dependabot[bot]
fa50a7324d
🌱 Bump the github-actions group with 2 updates ( #4364 )
2024-09-30 17:42:09 +00:00
dependabot[bot]
93da537767
🌱 Bump the github-actions group across 1 directory with 2 updates ( #4356 )
CodeQL / Analyze (go) (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
2024-09-25 23:09:59 +00:00
dependabot[bot]
c9a09a14c4
🌱 Bump actions/upload-artifact in the github-actions group ( #4328 )
CodeQL / Analyze (go) (push) Has been cancelled
CodeQL / Analyze (javascript) (push) Has been cancelled
gitlab-tests / gitlab-integration-trusted (push) Has been cancelled
golangci-lint / check-linter (push) Has been cancelled
build / unit-test (push) Has been cancelled
build / generate-mocks (push) Has been cancelled
build / generate-docs (push) Has been cancelled
build / build-proto (push) Has been cancelled
build / validate-docs (push) Has been cancelled
build / add-projects (push) Has been cancelled
build / validate-projects (push) Has been cancelled
build / license boilerplate check (push) Has been cancelled
Scorecard analysis workflow / Scorecard analysis (push) Has been cancelled
build / ${{ matrix.target }} (build-add-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-bq-transfer) (push) Has been cancelled
build / ${{ matrix.target }} (build-cii-worker) (push) Has been cancelled
build / ${{ matrix.target }} (build-controller) (push) Has been cancelled
build / ${{ matrix.target }} (build-github-server) (push) Has been cancelled
build / ${{ matrix.target }} (build-scorecard) (push) Has been cancelled
build / ${{ matrix.target }} (build-shuffler) (push) Has been cancelled
build / ${{ matrix.target }} (build-validate-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-webhook) (push) Has been cancelled
build / ${{ matrix.target }} (build-worker) (push) Has been cancelled
2024-09-03 18:25:09 +00:00
dependabot[bot]
a8252b2175
🌱 Bump github/codeql-action ( #4321 )
2024-08-29 18:26:59 +00:00
Spencer Schrock
4303b741ea
🌱 Update Go toolchain to 1.23 ( #4300 )
...
CodeQL / Analyze (go) (push) Has been cancelled
CodeQL / Analyze (javascript) (push) Has been cancelled
gitlab-tests / gitlab-integration-trusted (push) Has been cancelled
golangci-lint / check-linter (push) Has been cancelled
build / unit-test (push) Has been cancelled
build / generate-mocks (push) Has been cancelled
build / generate-docs (push) Has been cancelled
build / build-proto (push) Has been cancelled
build / validate-docs (push) Has been cancelled
build / add-projects (push) Has been cancelled
build / validate-projects (push) Has been cancelled
build / license boilerplate check (push) Has been cancelled
Scorecard analysis workflow / Scorecard analysis (push) Has been cancelled
build / ${{ matrix.target }} (build-add-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-bq-transfer) (push) Has been cancelled
build / ${{ matrix.target }} (build-cii-worker) (push) Has been cancelled
build / ${{ matrix.target }} (build-controller) (push) Has been cancelled
build / ${{ matrix.target }} (build-github-server) (push) Has been cancelled
build / ${{ matrix.target }} (build-scorecard) (push) Has been cancelled
build / ${{ matrix.target }} (build-shuffler) (push) Has been cancelled
build / ${{ matrix.target }} (build-validate-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-webhook) (push) Has been cancelled
build / ${{ matrix.target }} (build-worker) (push) Has been cancelled
* update workflows to use go 1.23
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update tools/go.mod to 1.23
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump docker files
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-08-19 18:12:59 -04:00
dependabot[bot]
97dbce4066
🌱 Bump the github-actions group with 4 updates ( #4293 )
2024-08-12 17:02:09 +00:00
dependabot[bot]
d50480ac12
🌱 Bump actions/upload-artifact in the github-actions group ( #4282 )
CodeQL / Analyze (go) (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
2024-08-05 17:51:33 +00:00
dependabot[bot]
8a971217ac
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4276 )
2024-08-01 20:22:18 +00:00
dependabot[bot]
ad2d3438a5
🌱 Bump actions/setup-go from 5.0.1 to 5.0.2 ( #4239 )
2024-07-22 22:33:10 +00:00
dependabot[bot]
4772478f93
🌱 Bump the github-actions group across 1 directory with 4 updates ( #4249 )
2024-07-22 22:23:30 +00:00
dependabot[bot]
22b0ad13e2
🌱 Bump the github-actions group with 2 updates ( #4221 )
2024-07-10 21:29:26 +00:00
dependabot[bot]
98bb37fd3f
🌱 Bump github/codeql-action in the github-actions group ( #4202 )
2024-07-03 22:42:05 +00:00
dependabot[bot]
89d94606a1
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4190 )
...
Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout ), [github/codeql-action](https://github.com/github/codeql-action ) and [ko-build/setup-ko](https://github.com/ko-build/setup-ko ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
)
Updates `github/codeql-action` from 3.25.8 to 3.25.10
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...23acc5c183
)
Updates `ko-build/setup-ko` from 0.6 to 0.7
- [Release notes](https://github.com/ko-build/setup-ko/releases )
- [Commits](ace48d7935...3aebd0597d
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: ko-build/setup-ko
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-26 21:01:56 +00:00
dependabot[bot]
6cae56f02b
🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 ( #4158 )
...
* 🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5.1.0 to 6.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5742e2a039...286f3b13b1
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* use --clean instead of --rm-dist
https: //goreleaser.com/deprecations#-rm-dist
Signed-off-by: Spencer Schrock <sschrock@google.com>
* the skip arguments were combined into --skip
https://goreleaser.com/deprecations/#-skip
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update config for v2
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use goreleaser v2 tooling for makefile
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Stephen Augustus <justaugustus@users.noreply.github.com>
2024-06-25 22:30:41 +00:00
Spencer Schrock
0d57c0224a
📖 Generate probe markdown documentation ( #4184 )
...
* generate probe markdown documentation
Walks the various probes def.yaml files and puts them in a single
markdown document. This doesn't currently include the remediation, but
neither does the existing checks.md document either.
In order to avoid duplicating yaml definitions, this existing ones were
moved to an internal directory so they can be reused.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe doc generation to Makefile
Note: There is no validate-docs step for the probes code, as the
def.yml fields are validated elsewhere currently in the unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix license for new yaml package
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-06-20 21:05:06 +00:00
dependabot[bot]
397ca510b4
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4159 )
...
Bumps the github-actions group with 3 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner ), [github/codeql-action](https://github.com/github/codeql-action ) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `step-security/harden-runner` from 2.8.0 to 2.8.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](f086349bfa...17d0e2bd7d
)
Updates `github/codeql-action` from 3.25.6 to 3.25.8
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...2e230e8fe0
)
Updates `actions/dependency-review-action` from 4.3.2 to 4.3.3
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0c155c5e85...72eb03d02c
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-10 12:51:30 -04:00
dependabot[bot]
465add2acb
🌱 Bump the github-actions group with 2 updates ( #4127 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `step-security/harden-runner` from 2.7.1 to 2.8.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](a4aa98b93c...f086349bfa
)
Updates `github/codeql-action` from 3.25.5 to 3.25.6
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b7cec75265...9fdb3e4972
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-29 08:23:28 -07:00
dependabot[bot]
72d60412a0
🌱 Bump actions/checkout in the github-actions group ( #4116 )
...
Bumps the github-actions group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.5 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 17:15:02 -04:00
dependabot[bot]
840f30c7c3
🌱 Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 ( #4103 )
...
