Niels Lohmann
972f5cc10b
Attach a ready-to-apply patch when the amalgamation check fails ( #5229 )
...
When a PR is not amalgamated/formatted, the astyle version friction (see
the recurring blocker across many PRs) means contributors often struggle
to reproduce the exact fix locally. The check now regenerates the
amalgamation and formatting, captures the difference as a patch, and
uploads it as the `amalgamation-patch` artifact. The failure comment
links to that artifact and tells contributors to run
`git apply amalgamation.patch`, so they no longer need to install the
pinned astyle version themselves.
The pass/fail verdict is unchanged: the same PRs fail as before, and a
correctly amalgamated PR uploads nothing and passes.
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com >
2026-07-02 23:05:00 +02:00
dependabot[bot]
a69a42a930
Bump step-security/harden-runner from 2.19.3 to 2.19.4 ( #5188 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.3 to 2.19.4.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/ab7a9404c0f3da075243ca237b5fac12c98deaa5...9af89fc71515a100421586dfdb3dc9c984fbf411 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-21 22:20:29 +02:00
dependabot[bot]
e08b3cab68
Bump step-security/harden-runner from 2.19.2 to 2.19.3 ( #5173 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.2 to 2.19.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/9ca718d3bf646d6534007c269a635b3e54cadf99...ab7a9404c0f3da075243ca237b5fac12c98deaa5 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-15 20:59:12 +02:00
dependabot[bot]
630beaeb05
Bump step-security/harden-runner from 2.19.1 to 2.19.2 ( #5170 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.1 to 2.19.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9ca718d3bf646d6534007c269a635b3e54cadf99 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-14 20:04:56 +02:00
dependabot[bot]
a038cc4ef8
Bump step-security/harden-runner from 2.19.0 to 2.19.1 ( #5157 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.0 to 2.19.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...a5ad31d6a139d249332a2605b85202e8c0b78450 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 07:49:26 +02:00
dependabot[bot]
8d849594f8
Bump step-security/harden-runner from 2.17.0 to 2.19.0 ( #5147 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.17.0 to 2.19.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...8d3c67de8e2fe68ef647c8db1e6a09f647780f40 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 20:27:17 +02:00
dependabot[bot]
a5381281bf
Bump step-security/harden-runner from 2.16.1 to 2.17.0 ( #5132 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.16.1 to 2.17.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/fe104658747b27e96e4f7e80cd0a94068e53901d...f808768d1510423e83855289c910610ca9b43176 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.17.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 16:48:22 +02:00
dependabot[bot]
a8e7442b29
Bump actions/github-script from 8.0.0 to 9.0.0 ( #5134 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: 9.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 16:48:17 +02:00
dependabot[bot]
3946872265
Bump step-security/harden-runner from 2.16.0 to 2.16.1 ( #5127 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.16.0 to 2.16.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594...fe104658747b27e96e4f7e80cd0a94068e53901d )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.16.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-06 18:35:48 +02:00
dependabot[bot]
2413fc0b1d
Bump step-security/harden-runner from 2.15.1 to 2.16.0 ( #5113 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.15.1 to 2.16.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/58077d3c7e43986b6b15fba718e8ea69e387dfcc...fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.16.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-28 21:03:14 +01:00
dependabot[bot]
707c012e9c
Bump step-security/harden-runner from 2.15.0 to 2.15.1 ( #5100 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.15.0 to 2.15.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...58077d3c7e43986b6b15fba718e8ea69e387dfcc )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.15.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-13 07:17:01 +01:00
dependabot[bot]
4fd26a4ead
🤜 Bump step-security/harden-runner from 2.14.2 to 2.15.0 ( #5088 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.2 to 2.15.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/5ef0c079ce82195b2a36a210272d6b661572d83e...a90bcbc6539c36a85cdfeb73f7e2f433735f215b )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 08:00:34 +01:00
dependabot[bot]
904592d2a8
🤜 Bump step-security/harden-runner from 2.14.1 to 2.14.2 ( #5075 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/e3f713f2d8f53843e71c69a996d56f51aa9adfb9...5ef0c079ce82195b2a36a210272d6b661572d83e )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.14.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-09 20:15:00 +01:00
dependabot[bot]
fa02f62316
🤜 Bump step-security/harden-runner from 2.14.0 to 2.14.1 ( #5062 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.0 to 2.14.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/20cf305ff2072d973412fa9b1e3a4f227bda3c76...e3f713f2d8f53843e71c69a996d56f51aa9adfb9 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.14.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-27 17:08:28 +01:00
