Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/complement_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:

steps:
- name: Checkout synapse codebase
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231 # v6.0.2
with:
path: synapse

Expand All @@ -50,7 +50,7 @@ jobs:
shell: bash

- name: Install Rust
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
with:
toolchain: ${{ env.RUST_VERSION }}
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/docker-famedly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
# automatically passed into the workflow. This workflow is pinned to this branch so
# the support for including a namespace for the docker image name does not break
# digest merging for multiple architectures.
uses: famedly/github-workflows/.github/workflows/docker.yml@jason-docker-namespace
uses: famedly/github-workflows/.github/workflows/docker.yml@57b383862ba81dfa265bb33d492e2bbcbc96891d
with:
push: ${{ github.event_name != 'pull_request' }} # Always build, don't publish on pull requests
registry: ghcr.io
Expand Down Expand Up @@ -85,7 +85,7 @@ jobs:
strategy:
matrix:
job: ${{ fromJson(needs.calculate_mod_build.outputs.build_matrix) }}
uses: famedly/github-workflows/.github/workflows/docker.yml@jason-docker-namespace
uses: famedly/github-workflows/.github/workflows/docker.yml@57b383862ba81dfa265bb33d492e2bbcbc96891d
with:
push: ${{ github.event_name != 'pull_request' }} # Always build, don't publish on pull requests
registry_user: ${{ vars.REGISTRY_USER }}
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/docker-pr-dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,28 +35,28 @@ jobs:
fi

- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5

- name: Login to Harbor
uses: docker/login-action@v3
uses: docker/login-action@2ff7bc63ffa51414f77e9cbeea0d3297c1672d2e
with:
registry: ${{ env.REGISTRY_HARBOR }}
username: ${{ vars.REGISTRY_USER }}
password: ${{ secrets.registry_password }}

- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@2ff7bc63ffa51414f77e9cbeea0d3297c1672d2e
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9
with:
images: |
${{ env.REGISTRY_GHCR }}/famedly/${{ env.IMAGE_NAME }}
Expand All @@ -68,7 +68,7 @@ jobs:

- name: Build and push Docker image (amd64 only)
id: build
uses: docker/build-push-action@v5
uses: docker/build-push-action@9e8d01178c767b734d2fef9a000ac2a2137f483f
with:
context: .
push: true
Expand Down
36 changes: 18 additions & 18 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@ jobs:
steps:
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.0.0

- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231 # v6.0.2

- name: Extract version from pyproject.toml
# Note: explicitly requesting bash will mean bash is invoked with `-eo pipefail`, see
Expand All @@ -41,20 +41,20 @@ jobs:
echo "SYNAPSE_VERSION=$(grep "^version" pyproject.toml | sed -E 's/version\s*=\s*["]([^"]*)["]/\1/')" >> $GITHUB_ENV

- name: Log in to DockerHub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
uses: docker/login-action@2ff7bc63ffa51414f77e9cbeea0d3297c1672d2e # v4.0.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Log in to GHCR
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
uses: docker/login-action@2ff7bc63ffa51414f77e9cbeea0d3297c1672d2e # v4.0.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Tailscale
uses: tailscale/github-action@306e68a486fd2350f2bfc3b19fcd143891a4a2d8 # v4.1.2
uses: tailscale/github-action@586e48b2b708c2650a83e9e6981a832a59e1119d # v4.1.2
with:
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
audience: ${{ secrets.TS_AUDIENCE }}
Expand All @@ -67,7 +67,7 @@ jobs:

- name: Get team registry token
id: import-secrets
uses: hashicorp/vault-action@4c06c5ccf5c0761b6029f56cfb1dcf5565918a3b # v3.4.0
uses: hashicorp/vault-action@892a26828f195e65540a40b4768ae4571f51ebfc # v3.4.0
with:
url: https://vault.infra.ci.i.element.dev
role: ${{ steps.vault-jwt-role.outputs.role_name }}
Expand All @@ -79,15 +79,15 @@ jobs:
services/backend-repositories/secret/data/oci.element.io password | OCI_PASSWORD ;

- name: Login to Element OCI Registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
uses: docker/login-action@2ff7bc63ffa51414f77e9cbeea0d3297c1672d2e # v4.0.0
with:
registry: oci-push.vpn.infra.element.io
username: ${{ steps.import-secrets.outputs.OCI_USERNAME }}
password: ${{ steps.import-secrets.outputs.OCI_PASSWORD }}

