ED/EDMarketConnector
1
0
Fork 0
mirror of https://github.com/EDCD/EDMarketConnector.git synced 2025-04-14 00:07:14 +03:00
Code Issues Projects Releases Wiki Activity
6,170 Commits 16 Branches 276 Tags
Commit Graph

38 Commits

Author SHA1 Message Date
Athanasius
214bed27ee .github: workflows: Guard any shell $VAR with "..." 
This is with regards to what happened to another project, ref:

<https://www.wiz.io/blog/ultralytics-ai-library-hacked-via-github-for-cryptomining>

Basically, do NOT trust that things like branch names don't contain any
attempt at executing shell code if referenced in a workflow segment that
runs a shell command.
 2024-12-09 21:43:47 +00:00
David Sangrey
631b7f93d3
Merge branch 'beta' 2023-12-20 22:20:21 -05:00
David Sangrey
b5311b4a6e
[Minor] Sync Submodule Document 2023-12-20 22:03:30 -05:00
dependabot[bot]
7902610d10
build(deps): bump actions/github-script from 6 to 7 
Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-01 17:36:48 +00:00
David Sangrey
70c019e7d8
[Minor] Add Manual Trigger for submodule-update.yml 2023-11-30 13:30:59 -05:00
David Sangrey
f14fdd7e4f
[Minor] Rollback submodule-update.yml 2023-11-30 13:27:04 -05:00
David Sangrey
f4866a7a2b
[Minor] Temporarily Suppress Submodule Schedule 2023-11-30 13:00:52 -05:00
dependabot[bot]
3b663c18ff
build(deps): bump actions/checkout from 3 to 4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-01 17:22:33 +00:00
David Sangrey
b75b6be23f
#1443 Update GitHub Workflow Submodules 2023-08-03 17:56:09 -04:00
Athanasius
41505736ac
Change the submodule GH workflow back to on-push to develop 2023-04-16 11:05:21 +01:00
Athanasius
a9695aa1ee
github/submodule-update: Direct actions/checkout to use develop 2022-12-18 13:10:45 +00:00
Athanasius
ceed5886a8
github/submodule-update: Disable push/develop trigger 2022-12-17 13:02:48 +00:00
Athanasius
6ec68c5034
github/submodule-update: Reference env as a context thing. 2022-12-17 12:59:20 +00:00
Athanasius
f27d0bf74d
github/submodule-update: Tweak reference to PR_AGAINST_BRANCH 2022-12-17 12:56:11 +00:00
Athanasius
c3100b1fd5
github/submodule-update: Also run on develop pushes 2022-12-17 12:50:48 +00:00
Athanasius
273962e679
github/submodule-update: Move back to using our defined env 
We need to run against `develop`, even when on `main` using a cron, so
actually use the environment vars we define.
 2022-12-17 12:50:13 +00:00
Athanasius
414f9d8dae
github/submodule-update: Use single 0 in cron spec 
Just in case that `00` was the issue.  It ran fine with `10 * * * *`.
 2022-12-17 12:50:12 +00:00
Athanasius
06d83399c0
Revert "github/submodule-update: Run *every* hour for test purposes" 
This reverts commit ee1c739ee15208980ea0554e9b172b614ec18869.
 2022-12-17 12:50:11 +00:00
Athanasius
de16284b25
github/submodule-update: Run *every* hour for test purposes 2022-12-17 12:50:11 +00:00
Athanasius
70a9c7d8ab
github/submodule-update: Run every day at mid-day. 2022-12-17 11:30:56 +00:00
Athanasius
640223472b
github/submodule-update: Remove unused 'Add labels' step 
1. This was commented out.
2. It's not necessarily up to date with what *works*, so just delete it.
 2022-12-17 11:26:51 +00:00
Athanasius
8fab1fa811
github/submodule-update: Make better branch names 2022-12-17 11:25:16 +00:00
Athanasius
130bda0cc9
github/submodule-update: Try to use git status output in PR body 2022-12-17 11:21:03 +00:00
Athanasius
424e9754b1
github/submodule-update: Let's try github contexts 2022-12-17 11:14:18 +00:00
Athanasius
a68c23e525
github/submodule-update: Fix process.env syntax ? 2022-12-17 09:59:17 +00:00
Athanasius
8831d15220
github/submodule-update: Switch to process.env for owner, repo, base 2022-12-17 09:56:40 +00:00
Athanasius
e0f6f35311
github/submodule-update: Change to secrets.GITHUB_TOKEN 
That works in the windows-build.yml workflow.
 2022-12-17 09:48:21 +00:00
Athanasius
acbb8b2294
github/submodule-update: Switch to 'environment' style 
As per <https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter>
 2022-12-17 09:42:22 +00:00
Athanasius
ede69a9012
github/submodule-update: steps.check_for_changes condition not working 
* Now I'm guessing at what the syntax needs to be, but the bare
  `steps.check_for_changes.outputs.changes` results in it being considerd
  `null` for the check.
 2022-12-17 09:34:33 +00:00
Athanasius
859fe81d71
github/submodule-update: Ensure exit 0 on the update check 
I *think* the `exit 0` is to ensure the 'Check for changes' isn't considered
failed due to `git` exit code.
 2022-12-16 17:27:13 +00:00
Athanasius
3e0da4b537
github/submodule-update: Needs an 'else' to actually work 
* Somehow this had been left in a state where it would always signal
  "no changes".
 2022-12-16 17:24:11 +00:00
dependabot[bot]
4ea1609f36
build(deps): bump actions/checkout from 2.4.0 to 3 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-02 17:04:05 +00:00
dependabot[bot]
c57bbe878a
build(deps): bump actions/github-script from 5 to 6 
Bumps [actions/github-script](https://github.com/actions/github-script) from 5 to 6.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-11 17:03:46 +00:00
Athanasius
6963a24728
github: submodules-update: Port in all the releasehub code & tweak 
We want to *check* if there are any changes and only make a branch and add
commits if so.  The upstream code has no option for this, so use it as
a starting point instead.

Specifically this is based on:

https://github.com/releasehub-com/github-action-create-pr-parent-submodule/blob/main/action.yml
aff9d0978a9bbcbc2961d621d5b108c4b46db5e7

* We need 'success' from the *step* to be when there ARE changes, and that
  is in the special github output.
* In order for the whole job *not* to fail in the 'step check_for_changes
  says it failed' case we need it to have `continue-on-error: true`.
 2022-02-07 17:31:47 +00:00
Athanasius
c93df877bb
github: submodules-update: Actually it's all submodules, not only FDevIDs 2022-02-07 15:25:16 +00:00
Athanasius
3a362d6a10
github: submodules-check: Use GITHUB_SECRET 
Perhaps this will be sufficient, if not we'll need to tweak the permissions
*for that token* **for this action**.
 2022-02-07 15:18:45 +00:00
Athanasius
a77618f762
github: Fix org(/repo) case in submodule-updates.yml 2022-02-07 14:46:53 +00:00
Athanasius
2bf199f129
github: Add submodule-updates workflow 
It's time to start tracking `master/head` of coriolis-data, and this should
trigger a PR making that so.
 2022-02-07 14:45:00 +00:00