tobiasKaminsky
|
92d3f08f6a
|
Setting token permissions to read-only follows the principle of least privilege.
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
|
2022-06-13 14:23:55 +02:00 |
|
Álvaro Brey
|
f54d234626
|
Merge pull request #10279 from nextcloud/chore/analysis-github-token
workflows/analysis: Use GITHUB_TOKEN instead of GIT_TOKEN, and some cleanup
|
2022-05-31 10:07:03 +02:00 |
|
Álvaro Brey
|
e74e12c293
|
Update some workflows
Signed-off-by: Álvaro Brey <alvaro.brey@nextcloud.com>
|
2022-05-23 10:11:36 +02:00 |
|
Álvaro Brey Vilas
|
7073746309
|
Use defusedxml for xml parsing instead of etree
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-04-27 11:03:59 +02:00 |
|
dependabot[bot]
|
5e924a5c4f
|
Bump actions/setup-java from 2 to 3
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/setup-java
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-04-11 11:20:00 +00:00 |
|
Álvaro Brey Vilas
|
e7dbbb45b4
|
Analysis: use proper token for clone
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-03-09 09:01:50 +01:00 |
|
Álvaro Brey Vilas
|
bee3403b21
|
analysis: Checkout branch, but use repo too
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-03-08 13:50:04 +01:00 |
|
Álvaro Brey Vilas
|
421a672e1d
|
workflows: analysis: another attempt to fix checkout
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-03-08 10:27:24 +01:00 |
|
Álvaro Brey Vilas
|
d2cb7e33b5
|
Revert "workflows: analysis: default checkout"
This reverts commit 55f02b550b .
Signed-off-by: Álvaro Brey <alvaro.brey@nextcloud.com>
|
2022-03-08 10:25:38 +01:00 |
|
Álvaro Brey Vilas
|
55f02b550b
|
workflows: analysis: default checkout
Should work in checkout@v3
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-03-08 10:04:15 +01:00 |
|
dependabot[bot]
|
5e0c59cd6d
|
Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-03-07 08:20:38 +00:00 |
|
Álvaro Brey Vilas
|
494cceab8e
|
Analysis: fix checkout and commit generation
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-01-26 12:54:24 +01:00 |
|
Álvaro Brey Vilas
|
9f2bdd5916
|
Analysis: use pull_request_target
Can't post reports otherwise as github token is readonly in pull_request
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-01-26 11:33:53 +01:00 |
|
Álvaro Brey Vilas
|
22367838ab
|
Run analysis workflow on push too
Otherwise baseline results aren't generated
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-01-24 16:25:33 +01:00 |
|
Álvaro Brey Vilas
|
417dee2535
|
workflows: Use temurin JDK instead of adopt
Ref: https://blog.adoptopenjdk.net/2021/08/goodbye-adoptopenjdk-hello-adoptium/
tl;dr: AdoptOpenJDK is discontinued and recommendation is to use Eclipse Temurin instead
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-01-20 11:01:09 +01:00 |
|
Álvaro Brey Vilas
|
33a2043d3f
|
Analysis workflow: correct head ref for branch
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-01-14 13:08:21 +01:00 |
|
Álvaro Brey Vilas
|
9fa63c7547
|
Run analysis workflow in github actions
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
|
2022-01-13 09:29:43 +01:00 |
|