Merge remote-tracking branch 'origin/latesto'

2024-01-01 19:24:07 +01:00 · 2023-02-19 11:16:56 +08:00 · 2023-02-19 11:16:56 +08:00 · d008d78cd6
commit d008d78cd6
parent 1b56b52843 e1d5c85f88
408 changed files with 96618 additions and 55272 deletions
--- a/.github/workflows/data-update.yml
+++ b/.github/workflows/data-update.yml
@ -1,7 +1,7 @@
 name: "Update searx.data"
 on:
  schedule:
-    - cron: "05 06 1 * *"
+    - cron: "59 23 28 * *"
  workflow_dispatch:

 jobs:
@ -26,7 +26,7 @@ jobs:

      - name: Install Ubuntu packages
        run: |
-          sudo ./utils/searx.sh install packages
+          sudo ./utils/searxng.sh install packages

      - name: Set up Python
        uses: actions/setup-python@v2
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@ -6,6 +6,9 @@ on:
  pull_request:
    branches: ["master"]

+permissions:
+  contents: read
+
 jobs:
  python:
    name: Python ${{ matrix.python-version }}
@ -13,24 +16,27 @@ jobs:
    strategy:
      matrix:
        os: [ubuntu-20.04]
-        python-version:  ["3.7", "3.8", "3.9", "3.10"]
+        python-version:  ["3.7", "3.8", "3.9", "3.10", "3.11"]
    steps:
    - name: Checkout
      uses: actions/checkout@v2
    - name: Install Ubuntu packages
      run: |
-        sudo ./utils/searx.sh install packages
+        sudo ./utils/searxng.sh install packages
        sudo apt install firefox
    - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
      with:
        python-version: ${{ matrix.python-version }}
        architecture: 'x64'
    - name: Cache Python dependencies
      id: cache-python
-      uses: actions/cache@v2
+      uses: actions/cache@v3
      with:
-        path: ./local
+        path: |
+          ./local
+          ./.nvm
+          ./node_modules
        key: python-${{ matrix.os }}-${{ matrix.python-version }}-${{ hashFiles('requirements*.txt', 'setup.py') }}
    - name: Install Python dependencies
      if: steps.cache-python.outputs.cache-hit != 'true'
@ -55,18 +61,21 @@ jobs:
    - name: Checkout
      uses: actions/checkout@v2
    - name: Install Ubuntu packages
-      run: sudo ./utils/searx.sh install buildhost
+      run: sudo ./utils/searxng.sh install buildhost
    - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
      with:
        python-version: '3.9'
        architecture: 'x64'
    - name: Cache Python dependencies
      id: cache-python
-      uses: actions/cache@v2
+      uses: actions/cache@v3
      with:
-        path: ./local
-        key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py') }}
+        path: |
+          ./local
+          ./.nvm
+          ./node_modules
+        key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py','.nvmrc', 'package.json') }}
    - name: Install node dependencies
      run: make V=1 node.env
    - name: Build themes
@ -75,6 +84,8 @@ jobs:
  documentation:
    name: Documentation
    runs-on: ubuntu-20.04
+    permissions:
+      contents: write  # for JamesIves/github-pages-deploy-action to push changes in repo
    steps:
    - name: Checkout
      uses: actions/checkout@v2
@ -82,18 +93,21 @@ jobs:
        fetch-depth: '0'
        persist-credentials: false
    - name: Install Ubuntu packages
-      run: sudo ./utils/searx.sh install buildhost
+      run: sudo ./utils/searxng.sh install buildhost
    - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
      with:
        python-version: '3.9'
        architecture: 'x64'
    - name: Cache Python dependencies
      id: cache-python
-      uses: actions/cache@v2
+      uses: actions/cache@v3
      with:
-        path: ./local
-        key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py') }}
+        path: |
+          ./local
+          ./.nvm
+          ./node_modules
+        key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py','.nvmrc', 'package.json') }}
    - name: Build documentation
      run: |
        make V=1 docs.clean docs.html
@ -116,6 +130,8 @@ jobs:
      - python
      - themes
      - documentation
+    permissions:
+      contents: write  # for make V=1 weblate.push.translations
    steps:
    - name: Checkout
      uses: actions/checkout@v2
@ -123,16 +139,19 @@ jobs:
        fetch-depth: '0'
        token: ${{ secrets.WEBLATE_GITHUB_TOKEN }}
    - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
      with:
        python-version: '3.9'
        architecture: 'x64'
    - name: Cache Python dependencies
      id: cache-python
-      uses: actions/cache@v2
+      uses: actions/cache@v3
      with:
-        path: ./local
-        key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py') }}
+        path: |
+          ./local
+          ./.nvm
+          ./node_modules
+        key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py','.nvmrc', 'package.json') }}
    - name: weblate & git setup
      env:
        WEBLATE_CONFIG: ${{ secrets.WEBLATE_CONFIG }}
@ -165,16 +184,19 @@ jobs:
          # make sure "make docker.push" can get the git history
          fetch-depth: '0'
      - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
        with:
          python-version: '3.9'
          architecture: 'x64'
      - name: Cache Python dependencies
        id: cache-python
-        uses: actions/cache@v2
+        uses: actions/cache@v3
        with:
-          path: ./local
-          key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py') }}
+          path: |
+            ./local
+            ./.nvm
+            ./node_modules
+          key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py','.nvmrc', 'package.json') }}
      - name: Set up QEMU
        if: env.DOCKERHUB_USERNAME != null
        uses: docker/setup-qemu-action@v1
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@ -0,0 +1,28 @@
+name: "Security checks"
+on:
+  schedule:
+    - cron: "42 05 * * *"
+  workflow_dispatch:
+
+jobs:
+  dockers:
+    name: Trivy ${{ matrix.image }}
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'searxng/searxng:latest'
+          ignore-unfixed: false
+          vuln-type: 'os,library'
+          severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
--- a/.github/workflows/translations-update.yml
+++ b/.github/workflows/translations-update.yml
@ -16,16 +16,19 @@ jobs:
        fetch-depth: '0'
        token: ${{ secrets.WEBLATE_GITHUB_TOKEN }}
    - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
      with:
        python-version: '3.9'
        architecture: 'x64'
    - name: Cache Python dependencies
      id: cache-python
-      uses: actions/cache@v2
+      uses: actions/cache@v3
      with:
-        path: ./local
-        key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py') }}
+        path: |
+          ./local
+          ./.nvm
+          ./node_modules
+        key: python-ubuntu-20.04-3.9-${{ hashFiles('requirements*.txt', 'setup.py','.nvmrc', 'package.json') }}
    - name: weblate & git setup
      env:
        WEBLATE_CONFIG: ${{ secrets.WEBLATE_CONFIG }}