
1c76ea198f
github: bump github/codeql-action from 2.1.31 to 2.1.32
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.31 to 2.1.32.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c3b6fce4ee...4238421316
2022-11-14 09:33:48 -08:00
dependabot[bot]
3e77fcdafa
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from ba37adf8f94a7d9affce79bd3baff1b9e3189c33 to 55c7845fad90d0ae8b2e83715cb900e5e861e8cb.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](ba37adf8f9...55c7845fad
2022-11-11 07:30:54 -08:00
dependabot[bot]
571952dac6
github: bump github/codeql-action from 2.1.30 to 2.1.31
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee
2022-11-08 07:40:08 -08:00
dependabot[bot]
e4e4fe4461
github: bump github/codeql-action from 2.1.29 to 2.1.30
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8
2022-11-02 09:33:52 -07:00
dependabot[bot]
9548b6ad49
github: bump github/codeql-action from 2.1.28 to 2.1.29
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.28 to 2.1.29.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cc7986c02b...ec3cf9c605
2022-10-26 20:44:10 -07:00
dependabot[bot]
27937e6787
github: bump actions/upload-artifact from 3.1.0 to 3.1.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](3cea537223...83fd05a356
2022-10-24 10:55:50 -07:00
dependabot[bot]
dc2237b592
github: bump ossf/scorecard-action from 2.0.4 to 2.0.6
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e363bfca00...99c53751e0
2022-10-19 16:09:53 -07:00
Martin von Zweigbergk
9f01456f84
github: move off of unmaintained actions-rs actions
2022-10-18 19:00:23 -07:00
dependabot[bot]
8789fde73f
github: bump github/codeql-action from 2.1.27 to 2.1.28
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.27 to 2.1.28.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](807578363a...cc7986c02b
2022-10-18 09:41:19 -07:00
Martin von Zweigbergk
5db47b7ae8
github: make release build create staging directory
...
I think 672f9e85cb
2022-10-17 21:43:05 -07:00
dependabot[bot]
c292cd8cff
github: bump cachix/install-nix-action from 17 to 18
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 17 to 18.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](d64e055310...daddc62a2e
2022-10-12 08:55:40 -07:00
dependabot[bot]
c1d5a90156
github: bump github/codeql-action from 2.1.26 to 2.1.27
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.26 to 2.1.27.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e0e5ded33c...807578363a
2022-10-07 09:30:19 -07:00
dependabot[bot]
02ccbaa86e
github: bump actions/checkout from 3.0.2 to 3.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](2541b1294d...93ea575cb5
2022-10-04 22:49:04 -07:00
dependabot[bot]
750878a3fd
github: bump github/codeql-action from 2.1.25 to 2.1.26
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.25 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](86f3159a69...e0e5ded33c
2022-09-30 09:09:30 -07:00
dependabot[bot]
62103baa99
github: bump ossf/scorecard-action from 2.0.3 to 2.0.4
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](865b409285...e363bfca00
2022-09-28 09:01:07 -07:00
dependabot[bot]
f425e1bd4b
github: bump github/codeql-action from 2.1.24 to 2.1.25
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.24 to 2.1.25.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](904260d7d9...86f3159a69
2022-09-23 10:10:14 -07:00
Martin von Zweigbergk
86f216541a
github: remove publish_results field in wrong place
...
When I read
https://github.com/ossf/scorecard-action#breaking-changes-in-v2 for
6d7ce74a9a
2022-09-18 00:14:39 -07:00
Martin von Zweigbergk
3c22ce11a4
github: remove stale comments indicating action versions
...
Dependabot doesn't update the comments, so they go stale very quickly.
2022-09-16 21:58:47 -07:00
dependabot[bot]
17765d08cd
github: bump github/codeql-action from 2.1.23 to 2.1.24
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.23 to 2.1.24.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6a38b7d4a1...904260d7d9
2022-09-16 16:25:37 -05:00
Martin von Zweigbergk
6d7ce74a9a
github: add new required permissions for ossf/scorecard
2022-09-16 08:53:11 -05:00
dependabot[bot]
53ccb8d59b
github: bump github/codeql-action from 2.1.22 to 2.1.23
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.22 to 2.1.23.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b398f525a5...6a38b7d4a1
2022-09-15 21:52:07 -05:00
Martin von Zweigbergk
10d24ef267
github: remove broken workflow to enable auto-merge for Dependabot
...
