Cole Mickens
1360662aa3
action.yml: expose pull-request-url from create-pr action
2024-11-08 11:34:36 -08:00
Arian van Putten
af9a980c7d
Lock third-party actions
...
A caller of this action can lock this action to a specific commit. However because the action itself does not lock its dependent actions to a specific commit this opens the end-user up to possible supply-chain attacks if the dependent actions rewrite their tags.
This PR changes all third party actions to be explicitly locked.
Dependabot will still work and update these hashes for you
I also suggest installing https://github.com/ossf/scorecard in this repo. It will report about these kind of issues.
Note that you should in turn have to audit all the third party deps of the actions that your action depends on. In general this is all a bit of a mess and GitHub's security model is very meh
e.g. see https://github.com/ossf/scorecard/issues/2189
2024-06-18 09:17:15 -07:00
Luc Perkins
0e2a61b1f3
Add environment variable for strict mode input
2024-05-23 12:23:56 -03:00
Luc Perkins
7a7f13f9b5
Make strict mode input not required
2024-05-23 12:03:54 -03:00
Luc Perkins
7ce3b51a1d
Update detsys-ts
2024-05-22 15:40:01 -03:00
Graham Christensen
3fa85bcf4c
nit: run line
2024-05-09 15:44:43 -04:00
Graham Christensen
d978837d43
Expose all inputs
2024-05-09 15:35:53 -04:00
Graham Christensen
8363f28293
Call the node action instead directly
2024-05-07 23:02:56 -04:00
Luc Perkins
dde5487502
Finish initial rework into TS
2024-04-26 11:55:19 -03:00
Luc Perkins
b1f8684b21
Update Nix shell and add envrc
2024-04-21 19:42:23 -03:00
Luc Perkins
cf6776dfd1
Add initial JS setup
2024-04-21 19:17:03 -03:00
Cole Helbling
a3ccb8f597
Update pedrolamas/handlebars-action to 2.4.0
2024-02-29 07:07:00 -08:00
Cole Helbling
56b3507bfe
Update DamianReeves/write-file-action to v1.3
2024-02-28 15:06:00 -08:00
dependabot[bot]
70d01ca550
build(deps): bump pedrolamas/handlebars-action from 2.2.0 to 2.3.0
...
Bumps [pedrolamas/handlebars-action](https://github.com/pedrolamas/handlebars-action ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/pedrolamas/handlebars-action/releases )
- [Commits](https://github.com/pedrolamas/handlebars-action/compare/v2.2.0...v2.3.0 )
---
updated-dependencies:
- dependency-name: pedrolamas/handlebars-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-28 14:55:32 -08:00
dependabot[bot]
0631a12d9a
build(deps): bump crazy-max/ghaction-import-gpg from 5 to 6
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 5 to 6.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-28 14:54:51 -08:00
Morgan Helton
a72d3c5880
update peter-evans/create-pull-request to v6
2024-02-28 14:54:06 -08:00
Pol Dellaiera
e98d4358e3
Bump peter-evans/create-pull-request
to v5
2023-10-10 13:22:51 -07:00
Graham Christensen
da2fd6f256
Update action.yml
2023-08-24 00:12:15 -04:00
xgroleau🐢
dec3bc3c9b
fix: removed commented commit escaping code
2023-03-29 11:11:22 -07:00
xgroleau🐢
ad81b423ab
fix: use multiline string
2023-03-29 11:11:22 -07:00
xgroleau🐢
8a88a06550
fix: pr message fix
2023-03-29 11:11:22 -07:00
xgroleau🐢
9af2d0f36a
fix : replace action using deprecated node 12
2023-03-29 11:11:22 -07:00
xgroleau🐢
b55ee105d9
feat: Added nix option
...
fix: nix options position
Use empty list
fix options
2023-03-29 11:11:22 -07:00
Budiman Jojo
bc75a5b55e
expose status of PR
2023-03-27 09:17:55 -07:00
Jörg Thalheim
786e5cf5a2
allow to set base branch of pull request
2023-03-27 08:43:21 -07:00
dependabot[bot]
085c3a0b6d
build(deps): bump pedrolamas/handlebars-action from 2.1.0 to 2.2.0
...
