dependabot[bot]
22b0ad13e2
🌱 Bump the github-actions group with 2 updates ( #4221 )
2024-07-10 21:29:26 +00:00
dependabot[bot]
98bb37fd3f
🌱 Bump github/codeql-action in the github-actions group ( #4202 )
2024-07-03 22:42:05 +00:00
Spencer Schrock
4895019884
fix dependabot config to group docker images ( #4211 )
...
This is apparently required with the current implementation of multi dir PRs.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-03 16:47:20 -04:00
dependabot[bot]
89d94606a1
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4190 )
...
Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout ), [github/codeql-action](https://github.com/github/codeql-action ) and [ko-build/setup-ko](https://github.com/ko-build/setup-ko ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...23acc5c183https://github.com/ko-build/setup-ko/releases )
- [Commits](ace48d7935...3aebd0597d
2024-06-26 21:01:56 +00:00
dependabot[bot]
6cae56f02b
🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 ( #4158 )
...
* 🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5.1.0 to 6.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5742e2a039...286f3b13b1https://goreleaser.com/deprecations/#-skip
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update config for v2
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use goreleaser v2 tooling for makefile
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Stephen Augustus <justaugustus@users.noreply.github.com>
2024-06-25 22:30:41 +00:00
Spencer Schrock
0d57c0224a
📖 Generate probe markdown documentation ( #4184 )
...
* generate probe markdown documentation
Walks the various probes def.yaml files and puts them in a single
markdown document. This doesn't currently include the remediation, but
neither does the existing checks.md document either.
In order to avoid duplicating yaml definitions, this existing ones were
moved to an internal directory so they can be reused.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe doc generation to Makefile
Note: There is no validate-docs step for the probes code, as the
def.yml fields are validated elsewhere currently in the unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix license for new yaml package
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-06-20 21:05:06 +00:00
dependabot[bot]
397ca510b4
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4159 )
...
Bumps the github-actions group with 3 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner ), [github/codeql-action](https://github.com/github/codeql-action ) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `step-security/harden-runner` from 2.8.0 to 2.8.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](f086349bfa...17d0e2bd7dhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...2e230e8fe0https://github.com/actions/dependency-review-action/releases )
- [Commits](0c155c5e85...72eb03d02c
2024-06-10 12:51:30 -04:00
dependabot[bot]
465add2acb
🌱 Bump the github-actions group with 2 updates ( #4127 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `step-security/harden-runner` from 2.7.1 to 2.8.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](a4aa98b93c...f086349bfahttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b7cec75265...9fdb3e4972
2024-05-29 08:23:28 -07:00
dependabot[bot]
72d60412a0
🌱 Bump actions/checkout in the github-actions group ( #4116 )
...
Bumps the github-actions group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.5 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4
2024-05-20 17:15:02 -04:00
dependabot[bot]
840f30c7c3
🌱 Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 ( #4103 )
...
* 🌱 Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](7ec5c2b0c6...5742e2a039
2024-05-14 10:36:59 -07:00
dependabot[bot]
6815161e15
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4105 )
2024-05-13 20:31:43 +00:00
dependabot[bot]
81d239f19c
🌱 Bump actions/setup-go from 5.0.0 to 5.0.1 ( #4083 )
2024-05-06 21:15:59 +00:00
dependabot[bot]
f3859fcd73
🌱 Bump the github-actions group across 1 directory with 2 updates ( #4085 )
2024-05-06 20:59:35 +00:00
dependabot[bot]
6147f367c4
🌱 Bump the github-actions group across 1 directory with 4 updates ( #4067 )
2024-04-30 21:18:01 +00:00
Spencer Schrock
d4487dc774
🌱 Enable dependabot multi-directory updates ( #4062 )
...
* allowed shared updates across gomod directories
Signed-off-by: Spencer Schrock <sschrock@google.com>
* group docker directories
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-30 13:36:49 -07:00
dependabot[bot]
db55585a49
🌱 Bump the github-actions group across 1 directory with 6 updates ( #4051 )
2024-04-24 17:59:20 +00:00
Spencer Schrock
252eee2f68
🌱 bump publishimage version ( #4028 )
...
* bump version
Signed-off-by: Spencer Schrock <sschrock@google.com>
* only publish images for tagged releases or candidates.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-24 10:27:28 -07:00
Adam Harvey
b77f248ff6
🌱 Bump CodeQL Action version to 3.24.10 and remove whitespace ( #3972 )
...
