Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,370 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

101 Commits

Author SHA1 Message Date
Marcus Hert Da Coregio a6d362fa18 Make trigger-dependabot-auto-merge-forward.yml run on push 
Issue gh-14721
 2024-03-14 15:12:14 -03:00
Marcus Hert Da Coregio 37984c2e11 Add GH_TOKEN to set-milestone 
Issue gh-14721
 2024-03-14 14:45:36 -03:00
Marcus Hert Da Coregio b3a43d6154 Use token only for auto merge 
Issue gh-14721
 2024-03-14 14:42:33 -03:00
Marcus Hert Da Coregio a87fc4ea8a Use pull_request_target for merge-dependabot-pr.yml 
Issue gh-14721
 2024-03-14 14:33:00 -03:00
Marcus Hert Da Coregio e7bff4240a Use GH_ACTIONS_REPO_TOKEN for merge-dependabot-pr.yml 
Issue gh-14721
 2024-03-14 09:23:31 -03:00
Marcus Hert Da Coregio a3c06d98ca Trigger Dependabot Workflow when PR is merged 
Issue gh-14721
 2024-03-12 10:26:17 -03:00
Marcus Hert Da Coregio 5dae6da15a Remove branch filter 
Issue gh-14535
 2024-03-11 09:25:58 -03:00
Marcus Hert Da Coregio c2e97d7661 Ignore dependabot branches on trigger auto merge 2024-02-29 10:52:44 -03:00
Marcus Hert Da Coregio 6230806d56 Change branch pattern 
Issue gh-14535
 2024-02-16 11:51:53 -03:00
Marcus Hert Da Coregio 2159f3a93d Fix branch pattern 
Issue gh-14535
 2024-02-16 09:50:42 -03:00
Marcus Hert Da Coregio 59be5553a1 Fix workflow syntax 
Issue gh-14535
 2024-02-15 09:23:35 -03:00
Marcus Hert Da Coregio 2bfdb0c6cd Only run workflow for branches that matches [5-9]+.[5-9]+.x 
Issue gh-14535
 2024-02-14 01:15:16 -03:00
Marcus Hert Da Coregio 731cd6131b Do not try to run trigger dependabot automerge workflow in PRs 
Issue gh-14535
 2024-02-13 10:45:08 -03:00
dependabot[bot] c2a589734c Bump spring-io/spring-github-workflows 
Bumps [spring-io/spring-github-workflows](https://github.com/spring-io/spring-github-workflows) from eaf17a1890b1ef1b337f015d6eb263baaf8c6dab to 1e8b0587a1f4f01697f9753fa3339c3e0d30f396.
- [Release notes](https://github.com/spring-io/spring-github-workflows/releases)
- [Commits](eaf17a1890...1e8b0587a1)

---
updated-dependencies:
- dependency-name: spring-io/spring-github-workflows
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-12 00:57:15 +00:00
dependabot[bot] e5e67f91e9 Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 
Bumps [Gamesight/slack-workflow-status](https://github.com/gamesight/slack-workflow-status) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/gamesight/slack-workflow-status/releases)
- [Commits](https://github.com/gamesight/slack-workflow-status/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: Gamesight/slack-workflow-status
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-12 00:57:09 +00:00
Marcus Hert Da Coregio e0fc8f37b0 Use latest version of spring-merge-dependabot-pr workflow 
Issue gh-14535
 2024-02-06 11:05:56 -03:00
Marcus Hert Da Coregio 43ced5291b Only run workflow for spring-projects repositories 
Issue gh-14535
 2024-02-06 08:18:31 -03:00
Marcus Hert Da Coregio 56c5fc281e Automatically trigger auto merge for Dependabot PRs 
Issue gh-14535
 2024-02-06 08:06:27 -03:00
Marcus Hert Da Coregio 05d3c4b695 Add permission to Edit Dependabot PR workflow 
Issue gh-14486
 2024-02-02 09:30:50 -03:00
Marcus Hert Da Coregio 5f80cfc705 Automatically assign milestone to Dependabot PR 
Issue gh-14486
 2024-02-02 09:30:39 -03:00
dependabot[bot] 7011930305 Bump gradle/gradle-build-action from 2 to 3 
Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2 to 3.
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 17:44:51 -07:00
dependabot[bot] 8a75382b2d Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 
Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](https://github.com/slackapi/slack-github-action/compare/v1.24.0...v1.25.0)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 17:41:43 -07:00
dependabot[bot] 10b3a9b234 Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 
Bumps [Gamesight/slack-workflow-status](https://github.com/gamesight/slack-workflow-status) from 1.0.1 to 1.2.0.
- [Release notes](https://github.com/gamesight/slack-workflow-status/releases)
- [Commits](https://github.com/gamesight/slack-workflow-status/compare/v1.0.1...v1.2.0)

