Lucas Manuel Rodriguez
a66befeb1f
Fix update certs CI check ( #38566 )
...
Fix to only create a PR if there are changes, see
https://github.com/fleetdm/fleet/pull/38563 .
2026-01-21 13:08:22 -03:00
Ian Littman
18256bdf0e
Add missing step-security hardening action, bump to current version ( #38470 )
...
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded security protections across build and deployment workflows
for enhanced runner environment hardening.
* Strengthened CI/CD infrastructure security measures throughout
automated processes.
* No direct user-facing changes.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-01-19 15:10:48 -06:00
Lucas Manuel Rodriguez
5daa0a6777
Update mk-ca-bundle.pl from curl/curl ( #37830 )
...
https://github.com/fleetdm/fleet/actions/workflows/update-certs.yml has
been failing for some time.
There's a redirection by mozilla.com that is breaking the curl execution
in the current version of the script.
It's fixed by adding the `-L` to the curl execution.
I updated the script from the new version in
9f1838e965/scripts/mk-ca-bundle.plhttps://github.com/fleetdm/fleet/actions/runs/20717674684 which
generated the following PR: https://github.com/fleetdm/fleet/pull/37834 .
2026-01-05 13:33:34 -03:00
Lucas Manuel Rodriguez
83342c4042
Add reviewers to automated PRs ( #18390 )
...
I was thinking on adding `team-reviewers: go`, but there's the following
note on the github's action repository, so let's start simple:
2024-04-18 10:51:07 -03:00
Luke Heath
6ebc308eb4
[StepSecurity] ci: Harden GitHub Actions ( #17780 )
2024-03-22 15:32:23 -05:00
Michal Nicpon
56f3cb62ef
add concurrency to ci ( #8271 )
...
* add concurrency to ci
* add readme for workflows
2022-10-24 14:01:00 -06:00
Lucas Manuel Rodriguez
bec3824ddb
Update mk-ca-bundle.pl tool in repository ( #8184 )
...
* Update mk-ca-bundle.pl in repository
* Update certs.pem with new version of mk-ca-bundle.pl
* Add extra check against curl.se site
2022-10-12 12:01:18 -03:00
Michal Nicpon
9056b22874
set default shell in workflows ( #8108 )
...
* wait for mysql in workflows
2022-10-07 09:43:56 -06:00
dependabot[bot]
200ddfaaff
Bump actions/checkout from 2 to 3.0.2 ( #7301 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...2541b1294d2704b0964813337f33b291d3f8596b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-31 07:44:22 -03:00
Guillaume Ross
e6c6b7e840
Added explicit read permissions + tweaked permissions ( #4843 )
...
* Added explicit read permissions + tweaked permissions
As a part of #4698 - this should fix the remaining warnings we get from the OSSF scorecard in relation to github workflows. They now all have explicit read permissions with more granular permissions granted in jobs.
* Update tfsec.yml
New workflow that I had not fixed in this PR.
2022-03-28 16:20:31 -04:00
Zach Wasserman
96d81596f3
Add GitHub action for updating CA certs bundle ( #4041 )
...
See #4029
2022-02-07 09:44:31 -08:00
