From 45a156034c1cddf34c0c03ce2f571290ec3c6181 Mon Sep 17 00:00:00 2001 From: Remco Burema Date: Tue, 26 Mar 2024 15:10:37 +0100 Subject: [PATCH 1/2] Make volunteer translators aware of string-freeze. CURA-11771 --- README.md | 4 +++- resources/i18n/README.md | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 resources/i18n/README.md diff --git a/README.md b/README.md index 7d1b575e69..37978a30f9 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,9 @@ *With hundreds of settings & community-managed print profiles,*
*Ultimaker Cura is sure to lead your next project to a success.* -
+**Contribute Printer Profiles?** -- Please [look here](https://github.com/Ultimaker/Cura/wiki/Adding-new-machine-profiles-to-Cura) first.
+**Contribute Translations?** -- Please [look here](https://github.com/Ultimaker/Cura/wiki/Translating-Cura) first. +
[![Button Building]][Building]    diff --git a/resources/i18n/README.md b/resources/i18n/README.md new file mode 100644 index 0000000000..37445529df --- /dev/null +++ b/resources/i18n/README.md @@ -0,0 +1,5 @@ +If you aim to contribute translations please [look here](https://github.com/Ultimaker/Cura/wiki/Translating-Cura) first. + +In particular, take heed of the following:
+When we're in the release-window (so that's when we have the beta out for the next Cura, but not the final release yet), we're also in the process of updating translations. +_**If you make a PR with updated or fixed translations within this timespan, it's likely that your additions/changes will be ignored in favour of the 'official' ones, due to how our process is set up.**_ From 25e90e51d7f97c2f9d4df175643e7f267b624aed Mon Sep 17 00:00:00 2001 From: Remco Burema Date: Tue, 26 Mar 2024 15:34:52 +0100 Subject: [PATCH 2/2] Fix outdated security-badge github-workflow. --- .github/workflows/security_badge.yml | 43 +++++++++++----------------- 1 file changed, 17 insertions(+), 26 deletions(-) diff --git a/.github/workflows/security_badge.yml b/.github/workflows/security_badge.yml index b3785a0b0e..5c037b442e 100644 --- a/.github/workflows/security_badge.yml +++ b/.github/workflows/security_badge.yml @@ -1,5 +1,5 @@ # NOTE: Best to keep all of these remarks in, they might prove useful in the future. -# This is basically just the standard one that is sugested on 'new workflow'. +# This is basically just the standard one that is suggested on 'new workflow'. name: Scorecard supply-chain security on: @@ -21,51 +21,42 @@ jobs: name: Scorecard analysis runs-on: ubuntu-latest permissions: - # Needed to upload the results to code-scanning dashboard. + # Needed for Code scanning upload security-events: write - # Needed to publish results and get a badge (see publish_results below). + # Needed for GitHub OIDC token if publish_results is true id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecard on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. + # Scorecard team runs a weekly scan of public GitHub repos, + # see https://github.com/ossf/scorecard#public-data. + # Setting `publish_results: true` helps us scale by leveraging your workflow to + # extract the results instead of relying on our own infrastructure to run scans. + # And it's free for you! publish_results: true - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. + # Upload the results as artifacts (optional). Commenting out will disable + # uploads of run results in SARIF format to the repository Actions tab. + # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif retention-days: 5 - # Upload the results to GitHub's code scanning dashboard. + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@83a02f7883b12e0e4e1a146174f5e2292a01e601 # v2.16.4 with: sarif_file: results.sarif