The workflow that was supposed to enable auto-merge for PRs from
Dependabot is failing like this:
```
Message: Resource not accessible by integration, Locations: [{Line:1 Column:72}]
```
I can't figure out why it's failing (maybe
https://github.com/cli/cli/issues/1314 ?), so let's just remove it.
2022-09-12 10:23:58 -07:00
dependabot[bot]
210528e8ae
github: bump ossf/scorecard-action from 1.1.2 to 2.0.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.2 to 2.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](ce330fde6b...865b409285
2022-09-12 09:00:26 -07:00
Martin von Zweigbergk
c7a782b0a1
github: give dependabot auto-merge action permission to update PR
...
Hopefully this is the last bit I was missing to get this to work :)
2022-09-09 12:43:56 -07:00
Martin von Zweigbergk
a33417fa35
github: pass --rebase to gh pr merge since it requires it
...
It seems that there's no way to just enable auto-merge without
specifying a merge strategy (presumably because some projects allow
several GitHub merge strategies), so I guess we'll have to live with
the strategy being duplicated between here and the project settings.
2022-09-06 16:08:24 -07:00
Martin von Zweigbergk
2ff710a131
github: enable auto-merge on Dependabot PRs
...
To merge a Dependabot PR, I have to enable auto-merge (two clicks,
including one to confim) and then review and approve it. Since our
branch protections require the PR to be approved, it seems that that
should be enough. This patch adds a GitHub action that calls runs the
GitHub CLI to do that. It is based on
https://dev.to/slashgear_/how-to-automatically-merge-dependabot-pull-requests-with-github-actions--30pe
2022-09-02 11:49:26 -07:00
dependabot[bot]
f0d7381fa6
github: bump github/codeql-action from 2.1.19 to 2.1.22
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.19 to 2.1.22.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f5d217be74...b398f525a5
2022-09-01 10:49:04 -07:00
Martin von Zweigbergk
8b049cebd1
github: remove incorrect "v" prefix in a cargo-deny-action hash
2022-08-22 20:29:35 -07:00
Augie Fackler
e0208b9e8c
workflows: pin action versions for cargo-deny checks
2022-08-22 22:33:37 -04:00
Augie Fackler
679cd4cd95
deny: run as a github action so it's tested in CI
...
I think I did this right?
2022-08-22 22:33:37 -04:00
dependabot[bot]
ef987e9049
github: bump github/codeql-action from 2.1.18 to 2.1.19
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.18 to 2.1.19.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2ca79b6fa8...f5d217be74
2022-08-19 09:02:58 -07:00
dependabot[bot]
7c90f9e18d
github: bump github/codeql-action from 2.1.17 to 2.1.18
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0c670bbf04...2ca79b6fa8
2022-08-05 18:43:38 +02:00
dependabot[bot]
514fd83663
github: bump github/codeql-action from 2.1.16 to 2.1.17
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3e7e3b32d0...0c670bbf04
2022-07-29 21:10:07 +02:00
dependabot[bot]
5b31e019cf
github: bump github/codeql-action from 2.1.15 to 2.1.16
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3f62b754e2...3e7e3b32d0
2022-07-13 08:54:19 -07:00
dependabot[bot]
40293b5f9a
github: bump github/codeql-action from 2.1.14 to 2.1.15
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](41a4ada31b...3f62b754e2
2022-06-30 12:53:45 +08:00
dependabot[bot]
54de880845
github: bump ossf/scorecard-action from 1.1.1 to 1.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](3e15ea8318...ce330fde6b
2022-06-29 06:28:31 +08:00
dependabot[bot]
784692007f
github: bump github/codeql-action from 2.1.13 to 2.1.14
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.13 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d00e8c09a3...41a4ada31b
2022-06-27 06:25:48 +08:00
dependabot[bot]
42f24521ad
github: bump github/codeql-action from 2.1.12 to 2.1.13
