dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-05-24 21:45:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,081 Commits 84 Branches 88 Tags
6946e57ffdbd93c402f20d8b4eef3e5ccbe1185d
Commit Graph

570 Commits

Author SHA1 Message Date
Quentin Gliech 6946e57ffd Fix the release notes reference to the image 2026-05-20 10:58:01 +02:00
Quentin Gliech e833483070 Bump OCI login action to v4.1.0 to match the GHCR login 2026-05-20 10:44:20 +02:00
Quentin Gliech c52161d420 Merge remote-tracking branch 'origin/main' into devon/element-docker 2026-05-20 10:14:18 +02:00
Quentin Gliech 815e9ef19a Skip oci.element.io push on PR-labelled builds 
Tailscale + Vault JWT auth needs a `push`-event OIDC token, so gate the
oci-push registry image and its login steps on `github.event_name == 'push'`.
PR-labelled builds (`Z-Build-Workflow`) push only to ghcr.io.
 2026-05-20 09:50:18 +02:00
Quentin Gliech f0100c4fa8 Disable provenance in the metadata output 2026-05-20 09:34:26 +02:00
Quentin Gliech f99f4f5fba Fix the transformation of the Docker build metadata in CI 
This broke in #5664 due to STEPS_BAKE_OUTPUTS_METADATA being too large
to be passed as an argument to a shell script.

This replaces the `jq` call with a javascript action which transforms
the output.
 2026-05-15 13:29:55 +02:00
Andrew Morgan 451761c39c Note that clippy is synced to the Dockerfile Rust version 2026-05-13 12:50:21 +02:00
Andrew Morgan c69b4e0cc2 Correct STEPS_BAKE_OUTPUTS_METADATA line 
Looks like this is an edge case in zizmor.
 2026-05-13 12:49:06 +02:00
Andrew Morgan ea9f324e75 Use --override to set default toolchain 
And remove now unnecessary rustup default calls.
 2026-05-13 12:45:49 +02:00
Andrew Morgan 49ad5c79e1 Use Rust 1.93.0 for clippy CI job 
Revert from stable (1.95.0), which introduced new lints. We'll tackle those in a separate PR.
 2026-05-13 10:58:26 +02:00
Andrew Morgan d1a1ef7341 Install rustfmt component 2026-05-06 16:36:58 +01:00
Andrew Morgan 0ca5040e3d Make nightly the default toolchain for cargo fmt job 2026-05-06 15:58:21 +01:00
Andrew Morgan 647b5a79ac Revert "WIP disable caching in release workflows" 
This reverts commit 72e5ae40b0.

Let's do this in a follow-up PR.
 2026-05-05 20:27:13 +01:00
Andrew Morgan 72e5ae40b0 WIP disable caching in release workflows 2026-05-05 13:16:29 +01:00
Andrew Morgan 34153e03ac Switch rust install GH action to rustup 2026-05-05 12:55:12 +01:00
Andrew Morgan cd9e54cc89 Replace steps.bake.outputs.metadata with an env var 
So the bake job's output can't be used to run arbitrary shell commands. See https://docs.zizmor.sh/audits/#template-injection
 2026-05-05 12:36:20 +01:00
Andrew Morgan fdf8dde38a Tell actions/checkout not to persist credentials 
Recommended by `zizmor`. See https://docs.zizmor.sh/audits/#artipacked
for an explanation.
 2026-05-05 12:34:58 +01:00
Andrew Morgan b99023662a Pin versions of github actions using zizmor 
To eliminate risk of supply chain attacks.
 2026-05-05 12:32:07 +01:00
Olivier 'reivilibre 2105226034 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 (#5624) 2026-04-10 17:08:00 +00:00
dependabot[bot] a804d3ecb7 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/v7.0.0...v7.1.0)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 13:54:10 +00:00
dependabot[bot] 671a676dfd build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.15 to 2.0.16 
Bumps [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) from 2.0.15 to 2.0.16.
- [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases)
- [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/v2.0.15...v2.0.16)

