shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-25 23:21:33 +03:00
Code
55,003 Commits 36 Branches 652 Tags 226 MiB
ed0e6f0f71
Commit Graph

4 Commits

Author SHA1 Message Date
Evgeny Vereshchagin
0da6973c17 ci: switch to weekly dependabot updates 
Apparently some dependencies get updated much more often
than I would have exepected.

It can always be triggered manually at https://github.com/systemd/systemd/network/dependencies
if there are any urgent updates
 2021-11-17 12:16:57 +00:00
Evgeny Vereshchagin
b3a1fb795a ci: LGPLv2+ify dependapot config and codeql action 2021-11-14 09:48:22 +00:00
Evgeny Vereshchagin
38ac3ab10a ci: allow Dependabot to open up to 2 PRs 
Apparently version updates aren't always disabled on old forks,
which leads to new PRs opened there. To somewhat mitigate the
issue let's limit the number of PRs Dependabot can create.

It was reported in https://github.com/yuwata/systemd/pull/2#issuecomment-967737195
 2021-11-11 17:20:30 +00:00
Evgeny Vereshchagin
5570313421 ci: pin labeler 
Turns out GHActions where `pull_request_target` is used are capable
of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

labeler doesn't check out the source code or build anything so
it's safe in its current form but to avoid surprises let's just pin
it to the latest version. It's annoying to manage dependencies like this
manually so additionally dependabot.yml is introduced to make it
easier to keep GHActions up to date more or less automatically:
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
 2021-11-11 10:19:06 +00:00