Martin von Zweigbergk
bf5a00a3e5
github: add reminder about adding tests
...
Thanks, GitHub Copilot, for adding this item to the checklist :)
2022-12-12 21:43:42 -08:00
Martin von Zweigbergk
7de8ac0744
github: don't ask PR authors to add themselves to the changelog
...
Most people seem to have forgotten to add themselves despite the
reminder in the PR tempalte. I (or whoever does the release) will fill
it out just before each release instead, like I did for 0.6.0. I
didn't remove the people already on the list for this release, but
I'll regenerate it for next release anyway.
2022-12-12 21:43:42 -08:00
dependabot[bot]
15d40ffa54
github: bump github/codeql-action from 2.1.35 to 2.1.36
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2a92eb56d...a669cc5936
2022-12-09 11:09:59 -08:00
Martin von Zweigbergk
79d6779995
github: make Scorecard security scanner not use access token
...
Google's security team asked us to remove this use of a PAT. It's
apparently supposed to work without it, it's just that it won't be
able to check that we have bronch protection set up.
2022-12-08 14:54:28 -08:00
Martin von Zweigbergk
f5fc3c35f5
github: disable broken attempt to auto-merge Dependabot PRs again
...
Sigh, I thought it was fixed now, but it seems it's only `gh pr ready`
that works with `GITHUB_TOKEN`. This rolls back commit ee7e7e1b62
2022-12-05 14:23:43 -08:00
dependabot[bot]
9a36f1d6e3
github: bump github/codeql-action from 2.1.32 to 2.1.35
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.32 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4238421316...b2a92eb56d
2022-12-05 10:07:43 -08:00
Martin von Zweigbergk
69f85dfd27
docs: describe how we do code reviews
2022-12-02 13:05:32 -08:00
Martin von Zweigbergk
ee7e7e1b62
github: new attempt at auto-enabling merge of Dependabot PRs
...
cli/cli#1314 is now marked fixed, so let's see if this works. This
rolls back commit 184280f8f801.
2022-12-01 19:28:39 -08:00
Martin von Zweigbergk
e6d21ed442
changelog: thank people who contributed to a release
...
Thanks, everyone! :) I'm happy to rephrase the text. I included people
in order of their first contribution in the release. I included their
full name and the GitHub username.
2022-11-28 10:17:21 -10:00
dependabot[bot]
d90a08676c
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from 55c7845fad90d0ae8b2e83715cb900e5e861e8cb to e645b0cf01249a964ec099494d38d2da0f0b349f.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](55c7845fad...e645b0cf01
2022-11-28 05:22:27 -10:00
dependabot[bot]
f9f4f8b520
github: bump EmbarkStudios/cargo-deny-action from 1.3.2 to 1.4.0
...
Bumps [EmbarkStudios/cargo-deny-action](https://github.com/EmbarkStudios/cargo-deny-action ) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/EmbarkStudios/cargo-deny-action/releases )
- [Commits](7257a18a9c...8a8607bd8e
2022-11-17 07:57:43 -08:00
dependabot[bot]
1c76ea198f
github: bump github/codeql-action from 2.1.31 to 2.1.32
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.31 to 2.1.32.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c3b6fce4ee...4238421316
2022-11-14 09:33:48 -08:00
dependabot[bot]
3e77fcdafa
github: bump dtolnay/rust-toolchain
...