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.12 to 2.1.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](27ea8f8fe5...d00e8c09a3
2022-06-22 04:11:32 +07:00
dependabot[bot]
92b1ae8006
github: bump github/codeql-action from 2.1.11 to 2.1.12
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a3a6c128d7...27ea8f8fe5
2022-06-02 08:59:28 -07:00
dependabot[bot]
2905eb390b
github: bump ossf/scorecard-action from 1.1.0 to 1.1.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](5c8bc69dc8...3e15ea8318
2022-06-01 09:07:00 -07:00
dependabot[bot]
9a2502f6b0
github: bump ossf/scorecard-action from 1.0.4 to 1.1.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...5c8bc69dc8
2022-05-26 08:36:59 -07:00
Martin von Zweigbergk
ac82ad892e
github: fail CI on clippy warnings
2022-05-25 11:44:22 -07:00
dependabot[bot]
5d8f7dd0ce
github: bump actions/upload-artifact from 3.0.0 to 3.1.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6673cd052c...3cea537223
2022-05-20 09:08:59 -07:00
dependabot[bot]
cbe370fdd9
github: bump github/codeql-action from 2.1.10 to 2.1.11
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.10 to 2.1.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2f58583a1b...a3a6c128d7
2022-05-17 09:07:56 -07:00
dependabot[bot]
1e55b790eb
github: bump github/codeql-action from 2.1.9 to 2.1.10
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...2f58583a1b
2022-05-13 08:41:27 -07:00
Martin von Zweigbergk
31041ef46c
github: trigger all builds on main branch, and PR for any branch
...
The conditions for triggering Nix builds and other builds were
slightly different.
Nix builds triggered by PRs happened on PRs for any branch, not just
the `main` branch. That makes very little difference in practice
because PRs for other branches are very rare. Still, let's be
consistent. I decided to trigger the builds on PRs for any branch.
More importantly, Nix builds triggered by push were only done for
pushes to `master`, which is not what our main branch is called, so
those never happened.
2022-05-06 11:56:50 -07:00
Martin von Zweigbergk
36ae9421ad
github: don't override nixpkgs version (use the lock file's version)
...
I don't know what it was overridden here, but it meant that CI didn't
notice that the package was broken (#299 ).
2022-05-05 11:14:08 -07:00
Martin von Zweigbergk
ffc57310f6
cargo: upgrade protobuf crates to 3.0.1
...
The biggest difference in the API is that fields are now public. The
exception from that is `oneof` fields, which still require setters and
getters.
I couldn't measure any difference in performance. I didn't expect any
difference either, but it's good that it didn't seem to regress. I
timed `jj debug operation <some hash prefix>`, which will read the
whole operation log (to check that the prefix is unambiguous).
2022-05-04 17:02:11 -07:00
Martin von Zweigbergk
efa77fd024
github: run clippy on all targets (including tests and benches)
2022-05-03 15:41:03 -07:00
Martin von Zweigbergk
cce2ca06e2
github: stop running nightly clippy
...
It seems fine to wait for the clippy lints to graduate before we run
them if we can save a bit of GitHub resources.
2022-05-03 15:41:03 -07:00
dependabot[bot]
aff2293e1d
github: bump github/codeql-action from 2.1.8 to 2.1.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991
2022-04-28 08:49:42 -07:00
dependabot[bot]
6076c01d20
github: bump actions/checkout from 3.0.1 to 3.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](dcd71f6466...2541b1294d
2022-04-21 09:10:26 -07:00
Martin von Zweigbergk
5e729eced7
github: also run tests on our MSRV (1.58)
...
This patch sets up an additional CI strategy running tests on 1.58, to
make sure we don't accidentally use newer features. I've only made it
run on one platform (Linux) to avoid wasting resources. There's of
course a small risk that we start depending on platform-specific APIs
from newer versions.