dependabot[bot]
75d9166a68
🤜 Bump step-security/harden-runner from 2.13.3 to 2.14.0 ( #5029 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.13.3 to 2.14.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/df199fb7be9f65074067a9eb93f12bb4c5547cf2...20cf305ff2072d973412fa9b1e3a4f227bda3c76 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.14.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 15:57:58 +00:00
dependabot[bot]
baceef2286
🤜 Bump step-security/harden-runner from 2.13.2 to 2.13.3 ( #5020 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.13.2 to 2.13.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/95d9a5deda9de15063e7595e9719c11c38c90ae2...df199fb7be9f65074067a9eb93f12bb4c5547cf2 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.13.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-02 16:54:33 +01:00
dependabot[bot]
af524ab666
🤜 Bump step-security/harden-runner from 2.13.1 to 2.13.2 ( #4990 )
2025-11-05 18:07:31 +01:00
dependabot[bot]
44b5a6d535
🤜 Bump step-security/harden-runner from 2.13.0 to 2.13.1 ( #4915 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.13.0 to 2.13.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/ec9f2d5744a09debf3a187a3f4f675c53b671911...f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.13.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-15 20:17:48 +02:00
dependabot[bot]
07babee604
🤜 Bump actions/github-script from 7.0.1 to 8.0.0 ( #4907 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 7.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/60a0d83039c74a4aee543508d2ffcb1c3799cdea...ed597411d8f924073f98dfc5c65a23a2325f34cd )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: 8.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-05 17:28:54 +02:00
dependabot[bot]
095d2b3a16
🤜 Bump step-security/harden-runner from 2.12.2 to 2.13.0 ( #4848 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.12.2 to 2.13.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/6c439dc8bdf85cadbbce9ed30d1c7b959517bc49...ec9f2d5744a09debf3a187a3f4f675c53b671911 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.13.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-31 22:45:24 +02:00
dependabot[bot]
d33ecd3f3b
🤜 Bump step-security/harden-runner from 2.12.1 to 2.12.2 ( #4837 )
2025-06-30 23:28:49 +02:00
dependabot[bot]
568b708fd4
🤜 Bump step-security/harden-runner from 2.12.0 to 2.12.1 ( #4815 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.12.0 to 2.12.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/0634a2670c59f64b4a01f0f96f84700a4088b9f0...002fdce3c6a235733a90a27c80493a3241e56863 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.12.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-11 18:42:32 +02:00
dependabot[bot]
2be2c83d5c
🤜 Bump step-security/harden-runner from 2.11.1 to 2.12.0 ( #4754 )
2025-04-22 18:56:49 +02:00
dependabot[bot]
71884486d1
🤜 Bump step-security/harden-runner from 2.11.0 to 2.11.1 ( #4718 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.11.0 to 2.11.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/4d991eb9b905ef189e4c376166672c3f2f230481...c6295a65d1254861815972266d5933fd6e532bdf )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-03 07:40:09 +02:00
dependabot[bot]
a3143f5f2f
🤜 Bump step-security/harden-runner from 2.10.4 to 2.11.0 ( #4652 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.10.4 to 2.11.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/cb605e52c26070c328afc4562f0b4ada7618a84e...4d991eb9b905ef189e4c376166672c3f2f230481 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-20 07:34:06 +01:00
dependabot[bot]
8c7dcd3b43
Bump step-security/harden-runner from 2.10.3 to 2.10.4 ( #4614 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.10.3 to 2.10.4.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/c95a14d0e5bab51a9f56296a4eb0e416910cd350...cb605e52c26070c328afc4562f0b4ada7618a84e )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-20 19:31:05 +01:00
dependabot[bot]
e72046ef9f
Bump step-security/harden-runner from 2.10.2 to 2.10.3 ( #4604 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.10.2 to 2.10.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/0080882f6c36860b6ba35c610c98ce87d4e2f26f...c95a14d0e5bab51a9f56296a4eb0e416910cd350 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-17 10:52:26 +01:00
StepSecurity Bot
5362012fdd
[StepSecurity] ci: Harden GitHub Actions ( #4551 )
...
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io >
2024-12-17 15:20:06 +01:00
Niels Lohmann
861ec9c3c6
Fix token permissions warnings ( #4550 )
...
* 🎓 fix token permissions warnings
* 🎓 fix token permissions warnings
* 🎓 fix token permissions warnings
2024-12-17 12:55:19 +01:00
dependabot[bot]
58949c0ad5
🤜 Bump actions/github-script from 6.4.0 to 7.0.1 ( #4540 )
2024-12-15 20:13:29 +00:00
StepSecurity Bot
4003f8da02
[StepSecurity] Apply security best practices ( #4539 )
...
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io >
2024-12-15 18:31:21 +01:00
Joyce
31c00dc729
Refactor amalgamation workflow to avoid dangerous use of pull_request_target ( #3969 )
2023-03-08 13:41:20 +01:00