archive-gh-me/gopass
1
0
Fork 0
mirror of https://github.com/gopasspw/gopass.git synced 2026-02-01 17:37:29 +00:00
Code Issues Projects Releases Wiki Activity
1,536 Commits 22 Branches 100 Tags
Commit Graph

22 Commits

Author SHA1 Message Date
Dominik Schulz
ac608b6767
Fix duplicate permissions 2022-12-01 23:08:50 +01:00
nathannaveen
811d42af20
Set permissions for GitHub actions (#2189) 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
 2022-12-01 10:42:49 +01:00
Dominik Schulz
e9b365a455
Use different concurrency groups for different workflows (#2365) 
See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#concurrency

RELEASE_NOTES=n/a

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2022-09-28 22:57:41 +02:00
Dominik Schulz
4dfb6492d8
Update deps. Bump to Go 1.19 (#2296) 
RELEASE_NOTES=[CLEANUP] Use Go 1.19

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2022-08-02 21:41:43 +02:00
Dominik Schulz
4cb569a83c
Use github.com/pquerna/otp to allow using the key period (#2278) 
* Use github.com/pquerna/otp to allow using the key period

RELEASE_NOTES=[BUGFIX] Use OTP key period

Fixes #2276

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>

* Address review comments.

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>

* Implement digits and algorithm parameter parsing

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>

* Use proper formatting and add logging

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>

* Make linters happy

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2022-08-02 21:24:38 +02:00
Dominik Schulz
be4deb0975
Try out syft and grype for SBOMs and vulnerability scans (#2268) 
RELEASE_NOTES=[ENHANCEMENT] Scan for vulnerabilities and add SBOM on
release

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2022-07-17 15:36:46 +02:00
Dominik Schulz
524b15e78d
Do not install gnupg and git on Mac (#2207) 
RELEASE_NOTES=n/a

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2022-05-02 15:11:45 +02:00
Yolan Romailler
c3f1a901e5
Adding concurrency to GHA (#2194) 
RELEASE_NOTES=n/a

Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
 2022-04-20 22:28:57 +02:00
Dominik Schulz
756aecafed
Bump to Go 1.18 proper (#2156) 
RELEASE_NOTES=[CLEANUP] Use Go 1.18

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2022-03-15 21:37:41 +01:00
dependabot[bot]
57be868333
Bump actions/checkout from 2.4.0 to 3 (#2148) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-02 09:29:53 +01:00
Dominik Schulz
2233d15401
Test Go 1.18beta1 (#2058) 
RELEASE_NOTES=[ENHANCEMENT] Bump to Go 1.18

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2021-12-21 09:51:46 +01:00
txt-file
72057db800
update gnupg *.deb dependency (#2050) 
In all upstream supported debian & ubuntu releases the package gnupg2 is
a dummy transitional package depending on gnupg. Depend directly on
gnupg instead of the transition.

RELEASE_NOTES=[BUGFIX] depend *.deb on gnupg instead of dummy
transitional package gnupg2

Signed-off-by: Vieno Hakkerinen <vieno@hakkerinen.eu>
 2021-11-26 18:45:41 +01:00
Dominik Schulz
c574e920b5
Use Go 1.17 to build releases (#2039) 
RELEASE_NOTES=n/a

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2021-11-13 21:59:27 +01:00
dependabot[bot]
b490c57e97
Bump actions/checkout from 2.3.5 to 2.4.0 (#2021) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-11-03 06:27:01 +01:00
dependabot[bot]
8908d02b7c
Bump actions/checkout from 2.3.4 to 2.3.5 (#2013) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-10-18 20:29:00 +02:00
dependabot[bot]
370dda1522
Bump actions/checkout from 2 to 2.3.4 (#1924) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-12 21:13:59 +02:00
Dominik Schulz
73ed2c189e
Upgrade to Go 1.16 (#1803) 
Remove usage of io/ioutil: https://golang.org/doc/go1.16?s=03#ioutil

RELEASE_NOTES=[ENHANCEMENT] Use Go 1.16

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2021-02-17 21:39:07 +01:00
Dominik Schulz
fc30b21501
Release signing (#1733) 
RELEASE_NOTES=n/a

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2021-01-19 22:43:00 +01:00
Yolan Romailler
005e249ea1
Fix Windows CI Build (#1732) 
RELEASE_NOTES=n/a

Signed-off-by: Yolan Romailler <yolan@romailler.ch>
 2021-01-19 14:42:22 +01:00
Yolan Romailler
cf266d465d
Adding SLOW_TEST_FACTOR to MacOS build (#1731) 
RELEASE_NOTES=n/a

To have tests working.

Signed-off-by: Yolan Romailler <yolan@romailler.ch>
 2021-01-19 14:08:55 +01:00
Dominik Schulz
4ec3b87055
Setup GitHub Actions (#1730) 
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2021-01-19 12:30:46 +01:00
Dominik Schulz
5c364a653f
Create build.yml 2021-01-19 11:04:06 +01:00