* 🌱 Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](7ec5c2b0c6...5742e2a039
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fixup version comment
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove version arg to use default
as of v5 of the action, the version is v1 latest.
when this switches to v5, the version will be v2 latest.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use clean instead of deprecated rm-dist
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-05-14 10:36:59 -07:00
dependabot[bot]
6815161e15
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4105 )
2024-05-13 20:31:43 +00:00
dependabot[bot]
81d239f19c
🌱 Bump actions/setup-go from 5.0.0 to 5.0.1 ( #4083 )
2024-05-06 21:15:59 +00:00
dependabot[bot]
f3859fcd73
🌱 Bump the github-actions group across 1 directory with 2 updates ( #4085 )
2024-05-06 20:59:35 +00:00
dependabot[bot]
6147f367c4
🌱 Bump the github-actions group across 1 directory with 4 updates ( #4067 )
2024-04-30 21:18:01 +00:00
dependabot[bot]
db55585a49
🌱 Bump the github-actions group across 1 directory with 6 updates ( #4051 )
2024-04-24 17:59:20 +00:00
Spencer Schrock
252eee2f68
🌱 bump publishimage version ( #4028 )
...
* bump version
Signed-off-by: Spencer Schrock <sschrock@google.com>
* only publish images for tagged releases or candidates.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-24 10:27:28 -07:00
Adam Harvey
b77f248ff6
🌱 Bump CodeQL Action version to 3.24.10 and remove whitespace ( #3972 )
...
* 🌱 Remove whitespace
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
* 🌱 Bump CodeQL Action version manually
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
* 🌱 Bump CodeQL Action to v3.x series
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
* chore(ci): Bump to latest CodeQL action hash/version
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
---------
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
2024-04-12 05:28:34 +00:00
dependabot[bot]
d58bfb03aa
🌱 Bump the github-actions group with 6 updates ( #3985 )
...
Updates the requirements on [actions/checkout](https://github.com/actions/checkout ), [github/codeql-action](https://github.com/github/codeql-action ), [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [actions/cache](https://github.com/actions/cache ), [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) and [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) to permit the latest version.
Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3
)
Updates `github/codeql-action` to cdcdbb579706841c47f7063dda365e292e5cad7a
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cdcdbb5797
)
Updates `actions/dependency-review-action` from 4.1.3 to 4.2.5
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9129d7d40b...5bbc3ba658
)
Updates `actions/cache` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](ab5e6d0c87...0c45773b62
)
Updates `slsa-framework/slsa-github-generator` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0 )
Updates `slsa-framework/slsa-verifier` from 2.4.1 to 2.5.1
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1...v2.5.1 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-type: direct:production
dependency-group: github-actions
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-01 14:27:31 -07:00
Spencer Schrock
e780e089f5
🌱 polish scorecard workflow for use as example workflow ( #3969 )
...
This updates the version comments, adds some explanatory comments,
and generally makes it better. The intent is to use this file as an example
for the Scorecard Action repo so it remains up-to-date.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-03-22 11:14:57 -07:00
dependabot[bot]
90a3708b19
🌱 Bump the github-actions group with 2 updates ( #3911 )
...
Bumps the github-actions group with 2 updates: [actions/cache](https://github.com/actions/cache ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/cache` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](13aacd865c...ab5e6d0c87
)
Updates `actions/download-artifact` from 4.1.2 to 4.1.4
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...c850b930e6
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-04 09:48:54 -08:00
afmarcum
60eec25c8c
🌱 Update stale.yml, issue template label references ( #3907 )
...
Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com>
2024-02-29 14:18:25 -08:00
dependabot[bot]
b972699842
🌱 Bump the github-actions group with 1 update ( #3896 )
...
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/dependency-review-action` from 4.0.0 to 4.1.3
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](4901385134...9129d7d40b
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-22 18:51:29 +00:00
Spencer Schrock
4f4b44d08a
🌱 Use git diff instead of external action for changed files ( #3894 )
...
* Use git diff instead of third party action.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* clarify approach
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-02-22 10:07:06 -08:00
dependabot[bot]
9b65bde9a6
🌱 Bump the github-actions group with 1 update ( #3870 )
...
Bumps the github-actions group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ).
Updates `golangci/golangci-lint-action` from 3.7.0 to 4.0.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](3a91952989...3cfe3a4abb
)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 15:42:00 +00:00
dependabot[bot]
fb3edd9d63
🌱 Bump the github-actions group with 6 updates ( #3860 )
...
