dependabot[bot]
a93c0f2eb1
GH Actions: Bump ossf/scorecard-action from 2.3.1 to 2.4.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...62b2cac7ed
2024-07-29 06:02:58 +00:00
Marcus Bointon
829def3388
Update for Codecov token handling change
2024-04-09 11:06:30 +02:00
Marcus Bointon
7bbeaff562
Merge pull request #3013 from PHPMailer/dependabot/github_actions/codecov/codecov-action-4
...
GH Actions: Bump codecov/codecov-action from 3 to 4
2024-04-09 11:02:24 +02:00
Marcus Bointon
e8135be763
Try to persuade postfix to install
2024-04-08 20:25:15 +02:00
Marcus Bointon
579202e36f
Merge pull request #3028 from PHPMailer/dependabot/github_actions/ramsey/composer-install-3
...
GH Actions: Bump ramsey/composer-install from 2 to 3
2024-03-12 23:07:08 +01:00
dependabot[bot]
e6ca69847a
GH Actions: Bump ramsey/composer-install from 2 to 3
...
Bumps [ramsey/composer-install](https://github.com/ramsey/composer-install ) from 2 to 3.
- [Release notes](https://github.com/ramsey/composer-install/releases )
- [Commits](https://github.com/ramsey/composer-install/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: ramsey/composer-install
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-04 06:56:31 +00:00
dependabot[bot]
52d55bf5ab
GH Actions: Bump nick-invision/retry from 2 to 3
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2 to 3.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](https://github.com/nick-invision/retry/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: nick-invision/retry
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-05 06:39:47 +00:00
dependabot[bot]
dc4f2e3418
GH Actions: Bump codecov/codecov-action from 3 to 4
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3 to 4.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-05 06:39:41 +00:00
Marcus Bointon
5372c1694d
Merge pull request #2996 from PHPMailer/dependabot/github_actions/actions/upload-artifact-4
...
GH Actions: Bump actions/upload-artifact from 3 to 4
2023-12-18 08:46:07 +01:00
dependabot[bot]
2b95ac8a56
GH Actions: Bump actions/upload-artifact from 3 to 4
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 06:16:47 +00:00
dependabot[bot]
8c65fb5bae
GH Actions: Bump github/codeql-action from 2 to 3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 06:16:42 +00:00
Marcus Bointon
66b6c7e97d
Merge pull request #2971 from PHPMailer/dependabot/github_actions/ossf/scorecard-action-2.3.1
...
GH Actions: Bump ossf/scorecard-action from 2.2.0 to 2.3.1
2023-11-23 09:15:16 +01:00
Marcus Bointon
7071666cf4
Merge pull request #2952 from PHPMailer/dependabot/github_actions/actions/checkout-4
...
GH Actions: Bump actions/checkout from 3 to 4
2023-11-23 09:14:44 +01:00
Marcus Bointon
b4bda44618
Merge pull request #2983 from jrfnl/feature/ghactions-minor-tweaks
...
GH Actions: update a few links in inline comments
2023-11-23 09:10:14 +01:00
jrfnl
e503535644
GH Actions: update a few links in inline comments
...
... as the old URLs are no longer valid.
2023-11-23 04:15:40 +01:00
jrfnl
23f8374f89
GH Actions: update for release of PHP 8.3
...
... which is expected later today.
2023-11-23 04:14:54 +01:00
dependabot[bot]
a26a3cb738
GH Actions: Bump ossf/scorecard-action from 2.2.0 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...0864cf1902
2023-10-30 06:08:11 +00:00
dependabot[bot]
edce283afc
GH Actions: Bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-11 06:14:09 +00:00
dependabot[bot]
e184d1f92c
GH Actions: Bump ossf/scorecard-action from 2.1.3 to 2.2.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](80e868c13c...08b4669551
2023-06-26 06:58:25 +00:00
dependabot[bot]
4ad37c38ce
GH Actions: Bump ossf/scorecard-action from 2.1.2 to 2.1.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
2023-04-03 06:59:05 +00:00
jrfnl
e64259b34c
GH Actions: minor simplification
...
... of the bash `date` command in the earlier pulled cache busting.
