dependabot[bot]
66c22f4636
Bump the github-actions group with 4 updates
...
Bumps the github-actions group with 4 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ), [docker/login-action](https://github.com/docker/login-action ), [docker/metadata-action](https://github.com/docker/metadata-action ) and [docker/build-push-action](https://github.com/docker/build-push-action ).
Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd )
Updates `docker/login-action` from 3.7.0 to 4.0.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...b45d80f862d83dbcd57f89517bcf500b2ab88fb2 )
Updates `docker/metadata-action` from 5.10.0 to 6.0.0
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](https://github.com/docker/metadata-action/compare/c299e40c65443455700f0fdfc63efafe5b349051...030e881283bb7a6894de51c315a6bfe6a94e05cf )
Updates `docker/build-push-action` from 6.19.2 to 7.0.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/10e90e3645eae34f1e60eeb005ba3a3d33f178e8...d08e5c354a6adb9ed34480a06d141179aa583294 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: docker/login-action
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: docker/metadata-action
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: docker/build-push-action
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-18 01:45:09 +00:00
Mike Dalessio
fa12aca387
ci: update pinned github versions (minor bump)
2026-03-17 18:08:11 -04:00
Mike Dalessio
58f94b0cc1
ci: add job to lint github actions
...
using zizmor
2026-03-17 18:08:09 -04:00
Mike Dalessio
dd7f7005b2
ci: fix template injection by passing tags through env vars
2026-03-17 17:57:34 -04:00
Mike Dalessio
bc6703b0df
ci: disable credential persistence after checkout
...
suppress artipacked warning in dependabot lockfile sync workflow
2026-03-17 17:57:34 -04:00
Mike Dalessio
310e271908
ci: suppress zizmor secrets-outside-env in test workflow
2026-03-17 17:57:34 -04:00
Mike Dalessio
b6e00b77e3
ci: scope permissions to jobs in publish-image workflow
2026-03-17 17:57:32 -04:00
Mike Dalessio
463f289072
ci: pin github actions
...
using `pinact`
2026-03-17 17:19:37 -04:00
dependabot[bot]
9585d13f5f
Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 ( #2668 )
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 3.2.0 to 4.1.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.1.0 )
---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
dependency-version: 4.1.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 08:58:45 -07:00
dependabot[bot]
31713aa396
Bump docker/build-push-action from 6.18.0 to 6.19.2 ( #2587 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 6.18.0 to 6.19.2.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v6.18.0...v6.19.2 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: 6.19.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 23:27:38 -08:00
dependabot[bot]
0ead67f85b
Bump the development-dependencies group across 1 directory with 3 updates ( #2546 )
...
* Bump the development-dependencies group across 1 directory with 3 updates
Bumps the development-dependencies group with 3 updates in the / directory: [brakeman](https://github.com/presidentbeef/brakeman ), [faker](https://github.com/faker-ruby/faker ) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium ).
Updates `brakeman` from 7.1.2 to 8.0.1
- [Release notes](https://github.com/presidentbeef/brakeman/releases )
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md )
- [Commits](https://github.com/presidentbeef/brakeman/compare/v7.1.2...v8.0.1 )
Updates `faker` from 3.5.3 to 3.6.0
- [Release notes](https://github.com/faker-ruby/faker/releases )
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md )
- [Commits](https://github.com/faker-ruby/faker/compare/v3.5.3...v3.6.0 )
Updates `selenium-webdriver` from 4.39.0 to 4.40.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases )
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES )
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.39.0...selenium-4.40.0 )
---
updated-dependencies:
- dependency-name: brakeman
dependency-version: 8.0.1
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: development-dependencies
- dependency-name: faker
dependency-version: 3.6.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development-dependencies
- dependency-name: selenium-webdriver
dependency-version: 4.40.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* Auto-sync Gemfile.saas.lock on Dependabot PRs
Dependabot can't update custom-named Gemfiles, so Gemfile.saas.lock
drifts whenever it bumps shared gems in Gemfile.lock.
Add `bin/bundle-drift forward` to push oss lockfile changes into the
saas lockfile (the reverse of `correct`), and a GitHub Actions workflow
that runs it automatically on Dependabot bundler branches.
* Update brakeman ignore fingerprint for 8.0.1
Brakeman 8.0.1 changed how it computes warning fingerprints, so the
existing ignore entry for the safe_constantize warning in Notifier
became obsolete. Update to the new fingerprint.