2022-04-19 16:47:42 -07:00
dependabot[bot]
32a39c52e1
github: bump actions/checkout from 3.0.0 to 3.0.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a12a3943b4...dcd71f6466
2022-04-15 08:53:12 -07:00
dependabot[bot]
d9c8f49d91
github: bump github/codeql-action from 2.1.7 to 2.1.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.7 to 2.1.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0182a2c78c...1ed1437484
2022-04-08 08:46:41 -07:00
Waleed Khan
672f9e85cb
github: remove complete directory for releases
...
This directory doesn't seem to do anything.
2022-04-08 06:08:32 -07:00
dependabot[bot]
f0538a1d06
github: bump cachix/install-nix-action from 16 to 17
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 16 to 17.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](d56f3ce9be...d64e055310
2022-04-07 09:26:26 -07:00
dependabot[bot]
243836ebf3
github: bump github/codeql-action from 2.1.6 to 2.1.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28eead2408...0182a2c78c
2022-04-06 09:46:28 -07:00
dependabot[bot]
e34dfe00df
github: bump github/codeql-action from 1.1.5 to 2.1.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.5 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8834766498...28eead2408
2022-03-30 09:32:32 -07:00
Martin von Zweigbergk
b4e6fab1af
github: restrict Clippy's access again
...
It seems "checks" is the permissions it needs to be able to comment on
pull-requests.
2022-03-18 22:51:25 -07:00
dependabot[bot]
36a575ccbf
github: bump actions-rs/cargo from 1.0.1 to 1.0.3
...
Bumps [actions-rs/cargo](https://github.com/actions-rs/cargo ) from 1.0.1 to 1.0.3.
- [Release notes](https://github.com/actions-rs/cargo/releases )
- [Changelog](https://github.com/actions-rs/cargo/blob/master/CHANGELOG.md )
- [Commits](ae10961054...844f36862e
2022-03-18 08:53:12 -07:00
dependabot[bot]
bde79f7a60
github: bump actions-rs/toolchain from 1.0.6 to 1.0.7
...
Bumps [actions-rs/toolchain](https://github.com/actions-rs/toolchain ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/actions-rs/toolchain/releases )
- [Changelog](https://github.com/actions-rs/toolchain/blob/master/CHANGELOG.md )
- [Commits](b2417cde72...16499b5e05
2022-03-18 08:45:06 -07:00
Martin von Zweigbergk
53721f7d25
github: pin cachix/install-nix-action version by hash
2022-03-17 09:19:12 -07:00
Martin von Zweigbergk
23c92ccf45
github: pin actions-rs/clippy-check version by hash
2022-03-17 09:19:12 -07:00
Martin von Zweigbergk
de56053531
github: pin actions-rs/toolchain version by hash
2022-03-17 09:19:12 -07:00
Martin von Zweigbergk
d6967fd690
github: pin actions/upload-release-asset version by hash
2022-03-17 09:19:12 -07:00
Martin von Zweigbergk
13f7354cfe
github: pin actions-rs/cargo version by hash
2022-03-17 09:19:12 -07:00
Martin von Zweigbergk
b36e50c09d
github: pin actions/checkout version by hash
2022-03-17 09:19:12 -07:00
dependabot[bot]
4fab28ffc6
github: bump actions/checkout from 2 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-16 22:57:55 -07:00
dependabot[bot]
5f3877fc6b
github: bump actions/upload-release-asset from 1.0.1 to 1.0.2
...
