dependabot[bot]
7d4c3b64e3
Bump docker/build-push-action from 6.15.0 to 6.16.0 ( #18397 )
...
Bumps
[docker/build-push-action](https://github.com/docker/build-push-action )
from 6.15.0 to 6.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases ">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.16.0</h2>
<ul>
<li>Handle no default attestations env var by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1343 ">docker/build-push-action#1343</a></li>
<li>Only print secret keys in build summary output by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1353 ">docker/build-push-action#1353</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.59.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1352 ">docker/build-push-action#1352</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0 ">https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="14487ce63chttps://redirect.github.com/docker/build-push-action/issues/1343 ">#1343</a>
from crazy-max/fix-no-default-attest</li>
<li><a
href="0ec91264d8https://redirect.github.com/docker/build-push-action/issues/1366 ">#1366</a>
from crazy-max/pr-assign-author</li>
<li><a
href="b749522b90c566248492https://redirect.github.com/docker/build-push-action/issues/1363 ">#1363</a>
from crazy-max/fix-codecov</li>
<li><a
href="13275dd76e67dc78bbafhttps://redirect.github.com/docker/build-push-action/issues/1361 ">#1361</a>
from mschoettle/patch-1</li>
<li><a
href="07605044371c198f4467288d9e2e4a88844b95d8https://redirect.github.com/docker/build-push-action/issues/1353 ">#1353</a>
from crazy-max/summary-secret-keys</li>
<li>Additional commits viewable in <a
href="471d1dc4e0...14487ce63chttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.15.0&new-version=6.16.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-19 09:51:52 +01:00
dependabot[bot]
1482ad1917
Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 ( #18366 )
2025-04-29 10:05:43 +01:00
Andrew Morgan
51deadec41
Pin our GitHub Actions dependencies ( #18255 )
...
After the [recent supply chain attack](https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup )
in `tj-actions/changed-files` and actions based on it, it's become clear
that relying on git tags to pin our dependencies is not enough (as tags
can simply be replaced). Therefore we need to switch to hashes.
Dependabot should continue to update these dependencies for us.
Best reviewed commit-by-commit. Though if CI passes, we're *probably*
fine.
2025-03-19 14:16:04 +00:00
dependabot[bot]
805e8705c7
Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 ( #18185 )
...
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer )
from 3.8.0 to 3.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases ">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>use cosign 2.4.3 and other updates by <a
href="https://github.com/cpanato "><code>@cpanato</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/182 ">sigstore/cosign-installer#182</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1 ">https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d7d6bc7722https://redirect.github.com/sigstore/cosign-installer/issues/182 ">#182</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.8.0...v3.8.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-24 12:27:56 +00:00
dependabot[bot]
fe3f462b79
Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 ( #18147 )
2025-02-12 13:30:36 +00:00
Till
6c4037dcf3
Downgrade ubuntu to 22.04 when building docker images ( #18026 )
...
As currently all docker builds are failing.
https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/
https://github.com/actions/runner-images/issues/10636
2024-12-11 18:27:56 +01:00
dependabot[bot]
f40641c29b
Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 ( #17798 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-08 14:56:15 +01:00
dependabot[bot]
a640b318df
Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 ( #17549 )
2024-08-12 14:31:34 +01:00
dependabot[bot]
d17d931a53
Bump docker/build-push-action from 5 to 6 ( #17312 )
2024-06-18 09:57:58 +01:00
dependabot[bot]
14e9ab19be
Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 ( #17088 )
...
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer )
from 3.4.0 to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases ">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump actions/checkout from 4.1.1 to 4.1.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/157 ">sigstore/cosign-installer#157</a></li>
<li>use go 1.22 now by <a
href="https://github.com/bobcallaway "><code>@bobcallaway</code></a> in
<a
href="https://redirect.github.com/sigstore/cosign-installer/pull/160 ">sigstore/cosign-installer#160</a></li>
<li>bump default version to v2.2.4, prep for v3.5.0 release by <a
href="https://github.com/bobcallaway "><code>@bobcallaway</code></a> in
<a
href="https://redirect.github.com/sigstore/cosign-installer/pull/159 ">sigstore/cosign-installer#159</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0 ">https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="59acb6260dhttps://redirect.github.com/sigstore/cosign-installer/issues/159 ">#159</a>)</li>
<li><a
href="22be4ce325https://redirect.github.com/sigstore/cosign-installer/issues/160 ">#160</a>)</li>
<li><a
href="162dfdf7b9https://redirect.github.com/sigstore/cosign-installer/issues/157 ">#157</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-19 09:42:35 +01:00
dependabot[bot]
d2674bacdb
Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 ( #16890 )
2024-02-06 09:17:42 +00:00
Gaël Goinvic
9ee3db1de5
Implement cosign on docker image ( #16774 )
...