Bumps the github-actions group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner ) | `2.6.1` | `2.7.0` |
| [nick-invision/retry](https://github.com/nick-invision/retry ) | `2.9.0` | `3.0.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `3.1.5` | `3.1.6` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.3.0` | `3.4.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.0` | `4.3.1` |
| [actions/download-artifact](https://github.com/actions/download-artifact ) | `4.1.1` | `4.1.2` |
Updates `step-security/harden-runner` from 2.6.1 to 2.7.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](eb238b55ef...63c24ba6bd
)
Updates `nick-invision/retry` from 2.9.0 to 3.0.0
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](14672906e6...7152eba30c
)
Updates `codecov/codecov-action` from 3.1.5 to 3.1.6
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](4fe8c5f003...ab904c41d6
)
Updates `sigstore/cosign-installer` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](9614fae9e5...e1523de757
)
Updates `actions/upload-artifact` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312
)
Updates `actions/download-artifact` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](6b208ae046...eaceaf801f
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: nick-invision/retry
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-07 12:21:56 -08:00
Spencer Schrock
64d330790d
🌱 Update Go toolchain to 1.22 ( #3859 )
...
* update workflows to use go 1.22
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update tools go.mod to 1.22.
no one imports this, so we can bump it now and
avoid issues in the future where we need to upgrade.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump docker files
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-02-07 11:36:37 -08:00
dependabot[bot]
ccf2553bef
🌱 Bump arduino/setup-protoc from 1.3.0 to 3.0.0 ( #3853 )
...
* 🌱 Bump arduino/setup-protoc from 1.3.0 to 3.0.0
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](149f6c87b9...c65c819552
)
---
updated-dependencies:
- dependency-name: arduino/setup-protoc
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* use vMINOR.PATCH for protoc version
As of arduino/setup-protoc v2, this is the only supported format.
Version 21.6 was used as the majority of the *pb.go files have a header
which says "// protoc v3.21.6".
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-02-06 21:40:01 +00:00
dependabot[bot]
6f816c80bc
🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2 ( #3834 )
...
* 🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.6.1...v1.6.2 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* specify go patch version
go mod tidy requires this. I was able to delete the toolchain directive,
and it wasn't added back.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump dockerfiles to 1.21.6 so the build works
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump go version used in codeql workflow
github runners currently use Go 1.20 by default,
which doesn't understand 1.21.x format.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-01-31 18:54:06 +00:00
dependabot[bot]
a25f108f4b
🌱 Bump the github-actions group with 3 updates ( #3825 )
...
Bumps the github-actions group with 3 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [codecov/codecov-action](https://github.com/codecov/codecov-action ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `tj-actions/changed-files` from 42.0.0 to 42.0.2
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](ae82ed4ae0...90a06d6ba9
)
Updates `codecov/codecov-action` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](eaaf4bedf3...4fe8c5f003
)
Updates `actions/upload-artifact` from 4.2.0 to 4.3.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-29 11:07:53 -08:00
Josh Soref
3b948257fc
📖 Fix spelling ( #3804 )
...
* spelling: accurate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: administrator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: analyze
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: andtwenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ascii
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: association
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: at least
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: attestor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: barbaric
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: bucket
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: by
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: can
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-insensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-sensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: checking
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: command-line
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: commit
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: committed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: conclusion
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: corresponding
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: created
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dataset
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: default
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: defines
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependabot
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependency
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: depending
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: desired
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: different
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: disclose
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: download
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: each
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: enforce
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: every time
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: exist
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: existing
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: fields
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: files
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: for
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: force-push
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: gitlab
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ignoreed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implementation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implements
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: increase
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: indicates
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: initialized
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: instructions
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: invalid
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: marshal
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: match
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: name
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: nonexistent
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: organization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: package
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: provenance
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: query
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: readers
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: receive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: registered
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: remediate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requests
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requires
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: return
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: scorecard
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: separator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: serialization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: sign up
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specifications
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: successfully
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: their
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: twenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unexpected
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unused
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unverified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: validate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vendor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulns
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: will
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: without
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflow
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflows
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---------
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-01-26 23:08:26 +00:00
dependabot[bot]
e41a3febdb
🌱 Bump the github-actions group with 4 updates ( #3815 )
...