Bumps [actions/upload-release-asset](https://github.com/actions/upload-release-asset ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/upload-release-asset/releases )
- [Commits](https://github.com/actions/upload-release-asset/compare/v1.0.1...v1.0.2 )
---
updated-dependencies:
- dependency-name: actions/upload-release-asset
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-16 21:56:45 -07:00
dependabot[bot]
3f7daa6b04
github: bump actions/upload-artifact from 2.3.1 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052c
2022-03-16 21:55:06 -07:00
dependabot[bot]
51b12ff4b4
github: bump github/codeql-action from 1.0.26 to 1.1.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.26 to 1.1.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5f53256358...8834766498
2022-03-16 21:42:18 -07:00
dependabot[bot]
d90e7b93e8
github: bump cachix/install-nix-action from 14.1 to 16
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 14.1 to 16.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](https://github.com/cachix/install-nix-action/compare/v14.1...v16 )
---
updated-dependencies:
- dependency-name: cachix/install-nix-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-16 21:41:20 -07:00
Martin von Zweigbergk
b5659ec680
github: give Clippy action full permissions
...
I've found it hard to figure out which actions need which
permissions. GitHub doesn't seem to even document what the permissions
mean. So let's just give Clippy full access.
2022-03-16 20:28:54 -07:00
Martin von Zweigbergk
af76631021
github: set top-level permissions to readonly for all workflows
...
The new code scanner is complaining that actions have permissions to
do too much. It wasn't obvious to me what permissions the jobs need,
but let's see how this works.
2022-03-16 19:59:08 -07:00
Martin von Zweigbergk
73a0f72ffa
github: new attempt at setting up automated release builds ( #73 )
...
My attempt at using rust-build/rust-build.action for release builds
(from bf21e65c5dcac93e2793https://github.com/martinvonz/jj/actions/runs/1978730621 ). I couldn't
figure out why it failed, so I decided to do the build in a more
manual way (without rust-build/rust-build.action), based on
https://github.com/gitext-rs/git-stack/blob/main/.github/workflows/post-release.yml
(thanks to @epage for the example and to @arxanas for the link). I
could simplify it a bit because I'm currently doing the releases via
the GitHub UI (epage's original triggers the release when a tag has
been pushed, IIUC). Let's hope that it works this time.
2022-03-16 11:25:59 -07:00
Martin von Zweigbergk
a8f334dc35
github: add OSSF Scorecards security scanner
...
This is a new recommendation for GitHub projects by Google employees.
2022-03-15 09:47:11 -07:00
Martin von Zweigbergk
bf21e65c5d
github: attempt to build release using rust-build/rust-build.action ( #73 )
...
I just copied from the examples on
https://github.com/rust-build/rust-build.action . Let's see if it
works.
2022-03-12 22:10:18 -08:00
Martin von Zweigbergk
32e22831fc
github: make CI check formatting
...
I've forgotten to run `rustfmt` many times (most recently in
5721436558
2022-03-07 22:16:57 -08:00
Martin von Zweigbergk
e0cd81cab4
github: use actions-rs/cargo instead of run
...
From https://github.com/actions-rs/cargo#use-cases , it sounds like
errors may be presented in a nicer way if we use `actions-rs/cargo`
instead of a simple `run`, so let's try it.
2022-03-07 22:16:57 -08:00
Martin von Zweigbergk
f112b5225c
github: use minimal profile for clippy actions
...
We should only need the `minimal` profile. Also, we already have
configured the action to use the `clippy` component, so I don't think
we need to explicitly add it with a separate `run` action.
2022-03-07 22:16:57 -08:00
Waleed Khan
38aee9f749
ci: add Clippy stable check
...
Currently, `main` has Clippy lint warnings on stable, but not on nightly.
2022-02-23 23:41:55 -08:00
Waleed Khan
b011805fc7
ci: use stable Rust for builds
...
We still use nightly Clippy to ensure that 1) it builds under nightly and 2) that we pick up any new lints.
2022-02-20 22:21:14 -08:00
Jelle Besseling
327ea5390d
Add nix check workflow
2022-02-20 21:48:51 +01:00
Martin von Zweigbergk
079b3543b5
github: set RUST_BACKTRACE when running tests
2021-06-13 22:20:09 -07:00
Martin von Zweigbergk
1941801055
github: add Clippy check to CI
2021-03-23 10:46:10 -07:00
Jun Wu
0fb59a5155
github: setup CI
...
Run tests on major platforms using GitHub actions.
2021-03-14 15:57:54 -07:00
