dependabot[bot]
4fcff55745
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.25 to 4.0.0.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](fc87bb5b5a...9e9574ef04support@github.com >
2025-09-29 14:21:26 +02:00
David Testé
9918dacd6a
chore(ci): change workflow jobs naming convention
...
The term "bpr" means Branch Protection Rule. It helps one to
identify any job that must pass before being able to merge to the
base branch.
2025-09-10 15:36:45 +02:00
dependabot[bot]
ce9647d3a9
chore(deps): bump actions/checkout from 4.2.2 to 5.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8support@github.com >
2025-08-18 14:11:55 +02:00
David Testé
11df6c69ee
chore(ci): fix workflow security warnings
...
Since Zizmor v1.9.0, new pedantic warnings are detected especially
regarding template-injection patterns.
2025-06-02 14:46:14 +02:00
David Testé
c5fab98900
chore(ci): add token to do online workflow security checks
2025-05-27 17:31:33 +02:00
dependabot[bot]
5dc3e59d13
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.23 to 3.0.25.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](4830be28ce...fc87bb5b5asupport@github.com >
2025-05-23 11:22:48 +02:00
David Testé
aa6dadfe69
chore(ci): ensure minimal permission for github default token
...
With recent enforcing of the least permissions for GITHUB_TOKEN, pull-request from external contributors would trigger systematic error (i.e. on repository checkout) in the continuous integration pipeline.
Allowing contents:read fixes this behavior.
2025-05-12 18:07:02 +02:00
David Testé
6237d2d7c3
chore(ci): upgrade actionlint to v1.7.7
...
Usage of bash script to download and extract the final binary has
been dropped.
Instead, the tarball is directly fetched according to the
ACTIONLINT_VERSION value and the integrity of the tarball is
checked with an hardcoded SHA256 sum.
2025-05-06 14:06:17 +02:00
David Testé
1ca14e6db0
chore(ci): add workflow security checks with zizmor
2025-05-06 14:06:17 +02:00
David Testé
3f3b4aef41
chore(ci): fix template-injection and token permissions issues
...
This is part of security issues remediation campaign after having
analyzed workflow using zizmor cargo tool.
2025-05-06 14:06:17 +02:00
dependabot[bot]
20602453ce
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.22 to 3.0.23.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](25ed13d062...4830be28cesupport@github.com >
2025-03-31 13:28:04 +02:00
dependabot[bot]
fb730d2953
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.20 to 3.0.22.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](c3a2b64f69...25ed13d062support@github.com >
2025-02-17 14:13:41 +01:00
David Testé
eeb6c8a71f
chore(ci): remove pull_request_target for external contributions
...
We use large GitHub hosted runners to run CI pipeline for external
contributions. This avoids possible secret exposition due to usage
of pull_request_target event. It also removes a layer a complexity
to ensure such secrets are not exposed.
The flow would be improved since tfhe-rs maintainers won't have to
relaunch failed jobs individually, thanks to the "approve and run"
button in GitHub user interface.
2025-02-13 08:45:02 +01:00
David Testé
1a3b2d71f5
chore(ci): extend external contribution to all pr workflows
...
User permission checking is done after the should-run, when there
is such step, rather than before it. This way, only workflows that
should run would fail id triggering actor is not allowed to launch
it. Thus a repository maintainer would have to re-run only a
handful of jobs that would effectively run afterward
(i.e relevant code has changed and setup-instance would be called).
2025-01-23 14:32:09 +01:00
dependabot[bot]
4438042b7d
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.19 to 3.0.20.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](6ae615f647...c3a2b64f69support@github.com >
2025-01-14 13:48:23 +01:00
dependabot[bot]
90edfdbbe7
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.18 to 3.0.19.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](6441882669...6ae615f647support@github.com >
2025-01-06 13:09:43 +01:00
dependabot[bot]
e42d203fc5
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.17 to 3.0.18.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](5d6ac37a4c...6441882669support@github.com >
2025-01-02 13:12:27 +01:00
dependabot[bot]
db61b0bb9b
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.16 to 3.0.17.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](38608ef4fb...5d6ac37a4csupport@github.com >
2024-11-25 11:06:28 +01:00
dependabot[bot]
02419d6852
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.15 to 3.0.16.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](ed00f72a3c...38608ef4fbsupport@github.com >
2024-11-04 12:53:09 +01:00
dependabot[bot]
69482dec9b
chore(deps): bump actions/checkout from 4.2.1 to 4.2.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](eef61447b9...11bd71901bsupport@github.com >
2024-10-28 15:01:14 +01:00
dependabot[bot]
894a9c2e0d
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.14 to 3.0.15.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](40ba2d51b6...ed00f72a3csupport@github.com >
2024-10-21 15:40:49 +02:00
dependabot[bot]
d8ac12daa9
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](d632683dd7...eef61447b9support@github.com >
2024-10-14 13:33:28 +02:00
dependabot[bot]
cd638526fc
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.13 to 3.0.14.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](b8f9a25a51...40ba2d51b6support@github.com >
2024-10-14 13:33:11 +02:00
dependabot[bot]
9d11ad07dc
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions
...
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 3.0.12 to 3.0.13.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](0901cf7b71...b8f9a25a51support@github.com >
2024-10-07 09:42:16 +02:00
dependabot[bot]
75d2457a6f
chore(deps): bump actions/checkout from 4.1.7 to 4.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7support@github.com >
2024-10-01 11:48:35 +02:00
aquint-zama
e1dd4ba4bf
chore: ensure actions are pinned by commit hash
2024-09-16 18:08:26 +02:00
dependabot[bot]
2d0671cdd8
chore(deps): bump actions/checkout from 4.1.5 to 4.1.7
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.5 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.1.5...692973e3d937129bcbf40652eb9f2f61becf3332 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-06-17 09:17:33 +02:00
dependabot[bot]
f605e7c2ee
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4support@github.com >
2024-05-21 10:00:15 +02:00
dependabot[bot]
80fda99068
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4support@github.com >
2024-05-13 13:46:25 +02:00
dependabot[bot]
bc991e1946
chore(deps): bump actions/checkout from 4.1.3 to 4.1.4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fadasupport@github.com >
2024-04-29 13:23:06 +02:00
dependabot[bot]
0a1cba43c4
chore(deps): bump actions/checkout from 4.1.2 to 4.1.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1support@github.com >
2024-04-22 09:20:12 +02:00
dependabot[bot]
719bad6e7d
chore(deps): bump actions/checkout from 4.1.1 to 4.1.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3support@github.com >
2024-03-18 13:58:46 +01:00
David Testé
b7d7e68d0c
chore(ci): run static linter on workflows
2024-03-05 15:00:09 +01:00
