dependabot[bot]
aca6726607
Bump docker/build-push-action from 5 to 6 ( #36197 )
...
Bumps
[docker/build-push-action](https://github.com/docker/build-push-action )
from 5 to 6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases ">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<ul>
<li>Export build record and generate <a
href="https://docs.docker.com/build/ci/github-actions/build-summary/ ">build
summary</a> by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1120 ">docker/build-push-action#1120</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.24.0 to 0.26.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1132 ">docker/build-push-action#1132</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1136 ">docker/build-push-action#1136</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1138 ">docker/build-push-action#1138</a></li>
<li>Bump braces from 3.0.2 to 3.0.3 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1137 ">docker/build-push-action#1137</a></li>
</ul>
<blockquote>
<p>[!NOTE]
This major release adds support for generating <a
href="https://docs.docker.com/build/ci/github-actions/build-summary/ ">Build
summary</a> and exporting build record for your build. You can disable
this feature by setting <a
href="https://docs.docker.com/build/ci/github-actions/build-summary/#disable-job-summary ">
<code>DOCKER_BUILD_SUMMARY: false</code> environment variable in your
workflow</a>.</p>
</blockquote>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0 ">https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0 </a></p>
<h2>v5.4.0</h2>
<ul>
<li>Show builder information before building by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1128 ">docker/build-push-action#1128</a></li>
<li>Handle attestations correctly with provenance and sbom inputs by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1086 ">docker/build-push-action#1086</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.19.0 to 0.24.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1088 ">docker/build-push-action#1088</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1105 ">docker/build-push-action#1105</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1121 ">docker/build-push-action#1121</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1127 ">docker/build-push-action#1127</a></li>
<li>Bump undici from 5.28.3 to 5.28.4 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1090 ">docker/build-push-action#1090</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0 ">https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0 </a></p>
<h2>v5.3.0</h2>
<ul>
<li>Bump <code>@docker/actions-toolkit</code> from 0.18.0 to 0.19.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1080 ">docker/build-push-action#1080</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0 ">https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0 </a></p>
<h2>v5.2.0</h2>
<ul>
<li>Disable quotes detection for <code>outputs</code> input by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1074 ">docker/build-push-action#1074</a></li>
<li>Warn about ignored inputs by <a
href="https://github.com/favonia "><code>@favonia</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1019 ">docker/build-push-action#1019</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.14.0 to 0.18.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1070 ">docker/build-push-action#1070</a></li>
<li>Bump undici from 5.26.3 to 5.28.3 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1057 ">docker/build-push-action#1057</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0 ">https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0 </a></p>
<h2>v5.1.0</h2>
<ul>
<li>Add <code>annotations</code> input by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/992 ">docker/build-push-action#992</a></li>
<li>Add <code>secret-envs</code> input by <a
href="https://github.com/elias-lundgren "><code>@elias-lundgren</code></a>
in <a
href="https://redirect.github.com/docker/build-push-action/pull/980 ">docker/build-push-action#980</a></li>
<li>Bump <code>@babel/traverse</code> from 7.17.3 to 7.23.2 in <a
href="https://redirect.github.com/docker/build-push-action/pull/991 ">docker/build-push-action#991</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.13.0-rc.1 to
0.14.0 in <a
href="https://redirect.github.com/docker/build-push-action/pull/990 ">docker/build-push-action#990</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1006 ">docker/build-push-action#1006</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0 ">https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="263435318dhttps://redirect.github.com/docker/build-push-action/issues/1381 ">#1381</a>
from docker/dependabot/npm_and_yarn/docker/actions-t...</li>
<li><a
href="c0432d2e010bb1f27d6b5f9dbf956c0788c444d8https://redirect.github.com/docker/build-push-action/issues/1375 ">#1375</a>
from crazy-max/remove-gcr</li>
<li><a
href="aa179ca4f41dc7386353https://redirect.github.com/docker/build-push-action/issues/1364 ">#1364</a>
from crazy-max/history-export-cmd</li>
<li><a
href="9c9803f364db1f6c46e8721e8c79dehttps://github.com/docker/build-push-action/compare/v5...v6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-18 20:09:24 +00:00
silverwind
3e57ba5b36
Add permissions tofiles-changed jobs ( #36142 )
...
Followup to https://github.com/go-gitea/gitea/pull/36140 .
`files-changed` is a job that imports another workflow via `uses`
statement but CodeQL still complains about lack of permissions on these
jobs, so add it. This will fix the remaining [3 CodeQL
issues](https://github.com/go-gitea/gitea/security/code-scanning?query=is%3Aopen+branch%3Amain+permissions ).
2025-12-12 18:38:59 +01:00
silverwind
4c06c98dda
Add explicit permissions to all actions workflows ( #36140 )
...
Explicitely specify all workflow
[`permissions`](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#permissions ).
This will fix [26 CodeQL
alerts](https://github.com/go-gitea/gitea/security/code-scanning?query=permissions+is%3Aopen+branch%3Amain+ ).
2025-12-12 16:48:29 +00:00
silverwind
87b855bd15
Bump actions/checkout to v6 ( #36136 )
...
https://github.com/actions/checkout#checkout-v6
Result of `perl -p -i -e
's#actions\/checkout\@v5#actions/checkout\@v6#g' .github/workflows/*`
2025-12-12 16:44:53 +01:00
TheFox0x7
685c8c314f
Add cache to container build ( #35697 )
...
add mount cache directives to container builds, which speeds up local
builds bypassing node and go package download entirely on second build
and caching go compilation.
drop job level split on regular/rootless, which allows to reuse the
previously made stage for rootless, skipping duplicate builds in CI.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com >
2025-11-02 09:42:25 +00:00
Chongyi Zheng
0a710133cd
Bump workflows in github actions ( #27836 )
...
All major version upgrades are related to using Node v20 as default
runtime
2023-10-30 15:56:43 +08:00
silverwind
51c2aebe1f
Only run docker-dryrun when necessary ( #25329 )
...
`docker-dryrun` runs on almost any PR, which is a huge waste of CI
resources. Run it only when the Dockerfiles change and also add a step
that verifies the rootless file.
---------
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
2023-06-18 22:53:20 -04:00
silverwind
4c290e9209
GitHub Actions enhancements for frontend ( #25150 )
...
- Don't run DB tests for frontend-only changes
- Build frontend as part of frontend step
- Build everything when actions change
2023-06-14 23:30:37 +08:00
Lunny Xiao
93c6a9a652
Use file filters action instead of Github's files filter ( #24877 )
...
Inspired by
https://github.com/go-gitea/gitea/pull/24530#issuecomment-1558815301
This PR use a file filter action to do different CI jobs according
changed files types. All types are defined in
`.github/file-filters.yml`. Now there are 4 types, `docs`, `backend`,
`frontend` and `build`. Then if a PR only changed docs files, those CI
jobs which passed the conditions will run, and other types are also like
this.
---------
Co-authored-by: silverwind <me@silverwind.io >
2023-05-25 01:33:31 +00:00
Lunny Xiao
c78b923822
Don't run build and test if only docs changed ( #24530 )
...
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
2023-05-16 02:53:18 +00:00
silverwind
6c8b680f91
GitHub Actions cleanups ( #24620 )
...
- Remove actions name where command is descriptive enough
- Use kebab-case instead of snake-case for step names
- Use shorter job names because to make PR checks more readable
- Remove duplicate `checks-backend`
---------
Co-authored-by: Yarden Shoham <git@yardenshoham.com >
2023-05-11 21:21:28 -04:00