Bumps [pedrolamas/handlebars-action](https://github.com/pedrolamas/handlebars-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/pedrolamas/handlebars-action/releases )
- [Commits](https://github.com/pedrolamas/handlebars-action/compare/v2.1.0...v2.2.0 )
---
updated-dependencies:
- dependency-name: pedrolamas/handlebars-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 05:55:07 -08:00
dependabot[bot]
cc83127440
build(deps): bump peter-evans/create-pull-request from 3 to 4
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 3 to 4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 05:46:37 -08:00
Linus Heckemann
114dde340d
Merge pull request #57 from DeterminateSystems/dependabot/github_actions/pedrolamas/handlebars-action-2.1.0
...
build(deps): bump pedrolamas/handlebars-action from 2.0.0 to 2.1.0
2023-01-27 16:00:40 +01:00
Eric Crosson
876a472251
fix(deps): upgrade DamianReeves/write-file-action to v1.2
...
https://github.com/DamianReeves/write-file-action/releases/tag/v1.2
This bumps the write-file-action from the Node.js 12 runtime to Node.js
16, avoiding a warning that Node.js 12 actions are deprecated[^1].
[^1]: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/
2023-01-23 07:15:35 -08:00
Eric Crosson
a0c5484d59
feat: accept list of reviewers and assignees
...
Pass a list of GitHub usernames through to
peter-evans/create-pull-request.
Assignees are specified with the `pr-assignees` property.
Reviewers are specified with the `pr-reviewers` property.
Both properties expect the value to be a list of GitHub usernames,
separated by either commas or newlines.
2023-01-19 07:29:15 -08:00
Arman Bilge
913da8731c
Remove stray >
2022-11-28 08:02:01 -08:00
Arman Bilge
867efeb864
Emails should be in < ... >
2022-11-28 08:02:01 -08:00
Arman Bilge
5e50e4bcfb
Allow to customize git author/committer name+email
2022-11-28 08:02:01 -08:00
dependabot[bot]
766761fdfc
build(deps): bump pedrolamas/handlebars-action from 2.0.0 to 2.1.0
...
Bumps [pedrolamas/handlebars-action](https://github.com/pedrolamas/handlebars-action ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/pedrolamas/handlebars-action/releases )
- [Commits](https://github.com/pedrolamas/handlebars-action/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: pedrolamas/handlebars-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-08 01:17:13 +00:00
Aaron Andersen
0ad9a55048
feat: allow specifying a path to flake.nix within the repository
2022-09-14 07:46:21 -07:00
Nicola Squartini
235f95922e
chore: bump crazy-max/ghaction-import-gpg
2022-08-19 11:40:14 -07:00
Nicola Squartini
a8f58509de
feat: allow using a subkey for GPG signing
2022-08-19 11:39:18 -07:00
Cole Helbling
4cf0d5d8d6
Prevent template files from being committed
2022-07-29 07:49:05 -07:00
Eduardo Robles Elvira
e23c52bb51
fixing sign-commits boolean variable conditionals
2022-07-15 12:22:17 +01:00
Eduardo Robles Elvira
96af8bfbfc
Adding documentation and support for custom pr-body
2022-07-15 11:44:21 +01:00
Eduardo Robles Elvira
1c5f270731
adding support for gpg commit signing
2022-07-15 05:40:47 +02:00
Arman Bilge
2026a4bf1a
Expose option to configure branch for PR ( #36 )
2022-06-22 15:44:48 -04:00
Cole Helbling
c58b7816fa
Expose the number of the opened PR
2022-04-22 11:46:11 -07:00
a-kenji
a10510d383
Add: script for update flake lock
...
Take commands out of the `action.yml` file, and put it in a dedicated
shell script.
2022-04-05 08:50:00 -07:00
maydayv7
e00d99112b
fix: Re-introduce inputs.pr-title
...
This is to allow users to override the PR title since the commit message as well as title are processed differently which may lead to errors in how they are displayed. For example, the commit message needs quotations to be escaped
2022-02-01 10:43:22 -08:00
maydayv7
aa902c3538
fix: Support Custom Commit Message
2022-02-01 10:43:22 -08:00
V7
e8bb9f761a
feat(cosmetic): Add Support for setting PR Labels
2022-02-01 10:43:22 -08:00
V7
073d38a53e
feat(cosmetic): Add Support for Custom PR Title
2022-02-01 10:43:22 -08:00
Jörg Thalheim
0c7c875acc
allow to set different github token.
2022-01-26 08:35:20 -08:00
Cole Helbling
2dc5d432c4
Don't use an external script for multiple inputs
...
All consumers would then have to bring this script into their repo,
since GitHub doesn't have something like Nix's string context.
2021-12-03 10:24:07 -08:00