| Age | Commit message (Collapse) | Author |
|---|
|
When making the container rework, I unknowingly deleted the section where an env with the same name as the secret was defined on the job scope, making it look like it was originally defined as an organization env.
Since we can't validate the secrets in a condition directly, it's better to let docker/login-action take care of failing the entire job if the credentials are invalid.
Reported in: https://github.com/searxng/searxng/issues/4777
|
|
By default, Dependabot opens a new pull request to update each dependency and we
have a very large number of Dependabot pull requests to review and merge, which
can quickly become difficult to manage.
The intention of this patch to dependabot is to have:
- one PR for all minor & patch level updates
- one PR for every dependency with a major update
[1] https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates
[2] https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
env.DOCKERHUB_USERNAME shouldn't be an empty string as it's defined and set (I think, I can't see this). Even if wasn't defined, GitHub Org/Repo wide envs/secrets should return an empty string (?)
|
|
container.yml will run after integration.yml COMPLETES successfully and in master branch.
Style changes, cleanup and improved integration with CI by leveraging the use of
shared cache between all workflows.
* Podman is now supported to build the container images (Docker also received a refactor, merging both build and buildx)
* Container images are being built by Buildah instead of Docker BuildKit.
* Container images are tested before release.
* Splitting "modern" (amd64 & arm64) and "legacy" (armv7) arches on different Dockerfiles allowing future optimizations.
|
|
Style changes, cleanup and improved integration with CI by leveraging the use of
shared cache between all workflows.
|
|
l10n.yml will run after integration.yml finishes successfully (will defer anything depending on integration.yml until heavy loads like container building are moved to separate workflows) and in master branch.
* After every integration.yml workflow completes successfully, only the `update` job runs.
* Dispatch and Crontab triggers only the `pr` job.
Style changes, cleanup and improved integration with CI by leveraging the use of shared cache between all workflows (not functional until all workflows have been refactored).
|
|
Instead of executing the workflow after integration.yml completes correctly, let's run this workflow parallel to integration.yml restoring the original behaviour.
|
|
* chore: docker dependabot
* Add github actions too
|
|
We actually don't need to keep the token on checkout because `peter-evans/create-pull-request` will read from `github.token`. The obvious `pull-requests` write permission wasn't set in the last fix, so I added it now.
|
|
(#4733)
documentation.yml will run after integration.yml COMPLETES successfully (will
defer anything depending on integration.yml until heavy loads like container
building are moved to separate workflows) and in master branch.
Style changes, cleanup and improved integration with CI by leveraging the use of
shared cache between all workflows (not functional until all workflows have been
refactored).
|
|
Uploading SARIFs needs to write into the repository GitHub security tab
|
|
We need to keep the token on checkout and allow writing into the repository to create the branch
|
|
Style changes, cleanup and improved integration with CI by leveraging the use of
shared cache between all workflows (not functional until all workflows have been
refactored).
|
|
|
|
Style changes, cleanup and improved integration with CI by leveraging the use of
shared cache between all workflows (not functional until all workflows have been
refactored).
|
|
- upgrade to ubuntu-24.04 to get NodeJS v20
- remove DEBUG (V=1) environment / in a ViteJS env the DEBUG environment is
reserved for interactive debugging tasks (not for verbose build messages).
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Vite is a build tool, it consists of two major parts [1]:
- A dev server that provides rich feature enhancements over native ES modules,
for example extremely fast Hot Module Replacement (HMR).
- A build command that bundles your code with Rollup, pre-configured to output
highly optimized static assets for production.
[1] https://vite.dev/guide/
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Since Ubuntu installs firefox frrom snap, we can't use any longer
``Browser('firefox')``.
[1] https://github.com/searxng/searxng/pull/3663#issuecomment-2255963036
[2] https://splinter.readthedocs.io/en/latest/drivers/firefox.html#custom-binary-path
Suggested-by: @allendema
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
- ubuntu-20.04 --> ubuntu-24.04
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Python 3.13 has been released [1]
- fasttext-predict supports py3.13 from version 0.9.2.3 [2]
[1] https://www.python.org/downloads/release/python-3130/
[2] https://github.com/searxng/fasttext-predict/commit/f2da9cd173
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
The test.coverage cause a lot of failed CI jobs for reasons that cannot be
explained. As we do not monitor the coverage anyway, it is superfluous to run
this job, especially as it only has a disruptive effect on the CI.
BTW and the CI action upload-artifact@v3 is deprecated [1]
[1] https://github.com/actions/upload-artifact?tab=readme-ov-file#actionsupload-artifact
Related: https://github.com/searxng/searxng/issues/3983
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Add a leading tag (in square brackets) about the scope/type to commit messages
from automated tasks (commits from CI).
dependantbot::
[upd] pypi: Bump .. from .. to ..
[upd] npm: Bump .. from .. to .. in /searx/static/themes/simple
Weblate translation updates::
[l10n] update translations from Weblate
updates of ./data::
[data] update searx.data ...
build commit of gh-pages::
[doc] build from commit ...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
All the environments defined in ./utils/brand.env are generated on the fly, so
there is no longer a need to define the brand environment in this file and all
the workflows to handle this file.
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
Closes: https://github.com/searxng/searxng/issues/2777#issuecomment-1720958570
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
|
|
- Python 3.7 supports security fixes only, as needed, until 2023-06 [1]
- Some of SearXNG's dependencies do no longer support Python 3.7 [2]
[1] https://peps.python.org/pep-0537/#and-beyond-schedule
[2] https://github.com/searxng/searxng/pull/2102
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Implementations of the *traits* of the engines.
Engine's traits are fetched from the origin engine and stored in a JSON file in
the *data folder*. Most often traits are languages and region codes and their
mapping from SearXNG's representation to the representation in the origin search
engine.
To load traits from the persistence::
searx.enginelib.traits.EngineTraitsMap.from_data()
For new traits new properties can be added to the class::
searx.enginelib.traits.EngineTraits
.. hint::
Implementation is downward compatible to the deprecated *supported_languages
method* from the vintage implementation.
The vintage code is tagged as *deprecated* an can be removed when all engines
has been ported to the *traits method*.
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
|
|
|
|
Also cache ./.nvm and ./node_modules
|
|
GitHub displays this warning with the actions/setup-python@2 :
Warning: The `set-output` command is deprecated and will be disabled soon.
Please upgrade to using Environment Files.
For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
|
|
|
Since ./utils/searxng.sh is implemented, the old installation procedures from
filtron, morty and searx can be removed.
For users who want to upgrade, the procedures for removing old installations
have still been retained.
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
See #1271
|
|
Administrators of public instances are incentivised to update their instances on the 1st of the month.
With this commit, the data are up to date by the 1st of the next month.
|
|
In 2021 we did not used github-discussions, see commit message of 272c9d6b.
Theses days we use github-discussions and have a Q&A category in there [1].
[1] https://github.com/searxng/searxng/discussions/categories/q-a
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
This is the first step of removing oscar theme
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
|
|
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