Signed-off-by: Gaël Goinvic <gaelg@element.io>
2024-01-04 11:49:33 +00:00
Erik Johnston
8613f7693e
More renaming
2023-12-13 15:41:11 +00:00
dependabot[bot]
139a24de9e
Bump actions/checkout from 3 to 4 ( #16250 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 11:39:54 -04:00
dependabot[bot]
a40f7724ff
Bump docker/setup-buildx-action from 2 to 3 ( #16375 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 11:34:16 +01:00
dependabot[bot]
ab5f4f906d
Bump docker/login-action from 2 to 3 ( #16339 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-18 10:21:14 +01:00
dependabot[bot]
47f9837008
Bump docker/setup-qemu-action from 2 to 3 ( #16338 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-18 10:19:05 +01:00
dependabot[bot]
d2eacfe051
Bump docker/build-push-action from 4 to 5 ( #16336 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-18 10:17:48 +01:00
David Robertson
f9f3e89354
Attempt to fix labelling in docker workflow ( #16009 )
2023-07-27 13:47:48 +01:00
Mo Balaa
96529c4236
Add synapse version as Docker container label ( #15972 )
...
Co-authored-by: Mo Balaa <balaa@fractalnetworks.co>
2023-07-26 16:16:12 +00:00
reivilibre
63e25010d6
Mirror images to the GitHub Container Registry (ghcr.io/matrix-org/synapse). ( #15281 )
2023-03-20 16:28:29 +00:00
dependabot[bot]
bb675913f0
Bump docker/build-push-action from 3 to 4 ( #14952 )
...
* Bump docker/build-push-action from 3 to 4
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Changelog
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>
2023-02-01 20:06:28 +00:00
Erik Johnston
6e0dde3215
Revert "Disable push of docker images"
...
This reverts commit f3f303aa22
2022-10-14 10:50:24 +01:00
Erik Johnston
424d1d28cc
Fix docker workflow
2022-10-14 09:57:31 +01:00
Erik Johnston
f3f303aa22
Disable push of docker images
2022-10-14 09:54:56 +01:00
Erik Johnston
29ee4b6698
Fix docker build OOMing in CI for arm64 builds ( #14173 )
...
Co-authored-by: David Robertson <davidr@element.io>
2022-10-13 18:16:21 +00:00
dependabot[bot]
d42541733d
Bump docker/login-action from 1 to 2 ( #13978 )
...
* Bump docker/login-action from 1 to 2
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Changelog
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>
2022-10-03 17:32:48 +01:00
dependabot[bot]
4cceb6ba66
Bump docker/build-push-action from 2 to 3 ( #14022 )
...
* Bump docker/build-push-action from 2 to 3
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 2 to 3.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Changelog
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Robertson <davidr@element.io>
2022-10-03 17:15:27 +01:00
dependabot[bot]
6c85796769
Bump docker/setup-qemu-action from 1 to 2 ( #14019 )
...
* Bump docker/setup-qemu-action from 1 to 2
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 1 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Changelog
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Robertson <davidr@element.io>
2022-10-03 16:07:39 +01:00
dependabot[bot]
a52d27a68b
Bump docker/setup-buildx-action from 1 to 2 ( #14015 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Robertson <davidr@element.io>
2022-10-03 14:13:15 +00:00
Henry
b8fa24b022
Use docker/metadata-action to generate docker image tags ( #12573 )
...
Update the "Build docker images" GitHub Actions workflow to use
`docker/metadata-action` to generate docker image tags, instead of a
custom shell script.
Signed-off-by: Henry <97804910+henryclw@users.noreply.github.com>
2022-05-05 12:36:42 +00:00
Richard van der Hoff
2d327d25bf
Skip the initial amd64-only Docker build ( #11810 )
...
PyNaCl's recent 1.5.0 release on PyPi includes arm64 wheels, which means our
arm64 docker images now build in a sensible amount of time, so we can skip the
amd64-only build.
2022-01-24 18:31:23 +00:00
Richard van der Hoff
e2e9bea1ce
Publish a develop docker image ( #11380 )
...
I'd find it helpful to have a docker image corresponding to current develop,
without having to build my own.
2021-11-19 10:56:59 +00:00
Richard van der Hoff
4c3fdfc808
Fix an error in the docker workflow ( #10461 )
2021-07-22 21:50:30 +01:00
Richard van der Hoff
c6509991f3
Move the docker image build to Github Actions ( #10416 )
...
it's flaky on circleCI, and having to manage multiple CI providers is painful.
2021-07-21 12:33:35 +01:00
