dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-06-06 17:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,144 Commits 96 Branches 90 Tags
e65237b8f9ddfcd0f13ed32142102e34b4d7bb2c
Commit Graph

607 Commits

Author SHA1 Message Date
Quentin Gliech eeea952b55 Add a comment about the artefact collection 2026-05-20 15:24:19 +02:00
Quentin Gliech 7834229784 Re-add DOCKER_METADATA_ANNOTATIONS_LEVELS to narrow annotations to the index 
`docker buildx imagetools create --annotation manifest:KEY=VALUE` errors
out with "manifest annotations are not supported yet". metadata-action
defaults to emitting `manifest:` prefixed entries, so without an explicit
`DOCKER_METADATA_ANNOTATIONS_LEVELS: index` the finalize step blows up
the first time it sees a non-empty annotations list.
 2026-05-20 15:22:56 +02:00
Quentin Gliech 63deb0b1fd Don't specify DOCKER_METADATA_ANNOTATIONS_LEVELS 
We're injecting annotations manually anyway
 2026-05-20 14:42:17 +02:00
Quentin Gliech d88db7deff Simplify the injection of annotations in the final manifest 2026-05-20 14:41:53 +02:00
Quentin Gliech c2dc7c11a9 Split multi-arch Docker build into parallel jobs 
- Modify Dockerfile to build single architecture based on TARGETARCH instead of cross-compiling both targets in one run
- Replace single build-image job with matrix job (amd64, arm64)
- Add finalize-image job that creates multi-arch manifests using `docker buildx imagetools create` and signs the final images
- Each architecture gets its own build cache

This enables parallel builds of each architecture, reducing total build time by running both simultaneously rather than sequentially.
 2026-05-20 12:57:22 +02:00
Quentin Gliech 750de33486 Push MAS docker images to Element OCI Registry (#5459) 2026-05-20 11:58:11 +02:00
Quentin Gliech 6946e57ffd Fix the release notes reference to the image 2026-05-20 10:58:01 +02:00
Quentin Gliech 2d6176308d Merge branch 'main' into hughns/apalis-dependabot 2026-05-20 10:45:24 +02:00
Quentin Gliech efb878e0a3 Increase dependabot interval from daily to monthly (#5686) 2026-05-20 10:44:51 +02:00
Quentin Gliech e833483070 Bump OCI login action to v4.1.0 to match the GHCR login 2026-05-20 10:44:20 +02:00
Quentin Gliech c52161d420 Merge remote-tracking branch 'origin/main' into devon/element-docker 2026-05-20 10:14:18 +02:00
Quentin Gliech 815e9ef19a Skip oci.element.io push on PR-labelled builds 
Tailscale + Vault JWT auth needs a `push`-event OIDC token, so gate the
oci-push registry image and its login steps on `github.event_name == 'push'`.
PR-labelled builds (`Z-Build-Workflow`) push only to ghcr.io.
 2026-05-20 09:50:18 +02:00
Quentin Gliech f0100c4fa8 Disable provenance in the metadata output 2026-05-20 09:34:26 +02:00
Hugh Nimmo-Smith 676e2fc75f Increase dependabot interval from daily to monthly 2026-05-15 14:04:43 +01:00
Hugh Nimmo-Smith 5976430070 Remove unused apalis dependabot config 2026-05-15 14:00:53 +01:00
Quentin Gliech f99f4f5fba Fix the transformation of the Docker build metadata in CI 
This broke in #5664 due to STEPS_BAKE_OUTPUTS_METADATA being too large
to be passed as an argument to a shell script.

This replaces the `jq` call with a javascript action which transforms
the output.
 2026-05-15 13:29:55 +02:00
Andrew Morgan 451761c39c Note that clippy is synced to the Dockerfile Rust version 2026-05-13 12:50:21 +02:00
Andrew Morgan c69b4e0cc2 Correct STEPS_BAKE_OUTPUTS_METADATA line 
Looks like this is an edge case in zizmor.
 2026-05-13 12:49:06 +02:00
Andrew Morgan ea9f324e75 Use --override to set default toolchain 
And remove now unnecessary rustup default calls.
 2026-05-13 12:45:49 +02:00
Andrew Morgan 49ad5c79e1 Use Rust 1.93.0 for clippy CI job 
Revert from stable (1.95.0), which introduced new lints. We'll tackle those in a separate PR.
 2026-05-13 10:58:26 +02:00
Andrew Morgan d1a1ef7341 Install rustfmt component 2026-05-06 16:36:58 +01:00
Andrew Morgan 0ca5040e3d Make nightly the default toolchain for cargo fmt job 2026-05-06 15:58:21 +01:00
Andrew Morgan 647b5a79ac Revert "WIP disable caching in release workflows" 
This reverts commit 72e5ae40b0.