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain ) from ba37adf8f94a7d9affce79bd3baff1b9e3189c33 to 55c7845fad90d0ae8b2e83715cb900e5e861e8cb.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases )
- [Commits](ba37adf8f9...55c7845fad
2022-11-11 07:30:54 -08:00
dependabot[bot]
571952dac6
github: bump github/codeql-action from 2.1.30 to 2.1.31
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee
2022-11-08 07:40:08 -08:00
dependabot[bot]
e4e4fe4461
github: bump github/codeql-action from 2.1.29 to 2.1.30
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8
2022-11-02 09:33:52 -07:00
dependabot[bot]
9548b6ad49
github: bump github/codeql-action from 2.1.28 to 2.1.29
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.28 to 2.1.29.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cc7986c02b...ec3cf9c605
2022-10-26 20:44:10 -07:00
dependabot[bot]
27937e6787
github: bump actions/upload-artifact from 3.1.0 to 3.1.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](3cea537223...83fd05a356
2022-10-24 10:55:50 -07:00
dependabot[bot]
dc2237b592
github: bump ossf/scorecard-action from 2.0.4 to 2.0.6
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e363bfca00...99c53751e0
2022-10-19 16:09:53 -07:00
Martin von Zweigbergk
9f01456f84
github: move off of unmaintained actions-rs actions
2022-10-18 19:00:23 -07:00
dependabot[bot]
8789fde73f
github: bump github/codeql-action from 2.1.27 to 2.1.28
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.27 to 2.1.28.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](807578363a...cc7986c02b
2022-10-18 09:41:19 -07:00
Martin von Zweigbergk
5db47b7ae8
github: make release build create staging directory
...
I think 672f9e85cb
2022-10-17 21:43:05 -07:00
dependabot[bot]
c292cd8cff
github: bump cachix/install-nix-action from 17 to 18
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 17 to 18.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Commits](d64e055310...daddc62a2e
2022-10-12 08:55:40 -07:00
dependabot[bot]
c1d5a90156
github: bump github/codeql-action from 2.1.26 to 2.1.27
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.26 to 2.1.27.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e0e5ded33c...807578363a
2022-10-07 09:30:19 -07:00
dependabot[bot]
02ccbaa86e
github: bump actions/checkout from 3.0.2 to 3.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](2541b1294d...93ea575cb5
2022-10-04 22:49:04 -07:00
dependabot[bot]
750878a3fd
github: bump github/codeql-action from 2.1.25 to 2.1.26
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.25 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](86f3159a69...e0e5ded33c
2022-09-30 09:09:30 -07:00
dependabot[bot]
62103baa99
github: bump ossf/scorecard-action from 2.0.3 to 2.0.4
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](865b409285...e363bfca00
2022-09-28 09:01:07 -07:00
dependabot[bot]
f425e1bd4b
github: bump github/codeql-action from 2.1.24 to 2.1.25
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.24 to 2.1.25.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](904260d7d9...86f3159a69
2022-09-23 10:10:14 -07:00
Martin von Zweigbergk
86f216541a
github: remove publish_results field in wrong place
...
When I read
https://github.com/ossf/scorecard-action#breaking-changes-in-v2 for
6d7ce74a9a
2022-09-18 00:14:39 -07:00
Martin von Zweigbergk
3c22ce11a4
github: remove stale comments indicating action versions
...
Dependabot doesn't update the comments, so they go stale very quickly.
2022-09-16 21:58:47 -07:00
dependabot[bot]
17765d08cd
github: bump github/codeql-action from 2.1.23 to 2.1.24
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.23 to 2.1.24.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6a38b7d4a1...904260d7d9
2022-09-16 16:25:37 -05:00
Martin von Zweigbergk
6d7ce74a9a
github: add new required permissions for ossf/scorecard
2022-09-16 08:53:11 -05:00
dependabot[bot]
53ccb8d59b
github: bump github/codeql-action from 2.1.22 to 2.1.23
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.22 to 2.1.23.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b398f525a5...6a38b7d4a1
2022-09-15 21:52:07 -05:00
Martin von Zweigbergk
10d24ef267
github: remove broken workflow to enable auto-merge for Dependabot
...
The workflow that was supposed to enable auto-merge for PRs from
Dependabot is failing like this:
```
Message: Resource not accessible by integration, Locations: [{Line:1 Column:72}]
```
I can't figure out why it's failing (maybe
https://github.com/cli/cli/issues/1314 ?), so let's just remove it.