* 🌱 Remove whitespace
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
* 🌱 Bump CodeQL Action version manually
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
* 🌱 Bump CodeQL Action to v3.x series
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
* chore(ci): Bump to latest CodeQL action hash/version
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
---------
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
2024-04-12 05:28:34 +00:00
dependabot[bot]
d58bfb03aa
🌱 Bump the github-actions group with 6 updates ( #3985 )
...
Updates the requirements on [actions/checkout](https://github.com/actions/checkout ), [github/codeql-action](https://github.com/github/codeql-action ), [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [actions/cache](https://github.com/actions/cache ), [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) and [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) to permit the latest version.
Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cdcdbb5797https://github.com/actions/dependency-review-action/releases )
- [Commits](9129d7d40b...5bbc3ba658https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](ab5e6d0c87...0c45773b62https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0 )
Updates `slsa-framework/slsa-verifier` from 2.4.1 to 2.5.1
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1...v2.5.1 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-type: direct:production
dependency-group: github-actions
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-01 14:27:31 -07:00
Spencer Schrock
e780e089f5
🌱 polish scorecard workflow for use as example workflow ( #3969 )
...
This updates the version comments, adds some explanatory comments,
and generally makes it better. The intent is to use this file as an example
for the Scorecard Action repo so it remains up-to-date.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-03-22 11:14:57 -07:00
dependabot[bot]
90a3708b19
🌱 Bump the github-actions group with 2 updates ( #3911 )
...
Bumps the github-actions group with 2 updates: [actions/cache](https://github.com/actions/cache ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/cache` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](13aacd865c...ab5e6d0c87https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...c850b930e6
2024-03-04 09:48:54 -08:00
afmarcum
60eec25c8c
🌱 Update stale.yml, issue template label references ( #3907 )
...
Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com>
2024-02-29 14:18:25 -08:00
dependabot[bot]
b972699842
🌱 Bump the github-actions group with 1 update ( #3896 )
...
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/dependency-review-action` from 4.0.0 to 4.1.3
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](4901385134...9129d7d40b
2024-02-22 18:51:29 +00:00
Spencer Schrock
4f4b44d08a
🌱 Use git diff instead of external action for changed files ( #3894 )
...
* Use git diff instead of third party action.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* clarify approach
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-02-22 10:07:06 -08:00
dependabot[bot]
9b65bde9a6
🌱 Bump the github-actions group with 1 update ( #3870 )
...
Bumps the github-actions group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ).
Updates `golangci/golangci-lint-action` from 3.7.0 to 4.0.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](3a91952989...3cfe3a4abb
2024-02-13 15:42:00 +00:00
dependabot[bot]
fb3edd9d63
🌱 Bump the github-actions group with 6 updates ( #3860 )
...
Bumps the github-actions group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner ) | `2.6.1` | `2.7.0` |
| [nick-invision/retry](https://github.com/nick-invision/retry ) | `2.9.0` | `3.0.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `3.1.5` | `3.1.6` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.3.0` | `3.4.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.0` | `4.3.1` |
| [actions/download-artifact](https://github.com/actions/download-artifact ) | `4.1.1` | `4.1.2` |
Updates `step-security/harden-runner` from 2.6.1 to 2.7.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](eb238b55ef...63c24ba6bdhttps://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](14672906e6...7152eba30chttps://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](4fe8c5f003...ab904c41d6https://github.com/sigstore/cosign-installer/releases )
- [Commits](9614fae9e5...e1523de757https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312https://github.com/actions/download-artifact/releases )
- [Commits](6b208ae046...eaceaf801f
2024-02-07 12:21:56 -08:00
Spencer Schrock
64d330790d
🌱 Update Go toolchain to 1.22 ( #3859 )
...
* update workflows to use go 1.22
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update tools go.mod to 1.22.
no one imports this, so we can bump it now and
avoid issues in the future where we need to upgrade.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump docker files
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-02-07 11:36:37 -08:00
dependabot[bot]
ccf2553bef
🌱 Bump arduino/setup-protoc from 1.3.0 to 3.0.0 ( #3853 )
...
* 🌱 Bump arduino/setup-protoc from 1.3.0 to 3.0.0
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](149f6c87b9...c65c819552
2024-02-06 21:40:01 +00:00
dependabot[bot]
6f816c80bc
🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2 ( #3834 )
...
* 🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.6.1...v1.6.2 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* specify go patch version
go mod tidy requires this. I was able to delete the toolchain directive,
and it wasn't added back.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump dockerfiles to 1.21.6 so the build works
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump go version used in codeql workflow
github runners currently use Go 1.20 by default,
which doesn't understand 1.21.x format.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-01-31 18:54:06 +00:00
dependabot[bot]
a25f108f4b
🌱 Bump the github-actions group with 3 updates ( #3825 )
...