Let's do this in a follow-up PR.
 2026-05-05 20:27:13 +01:00
Andrew Morgan 72e5ae40b0 WIP disable caching in release workflows 2026-05-05 13:16:29 +01:00
Andrew Morgan 34153e03ac Switch rust install GH action to rustup 2026-05-05 12:55:12 +01:00
Andrew Morgan d9dd2bb68e Set a cooldown for dependabot updates 
Set to 14 days to align with the rest of Element's Backend repos.
 2026-05-05 12:36:40 +01:00
Andrew Morgan cd9e54cc89 Replace steps.bake.outputs.metadata with an env var 
So the bake job's output can't be used to run arbitrary shell commands. See https://docs.zizmor.sh/audits/#template-injection
 2026-05-05 12:36:20 +01:00
Andrew Morgan fdf8dde38a Tell actions/checkout not to persist credentials 
Recommended by `zizmor`. See https://docs.zizmor.sh/audits/#artipacked
for an explanation.
 2026-05-05 12:34:58 +01:00
Andrew Morgan b99023662a Pin versions of github actions using zizmor 
To eliminate risk of supply chain attacks.
 2026-05-05 12:32:07 +01:00
Olivier 'reivilibre 2105226034 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 (#5624) 2026-04-10 17:08:00 +00:00
dependabot[bot] a804d3ecb7 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/v7.0.0...v7.1.0)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 13:54:10 +00:00
dependabot[bot] 671a676dfd build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.15 to 2.0.16 
Bumps [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) from 2.0.15 to 2.0.16.
- [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases)
- [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/v2.0.15...v2.0.16)

---
updated-dependencies:
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-version: 2.0.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 13:54:03 +00:00
dependabot[bot] a325b44827 build(deps): bump docker/login-action from 4.0.0 to 4.1.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-03 13:53:42 +00:00
Quentin Gliech 1ac6ffb5ca build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#5585) 2026-03-31 12:08:09 +02:00
Quentin Gliech 380671acbc build(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (#5584) 2026-03-31 12:06:41 +02:00
dependabot[bot] 70884482be build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.2 to 6.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5.5.2...v6.0.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:02:32 +00:00
dependabot[bot] da156aaf07 build(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:02:19 +00:00
dependabot[bot] 0b208602e8 build(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages) from 4.0.5 to 5.0.0.
- [Release notes](https://github.com/actions/deploy-pages/releases)
- [Commits](https://github.com/actions/deploy-pages/compare/v4.0.5...v5.0.0)

---
updated-dependencies:
- dependency-name: actions/deploy-pages
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:02:16 +00:00
Quentin Gliech 30a5dc0a76 build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 (#5558) 2026-03-24 11:47:28 +01:00
Quentin Gliech c820e7e630 build(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 (#5559) 2026-03-24 11:47:11 +01:00
dependabot[bot] c6a2eb73e0 build(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.5.0 to 2.6.1.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2.5.0...v2.6.1)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 13:54:56 +00:00
dependabot[bot] 5aa0b6baa0 build(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 13:54:50 +00:00
dependabot[bot] 7a55730d66 build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.10.0 to 6.0.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5.10.0...v6.0.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 13:54:43 +00:00
Quentin Gliech ff20ae6bfe build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5529) 2026-03-17 15:20:40 +01:00
Quentin Gliech 12fbd97bcd build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#5540) 2026-03-17 15:19:45 +01:00
Quentin Gliech 6d1a9b2e6d build(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#5539) 2026-03-17 15:19:35 +01:00
Quentin Gliech 058d18ff27 build(deps): bump actions/download-artifact from 7 to 8 (#5528) 2026-03-17 15:19:26 +01:00
dependabot[bot] 33abb755fb build(deps): bump docker/bake-action from 6.10.0 to 7.0.0 
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 6.10.0 to 7.0.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/v6.10.0...v7.0.0)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-17 13:54:11 +00:00
dependabot[bot] 7ae3b0f0e2 build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.12.0 to 4.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-05 13:54:20 +00:00
dependabot[bot] 16a1790e1a build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6.2.0...v6.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 13:54:46 +00:00