dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-06-06 10:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,077 Commits 96 Branches 90 Tags
e61653cd2da20bbb63dc25e1e4ee1d0780d980ef
Commit Graph

589 Commits

Author SHA1 Message Date
Andrew Morgan 451761c39c Note that clippy is synced to the Dockerfile Rust version 2026-05-13 12:50:21 +02:00
Andrew Morgan c69b4e0cc2 Correct STEPS_BAKE_OUTPUTS_METADATA line 
Looks like this is an edge case in zizmor.
 2026-05-13 12:49:06 +02:00
Andrew Morgan ea9f324e75 Use --override to set default toolchain 
And remove now unnecessary rustup default calls.
 2026-05-13 12:45:49 +02:00
Andrew Morgan 49ad5c79e1 Use Rust 1.93.0 for clippy CI job 
Revert from stable (1.95.0), which introduced new lints. We'll tackle those in a separate PR.
 2026-05-13 10:58:26 +02:00
Andrew Morgan d1a1ef7341 Install rustfmt component 2026-05-06 16:36:58 +01:00
Andrew Morgan 0ca5040e3d Make nightly the default toolchain for cargo fmt job 2026-05-06 15:58:21 +01:00
Andrew Morgan 647b5a79ac Revert "WIP disable caching in release workflows" 
This reverts commit 72e5ae40b0.

Let's do this in a follow-up PR.
 2026-05-05 20:27:13 +01:00
Andrew Morgan 72e5ae40b0 WIP disable caching in release workflows 2026-05-05 13:16:29 +01:00
Andrew Morgan 34153e03ac Switch rust install GH action to rustup 2026-05-05 12:55:12 +01:00
Andrew Morgan d9dd2bb68e Set a cooldown for dependabot updates 
Set to 14 days to align with the rest of Element's Backend repos.
 2026-05-05 12:36:40 +01:00
Andrew Morgan cd9e54cc89 Replace steps.bake.outputs.metadata with an env var 
So the bake job's output can't be used to run arbitrary shell commands. See https://docs.zizmor.sh/audits/#template-injection
 2026-05-05 12:36:20 +01:00
Andrew Morgan fdf8dde38a Tell actions/checkout not to persist credentials 
Recommended by `zizmor`. See https://docs.zizmor.sh/audits/#artipacked
for an explanation.
 2026-05-05 12:34:58 +01:00
Andrew Morgan b99023662a Pin versions of github actions using zizmor 
To eliminate risk of supply chain attacks.
 2026-05-05 12:32:07 +01:00
Olivier 'reivilibre 2105226034 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 (#5624) 2026-04-10 17:08:00 +00:00
dependabot[bot] a804d3ecb7 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/v7.0.0...v7.1.0)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 13:54:10 +00:00
dependabot[bot] 671a676dfd build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.15 to 2.0.16 
Bumps [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) from 2.0.15 to 2.0.16.
- [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases)
- [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/v2.0.15...v2.0.16)

---
updated-dependencies:
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-version: 2.0.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 13:54:03 +00:00
dependabot[bot] a325b44827 build(deps): bump docker/login-action from 4.0.0 to 4.1.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-03 13:53:42 +00:00
Quentin Gliech 1ac6ffb5ca build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#5585) 2026-03-31 12:08:09 +02:00
Quentin Gliech 380671acbc build(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (#5584) 2026-03-31 12:06:41 +02:00
dependabot[bot] 70884482be build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.2 to 6.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5.5.2...v6.0.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:02:32 +00:00
dependabot[bot] da156aaf07 build(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:02:19 +00:00
dependabot[bot] 0b208602e8 build(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages) from 4.0.5 to 5.0.0.
- [Release notes](https://github.com/actions/deploy-pages/releases)
- [Commits](https://github.com/actions/deploy-pages/compare/v4.0.5...v5.0.0)