Bumps the github-actions group with 3 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [codecov/codecov-action](https://github.com/codecov/codecov-action ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `tj-actions/changed-files` from 42.0.0 to 42.0.2
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](ae82ed4ae0...90a06d6ba9https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](eaaf4bedf3...4fe8c5f003https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-29 11:07:53 -08:00
Josh Soref
3b948257fc
📖 Fix spelling ( #3804 )
...
* spelling: accurate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: administrator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: analyze
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: andtwenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ascii
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: association
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: at least
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: attestor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: barbaric
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: bucket
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: by
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: can
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-insensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-sensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: checking
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: command-line
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: commit
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: committed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: conclusion
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: corresponding
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: created
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dataset
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: default
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: defines
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependabot
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependency
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: depending
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: desired
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: different
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: disclose
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: download
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: each
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: enforce
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: every time
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: exist
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: existing
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: fields
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: files
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: for
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: force-push
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: gitlab
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ignoreed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implementation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implements
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: increase
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: indicates
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: initialized
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: instructions
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: invalid
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: marshal
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: match
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: name
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: nonexistent
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: organization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: package
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: provenance
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: query
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: readers
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: receive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: registered
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: remediate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requests
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requires
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: return
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: scorecard
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: separator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: serialization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: sign up
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specifications
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: successfully
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: their
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: twenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unexpected
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unused
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unverified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: validate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vendor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulns
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: will
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: without
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflow
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflows
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---------
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-01-26 23:08:26 +00:00
dependabot[bot]
e41a3febdb
🌱 Bump the github-actions group with 4 updates ( #3815 )
...
Bumps the github-actions group with 4 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [actions/cache](https://github.com/actions/cache ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/dependency-review-action` from 3.1.5 to 4.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](c74b580d73...4901385134https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](62f4729b5d...ae82ed4ae0https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](e12d46a63a...13aacd865chttps://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b
2024-01-22 08:43:02 -06:00
Spencer Schrock
ee4e83a318
🌱 Enforce make add-projects for GitHub and GitLab repos ( #3780 )
...
* fail if add-projects not run
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add gitlab file to add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* order gitlab projects with make add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* simplify workflow job
this binary doesn't need the build protos
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-01-19 14:11:19 -08:00
dependabot[bot]
8ac9ca15a3
🌱 Bump the github-actions group with 4 updates ( #3794 )
...
Bumps the github-actions group with 4 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [actions/cache](https://github.com/actions/cache ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `tj-actions/changed-files` from 41.0.1 to 41.1.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](716b1e1304...62f4729b5dhttps://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](704facf57e...e12d46a63ahttps://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3ehttps://github.com/actions/download-artifact/releases )
- [Commits](f44cd7b40b...6b208ae046
2024-01-15 08:49:23 -06:00
dependabot[bot]
6f31d2da0b
🌱 Bump the github-actions group with 1 update ( #3775 )
...
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/dependency-review-action` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](01bc87099b...c74b580d73
2024-01-08 06:51:19 -06:00
dependabot[bot]
c90e0bb4d3
🌱 Bump the github-actions group with 4 updates ( #3747 )
...
Bumps the github-actions group with 4 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `tj-actions/changed-files` from 40.2.2 to 41.0.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](9454999946...716b1e1304https://github.com/sigstore/cosign-installer/releases )
- [Commits](1fc5bd396d...9614fae9e5https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32ehttps://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...f44cd7b40b
2023-12-28 19:26:38 +00:00
dependabot[bot]
6a226ce06b
🌱 Bump actions/setup-go from 4.1.0 to 5.0.0 ( #3726 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2023-12-28 02:06:04 +00:00
dependabot[bot]
39d1b33a19
🌱 Bump the github-actions group with 2 updates ( #3725 )
...
Bumps the github-actions group with 2 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [actions/stale](https://github.com/actions/stale ).
Updates `tj-actions/changed-files` from 40.2.1 to 40.2.2
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](1c938490c8...9454999946https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](1160a22402...28ca103628
2023-12-13 21:35:02 +00:00
Pedro Kaj Kjellerup Nacht
663e1a9bad
🌱 Use backlog and "help wanted" labels on issues/PRs to keep stale-bot away ( #3690 )
...
* Use "never stale" tag on issues/PRs to keep stale-bot away
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace 'never stale' with 'icebox', 'help wanted'
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace "icebox,help needed" with "backlog,help wanted"
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
2023-12-12 19:01:00 +00:00
dependabot[bot]
320ce05868
🌱 Bump the github-actions group with 3 updates ( #3715 )
...
Bumps the github-actions group with 3 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ).