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Daer <jeremy@37signals.com >
2026-02-16 15:29:51 -08:00
dependabot[bot]
9622e5dad4
Bump actions/attest-build-provenance from 3.1.0 to 3.2.0 ( #2499 )
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](https://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0 )
---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
dependency-version: 3.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-08 10:35:19 -08:00
dependabot[bot]
52ec23ff21
Bump docker/login-action from 3.6.0 to 3.7.0 ( #2500 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v3.6.0...v3.7.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: 3.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-08 10:35:11 -08:00
Kevin McConnell
e27456b8f8
Include arm64 build in Docker workflow
2026-01-23 14:33:31 +00:00
dependabot[bot]
6ec61df7d7
Bump actions/attest-build-provenance from 3.0.0 to 3.1.0 ( #2257 )
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](https://github.com/actions/attest-build-provenance/compare/v3.0.0...v3.1.0 )
---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
dependency-version: 3.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-26 21:10:05 -08:00
dependabot[bot]
e221833571
Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 ( #2256 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 3.11.1 to 3.12.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: 3.12.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-26 21:09:38 -08:00
Mike Dalessio
6a244b17e6
Use new FIZZY_GH_TOKEN with limited access
...
because this is a public repo and so doesn't have access to the
private org secret GH_TOKEN anymore.
2025-12-12 13:04:26 -05:00
Jeremy Daer
586015c3f9
Bundle drift detection and correction ( #2101 )
...
Gemfile.saas evals Gemfile, so shared gems should have identical versions
in both lockfiles. This adds bin/bundle-drift to detect and fix drift:
* `bin/bundle-drift check` compares shared gem versions
* `bin/bundle-drift correct` seeds Gemfile.lock from Gemfile.saas.lock
and re-locks, letting Bundler prune SaaS-only gems while preserving
shared versions
Adds drift check to bin/ci and GitHub CI. Corrects existing drift.
2025-12-11 21:32:34 -08:00
dependabot[bot]
ef538abb4f
Bump actions/checkout from 4 to 6 ( #2047 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:25:42 -08:00
dependabot[bot]
19cd7bfeec
Bump docker/login-action from 3.5.0 to 3.6.0 ( #2046 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v3.5.0...v3.6.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: 3.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:25:17 -08:00
dependabot[bot]
9ee8b131c5
Bump docker/metadata-action from 5.8.0 to 5.10.0 ( #2045 )
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 5.8.0 to 5.10.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](https://github.com/docker/metadata-action/compare/v5.8.0...v5.10.0 )
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: 5.10.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:25:02 -08:00
dependabot[bot]
a90ad88bab
Bump sigstore/cosign-installer from 3.9.2 to 4.0.0 ( #2044 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.2 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.9.2...v4.0.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:24:47 -08:00
Jeremy Daer
bc1075f194
GitHub actions: limit GITHUB_TOKEN permissions ( #1933 )
2025-12-04 11:05:50 -08:00
Stanko K.R.
fc8ca04c05
Disable ARM image builds
2025-12-02 18:59:40 +01:00
Stanko K.R.
94d1a1e10a
Disable image builds for PRs
2025-12-02 18:51:07 +01:00
Stanko K.R.
2d0110963a
Add automated Docker image builds
2025-12-02 18:42:51 +01:00
Mike Dalessio
04ed381742
update pipelines
2025-11-28 15:40:24 -05:00
Jorge Manrubia
e15c4987c1
Remove saas from matrix or it will always run
2025-11-28 15:53:58 +01:00
Jorge Manrubia
15e654b526
Checks only in PRs
2025-11-28 15:53:58 +01:00
Jorge Manrubia
f174058f43
Extract common checks to its own workflow to only run once
2025-11-28 15:53:58 +01:00
Jorge Manrubia
25cfa42872
Rename workflows
2025-11-28 15:53:58 +01:00
Jorge Manrubia
68bb4a84e2
Rename
2025-11-28 15:53:58 +01:00
Jorge Manrubia
dd0f9f174e
Split CI files to prevent PR workflows from accessing secrets
2025-11-28 15:53:58 +01:00
Jorge Manrubia
624b6680c7
Fix condition
2025-11-28 15:53:58 +01:00
Jorge Manrubia
d81cf9161e
Fix hostname
2025-11-28 15:53:58 +01:00
Jorge Manrubia
00cb9a3638
Set proper SaaS vars for mysql
2025-11-28 15:53:58 +01:00
Jorge Manrubia
ac649f1af0
Try to pin the host
2025-11-28 15:53:58 +01:00
Jorge Manrubia
127a4ebdc9
LOL if does not exist
2025-11-28 15:53:58 +01:00
Jorge Manrubia
93c60d09a8
Omit MySQL service with if condition
2025-11-28 15:53:58 +01:00
Jorge Manrubia
5a1d40ae65
Omit empty image
2025-11-28 15:53:58 +01:00
Jorge Manrubia
0328149ba2
Initial github action setup
2025-11-28 15:53:58 +01:00
David Heinemeier Hansson
5316a6b821
It is Local CI now
2025-04-05 17:18:54 +02:00
Mike Dalessio
2756a0ebc1
ci: Set access token to pull from the private repo
2025-03-10 12:12:56 -04:00
Kevin McConnell
5f5226d05b
Add CI
2024-06-24 15:09:34 +01:00