- name: Build and push by digest
id: build
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
uses: docker/build-push-action@9e8d01178c767b734d2fef9a000ac2a2137f483f # v7.0.0
with:
push: true
labels: |
Expand All @@ -108,7 +108,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"

- name: Upload digest
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.0
with:
name: digests-${{ matrix.suffix }}
path: ${{ runner.temp }}/digests/*
Expand All @@ -129,29 +129,29 @@ jobs:
- build
steps:
- name: Download digests
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
uses: actions/download-artifact@484a0b528fb4d7bd804637ccb632e47a0e638317 # v8.0.1
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true

- name: Log in to DockerHub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
uses: docker/login-action@2ff7bc63ffa51414f77e9cbeea0d3297c1672d2e # v4.0.0
if: ${{ startsWith(matrix.repository, 'docker.io') }}
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Log in to GHCR
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
uses: docker/login-action@2ff7bc63ffa51414f77e9cbeea0d3297c1672d2e # v4.0.0
if: ${{ startsWith(matrix.repository, 'ghcr.io') }}
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Tailscale
uses: tailscale/github-action@306e68a486fd2350f2bfc3b19fcd143891a4a2d8 # v4.1.2
uses: tailscale/github-action@586e48b2b708c2650a83e9e6981a832a59e1119d # v4.1.2
with:
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
audience: ${{ secrets.TS_AUDIENCE }}
Expand All @@ -164,7 +164,7 @@ jobs:

- name: Get team registry token
id: import-secrets
uses: hashicorp/vault-action@4c06c5ccf5c0761b6029f56cfb1dcf5565918a3b # v3.4.0
uses: hashicorp/vault-action@892a26828f195e65540a40b4768ae4571f51ebfc # v3.4.0
with:
url: https://vault.infra.ci.i.element.dev
role: ${{ steps.vault-jwt-role.outputs.role_name }}
Expand All @@ -176,20 +176,20 @@ jobs:
services/backend-repositories/secret/data/oci.element.io password | OCI_PASSWORD ;

- name: Login to Element OCI Registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
uses: docker/login-action@2ff7bc63ffa51414f77e9cbeea0d3297c1672d2e # v4.0.0
with:
registry: oci-push.vpn.infra.element.io
username: ${{ steps.import-secrets.outputs.OCI_USERNAME }}
password: ${{ steps.import-secrets.outputs.OCI_PASSWORD }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.0.0

- name: Install Cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.0.0

- name: Calculate docker image tag
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.0.0
with:
images: ${{ matrix.repository }}
flavor: |
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/docs-pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@ jobs:
fetch-depth: 0

- name: Setup mdbook
uses: peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
uses: peaceiris/actions-mdbook@a6f333f62c4b46ed5190d00cab3b7f9a6996274c # v2.0.0
with:
mdbook-version: "0.5.2"

- name: Setup python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
uses: actions/setup-python@c8813ba1bc76ebf779b911ad8ffccbf2e449cb48 # v6.2.0
with:
python-version: "3.x"

Expand All @@ -45,7 +45,7 @@ jobs:
cp book/welcome_and_overview.html book/index.html

- name: Upload Artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.0
with:
name: book
path: book
Expand All @@ -59,7 +59,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Setup mdbook
uses: peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
uses: peaceiris/actions-mdbook@a6f333f62c4b46ed5190d00cab3b7f9a6996274c # v2.0.0
with:
mdbook-version: "0.5.2"

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ jobs:
fetch-depth: 0

- name: Caching
uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
uses: Swatinem/rust-cache@65012b490220f477f20ab979e35ae732e6de4e68 # v2.8.0
with:
shared-key: "mdbook"
save-if: ${{ ! startsWith(github.ref, 'gh-readonly-queue/') }}
Expand All @@ -76,7 +76,7 @@ jobs:
run: echo 'window.SYNAPSE_VERSION = "${{ needs.pre.outputs.branch-version }}";' > ./docs/website_files/version.js

- name: Setup python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
uses: actions/setup-python@c8813ba1bc76ebf779b911ad8ffccbf2e449cb48 # v6.2.0
with:
python-version: "3.x"

Expand Down
Loading
Loading