Updates `actions/dependency-review-action` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](7bbfa034e7...01bc87099bhttps://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25ef3926d1...1c938490c8https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](3c3411345e...012269a88f
2023-12-05 22:25:19 +00:00
Spencer Schrock
84bd607ae8
🌱 fix script injection ( #3695 )
...
Thanks to @AdnaneKhan for the report.
* start with reporter patch
* use env variable for bash step too
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-27 23:10:51 +00:00
dependabot[bot]
76878e5b4d
🌱 Bump the github-actions group with 2 updates ( #3686 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [actions/github-script](https://github.com/actions/github-script ).
Updates `step-security/harden-runner` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1b05615854...eb238b55efhttps://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
2023-11-20 12:16:39 -05:00
Spencer Schrock
82692a802e
🌱 allow contributors to call scdiff workflow ( #3683 )
...
also removes the edited trigger. codecov posts 3 times on each PR,
which causes this action to trigger 3x. It is skipped though, so not a huge deal.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-17 18:24:04 +00:00
Spencer Schrock
288319ad12
🌱 scdiff: Add workflow to run scdiff against PRs on demand ( #3640 )
...
* wip
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to use jq without quotes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to make file another way.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try using homedir
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add github token to env
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add link to workflow run
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make comment its own job
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix typo in job context
Signed-off-by: Spencer Schrock <sschrock@google.com>
* typo part 2
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use github-script to get PR SHAs.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* need to go through one more type to get to API response.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* temporarily use monitor action to see the required permissions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* spacing is hard
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove monitor and apply minimal permissions
the read-all at the top might be too broad, but the monitor doesnt support graphql so best we can do for now.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to set the checks
Signed-off-by: Spencer Schrock <sschrock@google.com>
* read the comment body
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to get around regex syntax error?
Signed-off-by: Spencer Schrock <sschrock@google.com>
* quote comment body
Signed-off-by: Spencer Schrock <sschrock@google.com>
* we want to pass an empty string to the args
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix the regex string
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rest of repo has upgraded
Signed-off-by: Spencer Schrock <sschrock@google.com>
* seed 15 repos to analyze to start with
Signed-off-by: Spencer Schrock <sschrock@google.com>
* support gitlab repos in scdiff
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename pr step to config
we also need the checks to run, so update the name to reflect that
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch from default token to a PAT
By default, the GitHub Action token gets 1000 req/hour.
If running all checks, the before/after each take about 1100 of core quota
A PAT grants 5000/hr so the 2200 required should be fine if used infrequently.
Ideally, the caller will always pass the check they care about into the command
Signed-off-by: Spencer Schrock <sschrock@google.com>
* escape comment body with bash
Signed-off-by: Spencer Schrock <sschrock@google.com>
* setup go manually
Signed-off-by: Spencer Schrock <sschrock@google.com>
* don't need to run on comment delete
Signed-off-by: Spencer Schrock <sschrock@google.com>
* limit scdiff to individuals with repo access
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-15 19:01:53 +00:00
dependabot[bot]
6dffe65000
🌱 Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 in /tools ( #3660 )
...
* 🌱 Bump github.com/sigstore/cosign/v2 in /tools
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign ) from 2.1.1 to 2.2.1.
- [Release notes](https://github.com/sigstore/cosign/releases )
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump actions/dependency-review-action to v3.1.3
This PR is incompatible with v3.1.2 due to some of the modules being updated.
See https://www.github.com/actions/dependency-review-action/issues/613
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2023-11-13 10:58:51 -08:00
Spencer Schrock
934f17049c
🌱 configure dependabot to group (most) GitHub actions weekly ( #3655 )
...
actions which influence the build/release process are excluded.
dependabot will send individual updates for those.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-10 01:22:29 +00:00
dependabot[bot]
694d563fe3
🌱 Bump slsa-framework/slsa-verifier from 2.4.0 to 2.4.1 ( #3652 )
...
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-09 01:34:39 +00:00
dependabot[bot]
5bfe68dbc6
🌱 Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 ( #3651 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](11086d2504...1fc5bd396d
2023-11-08 17:11:15 -08:00
dependabot[bot]
e123f4c4dc
🌱 Bump tj-actions/changed-files from 39.2.3 to 40.1.1 ( #3657 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.2.3 to 40.1.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](95690f9ece...25ef3926d1
2023-11-09 00:35:13 +00:00
dependabot[bot]
6de7eba753
🌱 Bump kubernetes-sigs/kubebuilder-release-tools ( #3637 )
...
Bumps [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ) from 0.4.0 to 0.4.2.
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](d8367c29de...3c3411345e
2023-11-08 15:46:20 -08:00