2023-03-06 16:09:18 +01:00
dependabot[bot]
2e21dd3778
GH Actions: Bump ossf/scorecard-action from 2.1.0 to 2.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.0 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](937ffa90d7...e38b1902ae
2022-12-26 06:03:39 +00:00
dependabot[bot]
1a81c80dc9
GH Actions: Bump ossf/scorecard-action from 2.0.6 to 2.1.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...937ffa90d7
2022-12-19 06:04:12 +00:00
Marcus Bointon
a3ae6b622f
Support final PHP 8.2, add PHP 8.3 as experimental
2022-12-06 15:35:05 +01:00
Marcus Bointon
ea03f4a60d
Try to resolve PHP 5.5 libsqlite issue
2022-12-05 11:51:29 +01:00
Marcus Bointon
a25a4dc3e3
Run PHP 5.5 on older OS
2022-12-05 11:33:21 +01:00
Marcus Bointon
3a3f39fa70
Skip qmail
2022-12-05 11:27:54 +01:00
Marcus Bointon
d2e9d097c1
Be noisy
2022-12-05 11:25:20 +01:00
Marcus Bointon
0447bfc3ae
Use systemd to stop postfix
2022-12-05 10:55:43 +01:00
Marcus Bointon
7a6ab223d8
Ignore failures when stopping postfix
2022-12-05 10:39:42 +01:00
Marcus Bointon
5419bf1e4b
Wait longer between retries
2022-12-05 10:36:27 +01:00
Marcus Bointon
7418a75f7e
Run tests on Ubuntu 22.04
2022-12-05 10:29:29 +01:00
Marcus Bointon
0b37477f02
Update Stack Overflow link
2022-11-08 08:48:31 +01:00
jrfnl
52f7e741ec
GH Actions: bust the cache semi-regularly
...
Caches used in GH Actions do not get updated, they can only be replaced by a different cache with a different cache key.
Now the predefined Composer install action this repo is using already creates a pretty comprehensive cache key:
> `ramsey/composer-install` will auto-generate a cache key which is composed of
the following elements:
> * The OS image name, like `ubuntu-latest`.
> * The exact PHP version, like `8.1.11`.
> * The options passed via `composer-options`.
> * The dependency version setting as per `dependency-versions`.
> * The working directory as per `working-directory`.
> * A hash of the `composer.json` and/or `composer.lock` files.
This means that aside from other factors, the cache will always be busted when changes are made to the (committed) `composer.json` or the `composer.lock` file (if the latter exists in the repo).
For packages running on recent versions of PHP, it also means that the cache will automatically be busted once a month when a new PHP version comes out.
### The problem
For runs on older PHP versions which don't receive updates anymore, the cache will not be busted via new PHP version releases, so effectively, the cache will only be busted when a change is made to the `composer.json`/`composer.lock` file - which may not happen that frequently on low-traffic repos.
But... packages _in use_ on those older PHP versions - especially dependencies of declared dependencies - may still release new versions and those new versions will not exist in the cache and will need to be downloaded each time the action is run and over time the cache gets less and less relevant as more and more packages will need to be downloaded for each run.
### The solution
To combat this issue, a new `custom-cache-suffix` option has been added to the Composer install action in version 2.2.0.
This new option allows for providing some extra information to add to the cache key, which allows for busting the cache based on your own additional criteria.
This commit implements the use of this `custom-cache-suffix` option for all relevant workflows in this repo.
Refs:
* https://github.com/ramsey/composer-install/#custom-cache-suffix
* https://github.com/ramsey/composer-install/releases/tag/2.2.0
2022-11-04 20:30:01 +01:00
Marcus Bointon
a42b4e4906
Merge pull request #2804 from jrfnl/feature/ghactions-harden-cs-steps
...
GH Actions: harden the workflow against PHPCS ruleset errors
2022-10-25 16:37:41 +02:00
dependabot[bot]
c7e3d7302d
GH Actions: Bump ossf/scorecard-action from 2.0.4 to 2.0.6
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e363bfca00...99c53751e0
2022-10-24 06:16:13 +00:00
jrfnl
86fe1f6403
GH Actions: harden the workflow against PHPCS ruleset errors
...
If there is a ruleset error, the `cs2pr` action doesn't receive an `xml` report and exits with a `0` error code, even though the PHPCS run failed (though not on CS errors, but on a ruleset error).