---
updated-dependencies:
- dependency-name: actions/deploy-pages
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:02:16 +00:00
Quentin Gliech 30a5dc0a76 build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 (#5558) 2026-03-24 11:47:28 +01:00
Quentin Gliech c820e7e630 build(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 (#5559) 2026-03-24 11:47:11 +01:00
dependabot[bot] c6a2eb73e0 build(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.5.0 to 2.6.1.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2.5.0...v2.6.1)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 13:54:56 +00:00
dependabot[bot] 5aa0b6baa0 build(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 13:54:50 +00:00
dependabot[bot] 7a55730d66 build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.10.0 to 6.0.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5.10.0...v6.0.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 13:54:43 +00:00
Quentin Gliech ff20ae6bfe build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5529) 2026-03-17 15:20:40 +01:00
Quentin Gliech 12fbd97bcd build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#5540) 2026-03-17 15:19:45 +01:00
Quentin Gliech 6d1a9b2e6d build(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#5539) 2026-03-17 15:19:35 +01:00
Quentin Gliech 058d18ff27 build(deps): bump actions/download-artifact from 7 to 8 (#5528) 2026-03-17 15:19:26 +01:00
dependabot[bot] 33abb755fb build(deps): bump docker/bake-action from 6.10.0 to 7.0.0 
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 6.10.0 to 7.0.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/v6.10.0...v7.0.0)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-17 13:54:11 +00:00
dependabot[bot] 7ae3b0f0e2 build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.12.0 to 4.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-05 13:54:20 +00:00
dependabot[bot] 16a1790e1a build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6.2.0...v6.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 13:54:46 +00:00
dependabot[bot] 3d6a993bd1 build(deps): bump docker/login-action from 3.7.0 to 4.0.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.7.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 13:54:38 +00:00
dependabot[bot] 99a17d7ac6 build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6.0.0...v7.0.0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 13:54:09 +00:00
dependabot[bot] 5f881b3d2d build(deps): bump actions/download-artifact from 7 to 8 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 13:54:01 +00:00
Quentin Gliech 207c526f00 Upgrade Rust, opa, regal, cargo-auditable and Node 2026-02-04 18:35:43 +01:00
Quentin Gliech ff8cb9e52c build(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#5457) 2026-02-04 17:03:10 +01:00
Quentin Gliech 5c7bbb9b1f build(deps): bump actions/setup-node from 6.1.0 to 6.2.0 (#5420) 2026-02-04 16:50:47 +01:00
dependabot[bot] 028db8808d build(deps): bump docker/login-action from 3.6.0 to 3.7.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.6.0...v3.7.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-28 13:54:26 +00:00
dependabot[bot] 4cdf275c73 build(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 8.0.0 to 8.1.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v8.0.0...v8.1.0)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-22 13:54:16 +00:00
dependabot[bot] 182e67fef2 build(deps): bump actions/setup-node from 6.1.0 to 6.2.0 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6.1.0...v6.2.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-15 13:54:35 +00:00
dependabot[bot] 708edf4227 build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.14 to 2.0.15 
Bumps [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) from 2.0.14 to 2.0.15.
- [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases)
- [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/v2.0.14...v2.0.15)

---
updated-dependencies:
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-version: 2.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-08 14:01:11 +00:00
dependabot[bot] bd95ac2cc4 build(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.11.1 to 3.12.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 3.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-19 13:14:31 +00:00
Quentin Gliech d8637fbed0 build(deps): bump actions/download-artifact from 6 to 7 (#5353) 2025-12-15 15:53:53 +01:00
dependabot[bot] 74d5b64127 build(deps): bump actions/download-artifact from 6 to 7 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 13:13:28 +00:00
dependabot[bot] 0c9b57700f build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 13:13:16 +00:00
Quentin Gliech e862ede93f build(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 (#5341) 2025-12-12 10:23:43 +01:00
dependabot[bot] 7eb358a9ec build(deps): bump actions/setup-node from 6.0.0 to 6.1.0 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6.0.0...v6.1.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 15:50:24 +00:00