2022-09-12 10:23:58 -07:00
dependabot[bot]
210528e8ae
github: bump ossf/scorecard-action from 1.1.2 to 2.0.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.2 to 2.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](ce330fde6b...865b409285
2022-09-12 09:00:26 -07:00
Martin von Zweigbergk
c7a782b0a1
github: give dependabot auto-merge action permission to update PR
...
Hopefully this is the last bit I was missing to get this to work :)
2022-09-09 12:43:56 -07:00
Martin von Zweigbergk
a33417fa35
github: pass --rebase to gh pr merge since it requires it
...
It seems that there's no way to just enable auto-merge without
specifying a merge strategy (presumably because some projects allow
several GitHub merge strategies), so I guess we'll have to live with
the strategy being duplicated between here and the project settings.
2022-09-06 16:08:24 -07:00
Martin von Zweigbergk
2ff710a131
github: enable auto-merge on Dependabot PRs
...
To merge a Dependabot PR, I have to enable auto-merge (two clicks,
including one to confim) and then review and approve it. Since our
branch protections require the PR to be approved, it seems that that
should be enough. This patch adds a GitHub action that calls runs the
GitHub CLI to do that. It is based on
https://dev.to/slashgear_/how-to-automatically-merge-dependabot-pull-requests-with-github-actions--30pe
2022-09-02 11:49:26 -07:00
dependabot[bot]
f0d7381fa6
github: bump github/codeql-action from 2.1.19 to 2.1.22
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.19 to 2.1.22.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f5d217be74...b398f525a5
2022-09-01 10:49:04 -07:00
Martin von Zweigbergk
8b049cebd1
github: remove incorrect "v" prefix in a cargo-deny-action hash
2022-08-22 20:29:35 -07:00
Augie Fackler
e0208b9e8c
workflows: pin action versions for cargo-deny checks
2022-08-22 22:33:37 -04:00
Augie Fackler
679cd4cd95
deny: run as a github action so it's tested in CI
...
I think I did this right?
2022-08-22 22:33:37 -04:00
dependabot[bot]
ef987e9049
github: bump github/codeql-action from 2.1.18 to 2.1.19
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.18 to 2.1.19.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2ca79b6fa8...f5d217be74
2022-08-19 09:02:58 -07:00
dependabot[bot]
7c90f9e18d
github: bump github/codeql-action from 2.1.17 to 2.1.18
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0c670bbf04...2ca79b6fa8
2022-08-05 18:43:38 +02:00
dependabot[bot]
514fd83663
github: bump github/codeql-action from 2.1.16 to 2.1.17
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3e7e3b32d0...0c670bbf04
2022-07-29 21:10:07 +02:00
dependabot[bot]
5b31e019cf
github: bump github/codeql-action from 2.1.15 to 2.1.16
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3f62b754e2...3e7e3b32d0
2022-07-13 08:54:19 -07:00
dependabot[bot]
40293b5f9a
github: bump github/codeql-action from 2.1.14 to 2.1.15
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](41a4ada31b...3f62b754e2
2022-06-30 12:53:45 +08:00
dependabot[bot]
54de880845
github: bump ossf/scorecard-action from 1.1.1 to 1.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](3e15ea8318...ce330fde6b
2022-06-29 06:28:31 +08:00
dependabot[bot]
784692007f
github: bump github/codeql-action from 2.1.13 to 2.1.14
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.13 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d00e8c09a3...41a4ada31b
2022-06-27 06:25:48 +08:00
dependabot[bot]
42f24521ad
github: bump github/codeql-action from 2.1.12 to 2.1.13
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.12 to 2.1.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](27ea8f8fe5...d00e8c09a3
2022-06-22 04:11:32 +07:00
Martin von Zweigbergk
39fc56dafb
github: include reminder about docs in PR template
2022-06-09 22:43:53 -07:00