---
updated-dependencies:
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-version: 2.0.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 13:54:03 +00:00
dependabot[bot] a325b44827 build(deps): bump docker/login-action from 4.0.0 to 4.1.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-03 13:53:42 +00:00
Quentin Gliech 1ac6ffb5ca build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#5585) 2026-03-31 12:08:09 +02:00
Quentin Gliech 380671acbc build(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (#5584) 2026-03-31 12:06:41 +02:00
dependabot[bot] 70884482be build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.2 to 6.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5.5.2...v6.0.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:02:32 +00:00
dependabot[bot] da156aaf07 build(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:02:19 +00:00
dependabot[bot] 0b208602e8 build(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages) from 4.0.5 to 5.0.0.
- [Release notes](https://github.com/actions/deploy-pages/releases)
- [Commits](https://github.com/actions/deploy-pages/compare/v4.0.5...v5.0.0)

---
updated-dependencies:
- dependency-name: actions/deploy-pages
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:02:16 +00:00
Quentin Gliech 30a5dc0a76 build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 (#5558) 2026-03-24 11:47:28 +01:00
Quentin Gliech c820e7e630 build(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 (#5559) 2026-03-24 11:47:11 +01:00
dependabot[bot] c6a2eb73e0 build(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.5.0 to 2.6.1.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2.5.0...v2.6.1)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 13:54:56 +00:00
dependabot[bot] 5aa0b6baa0 build(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 13:54:50 +00:00
dependabot[bot] 7a55730d66 build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.10.0 to 6.0.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5.10.0...v6.0.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 13:54:43 +00:00
Quentin Gliech ff20ae6bfe build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5529) 2026-03-17 15:20:40 +01:00
Quentin Gliech 12fbd97bcd build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#5540) 2026-03-17 15:19:45 +01:00
Quentin Gliech 6d1a9b2e6d build(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#5539) 2026-03-17 15:19:35 +01:00
Quentin Gliech 058d18ff27 build(deps): bump actions/download-artifact from 7 to 8 (#5528) 2026-03-17 15:19:26 +01:00
dependabot[bot] 33abb755fb build(deps): bump docker/bake-action from 6.10.0 to 7.0.0 
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 6.10.0 to 7.0.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/v6.10.0...v7.0.0)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-17 13:54:11 +00:00
dependabot[bot] 7ae3b0f0e2 build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.12.0 to 4.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-05 13:54:20 +00:00
dependabot[bot] 16a1790e1a build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6.2.0...v6.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 13:54:46 +00:00
dependabot[bot] 3d6a993bd1 build(deps): bump docker/login-action from 3.7.0 to 4.0.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.7.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 13:54:38 +00:00
dependabot[bot] 99a17d7ac6 build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6.0.0...v7.0.0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 13:54:09 +00:00
dependabot[bot] 5f881b3d2d build(deps): bump actions/download-artifact from 7 to 8 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 13:54:01 +00:00
Quentin Gliech 3451ce0cd5 Merge branch 'main' into devon/element-docker 2026-02-17 11:50:54 +01:00
Quentin Gliech 207c526f00 Upgrade Rust, opa, regal, cargo-auditable and Node 2026-02-04 18:35:43 +01:00
Quentin Gliech ff8cb9e52c build(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#5457) 2026-02-04 17:03:10 +01:00
Quentin Gliech 5c7bbb9b1f build(deps): bump actions/setup-node from 6.1.0 to 6.2.0 (#5420) 2026-02-04 16:50:47 +01:00
Devon Hudson 0d9525328b Push MAS docker images to Element OCI Registry 2026-01-30 17:08:07 -07:00
dependabot[bot] 028db8808d build(deps): bump docker/login-action from 3.6.0 to 3.7.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.6.0...v3.7.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-28 13:54:26 +00:00
dependabot[bot] 4cdf275c73 build(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 8.0.0 to 8.1.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v8.0.0...v8.1.0)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-22 13:54:16 +00:00
dependabot[bot] 182e67fef2 build(deps): bump actions/setup-node from 6.1.0 to 6.2.0 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6.1.0...v6.2.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-15 13:54:35 +00:00