This changes the GH Actions workflow to allow for that situation and still fail the build in that case.
2022-10-23 11:26:12 +02:00
jrfnl
70cbf85efe
GH Actions: fix use of deprecated set-output
...
GitHub has deprecated the use of `set-output` (and `set-state`) in favour of new environment files.
This commit updates the test workflows to avoid `set-output`.
Refs:
* https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
* https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files
2022-10-14 23:08:47 +02:00
jrfnl
5a8c04a9d6
GH Actions: use semver branch/tag references instead of commit references
...
Most predefined action runners offer a long-running branch or a tag which gets moved every release to allow staying on the "latest" version of a certain major of their action, without having to update the workflow scripts on every release of the action runner.
This works well for action runners which follow semver.
I've reviewed the existing workflows and tweaked the versions used whenever possible to make optimal use of this.
* For the `ossf/scorecard-action` action runner, I have not been able to find a workable tag/branch to fix this on.
Note: I have remove the "# v1.1.1" comment though as it doesn't get updated by Dependabot and was sorely out of date (you are currently on version `2.0.4`).
With the changes in this PR, Dependabot should become less noisy and will only send in PRs to update the action runner versions when a new major release has been tagged. (save for the one exceptions mentioned above)
I would recommend watching the following repos for new releases:
* https://github.com/actions/checkout
* https://github.com/actions/upload-artifact
* https://github.com/shivammathur/setup-php
* https://github.com/ramsey/composer-install
* https://github.com/nick-fields/retry
* https://github.com/codecov/codecov-action
* https://github.com/JamesIves/github-pages-deploy-action
* https://github.com/ossf/scorecard-action
* https://github.com/github/codeql-action
This will ensure you will get an email with the changelogs for those action runners on all releases, so you can still monitor for changes in the action runners you need to be aware of.
2022-10-10 19:23:47 +02:00
Marcus Bointon
29cdd9af52
Merge pull request #2784 from PHPMailer/dependabot/github_actions/ossf/scorecard-action-2.0.4
...
GH Actions: Bump ossf/scorecard-action from 2.0.3 to 2.0.4
2022-10-03 21:05:11 +02:00
dependabot[bot]
d579dc362a
GH Actions: Bump ossf/scorecard-action from 2.0.3 to 2.0.4
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](865b409285...e363bfca00
2022-10-03 06:17:55 +00:00
dependabot[bot]
56ce2fd740
GH Actions: Bump github/codeql-action from 2.1.24 to 2.1.26
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.24 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](904260d7d9...e0e5ded33c
2022-10-03 06:17:51 +00:00
dependabot[bot]
de69dfc97f
GH Actions: Bump github/codeql-action from 2.1.22 to 2.1.24
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.22 to 2.1.24.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b398f525a5...904260d7d9
2022-09-21 13:49:27 +00:00
Marcus Bointon
7557f5d9c3
Merge pull request #2771 from PHPMailer/dependabot/github_actions/ossf/scorecard-action-2.0.3
...
GH Actions: Bump ossf/scorecard-action from 2.0.2 to 2.0.3
2022-09-21 15:29:27 +02:00
Alex
01acbb66e0
build: harden tests.yml permissions
...
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-20 16:12:44 +02:00
Alex
a09a739fd1
build: harden docs.yaml permissions
...
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-20 16:09:01 +02:00
dependabot[bot]
a47284acc9
GH Actions: Bump ossf/scorecard-action from 2.0.2 to 2.0.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](68bf5b3327...865b409285
2022-09-19 06:12:05 +00:00
dependabot[bot]
6105356343
GH Actions: Bump ossf/scorecard-action from 1.1.2 to 2.0.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.2 to 2.0.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](ce330fde6b...68bf5b3327
2022-09-12 06:24:09 +00:00
Marcus Bointon
f3a9d79c6c
Explicitly add codecov token to action, see https://github.com/codecov/codecov-action/issues/557
2022-09-06 22:56:42 +02:00
dependabot[bot]
58a18c33f8
GH Actions: Bump github/codeql-action from 2.1.21 to 2.1.22
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.21 to 2.1.22.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c7f292ea4f...b398f525a5
2022-09-05 14:15:08 +00:00