---
updated-dependencies:
- dependency-name: Gamesight/slack-workflow-status
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-14 08:58:50 -03:00
dependabot[bot] e4cc0a4755 Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 
Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.19.0 to 1.24.0.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](https://github.com/slackapi/slack-github-action/compare/v1.19.0...v1.24.0)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-14 08:58:37 -03:00
dependabot[bot] ff71ef46b7 Bump actions/setup-java from 3 to 4 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-14 08:58:19 -03:00
dependabot[bot] 5593655bbf Bump spring-io/spring-gradle-build-action from 1 to 2 
Bumps [spring-io/spring-gradle-build-action](https://github.com/spring-io/spring-gradle-build-action) from 1 to 2.
- [Commits](https://github.com/spring-io/spring-gradle-build-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: spring-io/spring-gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-14 08:58:09 -03:00
dependabot[bot] 47812e506f Bump actions/checkout from 3 to 4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-14 08:58:00 -03:00
Steve Riesenberg 9c44b700f5
Add Gradle Enterprise creds to PR builds 
Closes gh-14249
 2023-12-07 14:28:51 -06:00
Marcus Da Coregio b9836d618a Fix Workflows 
Issue gh-13873
 2023-09-29 15:50:10 -03:00
Marcus Da Coregio 2505c08e8f Do Not Run Some Workflows on Dependabot's PRs 
Issue gh-13873

(cherry picked from commit 3aae03b1b2)
 2023-09-29 15:48:12 -03:00
Marcus Da Coregio 9e877c9bc6 Do not run some workflows for Dependabot branches 
Issue gh-13873

(cherry picked from commit ab812b2b53)
 2023-09-29 15:48:11 -03:00
Marcus Da Coregio 650692964e Fix snapshot_tests on CI workflow 
Closes gh-13876
 2023-09-28 15:58:43 -03:00
Marcus Da Coregio e29ea47ff7 Use Gradle's Version Catalog 
Issue gh-13868
 2023-09-28 14:57:18 -03:00
jongwooo aad3e61f4d chore: Use cache in continuous-integration-workflow.yml 
Signed-off-by: jongwooo <jongwooo.han@gmail.com>
 2023-02-01 14:26:25 -07:00
Kirk Lin 9c6d90490d ci: fix GitHub Actions Deprecating save-state and set-output commands 
Closes gh-12032
 2022-11-25 09:05:28 -03:00
Dan Allen fe252f5057 sync docs build; upgrade Antora and Antora Collector to latest alpha 2022-11-21 17:26:51 -07:00
Josh Cummings ff055cf07a
Remote antoraUpdateVersion task from CI 2022-10-17 14:24:13 -06:00
Marcus Da Coregio 465d80c162 Remove antoreUpdateVersion task from release automation 2022-10-17 15:50:44 -03:00
Marcus Da Coregio 7756247c3a Simplify checkSamples task 
Closes gh-11814
 2022-09-16 09:36:12 -03:00
Dan Allen 3387149a0f repurpose 5.6.x branch to provide local docs build 
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
 2022-09-12 15:41:12 -05:00
Rob Winch 8c69699458 Remove backportbot.yml 
Issue gh-11736
 2022-08-23 13:46:32 -05:00
Steve Riesenberg 02459919cc
Skip workflows on forks of spring-security 2022-07-28 15:13:56 -05:00
Steve Riesenberg 57d212ddca
Use cache and user.name system property on Windows 2022-07-28 15:13:55 -05:00
Steve Riesenberg 539b17f6da
Only run prerequisites job if on upstream repo 2022-07-28 15:13:54 -05:00
Steve Riesenberg 37e1ad27fe
Simplify dependency graph 2022-07-28 15:13:53 -05:00
Steve Riesenberg 043fdd6f03
Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-28 15:13:52 -05:00
Steve Riesenberg 3234e05085
Polish gh-11367 2022-07-28 15:13:51 -05:00
naveen f957e3c051
Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
 2022-07-28 15:13:51 -05:00
Steve Riesenberg aaf20e7b61
Build only on branches 
Issue gh-11480
 2022-07-18 11:47:25 -05:00
Steve Riesenberg 148756076c
Backport release automation and github actions 
Closes gh-11501
 2022-07-13 15:51:25 -05:00