Bumps the github-actions group with 4 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [actions/cache](https://github.com/actions/cache ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/dependency-review-action` from 3.1.5 to 4.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](c74b580d73...4901385134
)
Updates `tj-actions/changed-files` from 41.1.1 to 42.0.0
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](62f4729b5d...ae82ed4ae0
)
Updates `actions/cache` from 3.3.3 to 4.0.0
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](e12d46a63a...13aacd865c
)
Updates `actions/upload-artifact` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-22 08:43:02 -06:00
Spencer Schrock
ee4e83a318
🌱 Enforce make add-projects
for GitHub and GitLab repos ( #3780 )
...
* fail if add-projects not run
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add gitlab file to add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* order gitlab projects with make add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* simplify workflow job
this binary doesn't need the build protos
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-01-19 14:11:19 -08:00
dependabot[bot]
8ac9ca15a3
🌱 Bump the github-actions group with 4 updates ( #3794 )
...
Bumps the github-actions group with 4 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [actions/cache](https://github.com/actions/cache ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `tj-actions/changed-files` from 41.0.1 to 41.1.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](716b1e1304...62f4729b5d
)
Updates `actions/cache` from 3.3.2 to 3.3.3
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](704facf57e...e12d46a63a
)
Updates `actions/upload-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3e
)
Updates `actions/download-artifact` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](f44cd7b40b...6b208ae046
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 08:49:23 -06:00
dependabot[bot]
6f31d2da0b
🌱 Bump the github-actions group with 1 update ( #3775 )
...
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/dependency-review-action` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](01bc87099b...c74b580d73
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 06:51:19 -06:00
dependabot[bot]
c90e0bb4d3
🌱 Bump the github-actions group with 4 updates ( #3747 )
...
Bumps the github-actions group with 4 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `tj-actions/changed-files` from 40.2.2 to 41.0.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](9454999946...716b1e1304
)
Updates `sigstore/cosign-installer` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](1fc5bd396d...9614fae9e5
)
Updates `actions/upload-artifact` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32e
)
Updates `actions/download-artifact` from 3.0.2 to 4.1.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...f44cd7b40b
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-28 19:26:38 +00:00
dependabot[bot]
6a226ce06b
🌱 Bump actions/setup-go from 4.1.0 to 5.0.0 ( #3726 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-28 02:06:04 +00:00
dependabot[bot]
39d1b33a19
🌱 Bump the github-actions group with 2 updates ( #3725 )
...
Bumps the github-actions group with 2 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [actions/stale](https://github.com/actions/stale ).
Updates `tj-actions/changed-files` from 40.2.1 to 40.2.2
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](1c938490c8...9454999946
)
Updates `actions/stale` from 8.0.0 to 9.0.0
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](1160a22402...28ca103628
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 21:35:02 +00:00
Pedro Kaj Kjellerup Nacht
663e1a9bad
🌱 Use backlog and "help wanted" labels on issues/PRs to keep stale-bot away ( #3690 )
...
* Use "never stale" tag on issues/PRs to keep stale-bot away
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace 'never stale' with 'icebox', 'help wanted'
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace "icebox,help needed" with "backlog,help wanted"
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
2023-12-12 19:01:00 +00:00
dependabot[bot]
320ce05868
🌱 Bump the github-actions group with 3 updates ( #3715 )
...
Bumps the github-actions group with 3 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ).
Updates `actions/dependency-review-action` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](7bbfa034e7...01bc87099b
)
Updates `tj-actions/changed-files` from 40.1.1 to 40.2.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25ef3926d1...1c938490c8
)
Updates `kubernetes-sigs/kubebuilder-release-tools` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](3c3411345e...012269a88f
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: kubernetes-sigs/kubebuilder-release-tools
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-05 22:25:19 +00:00
Spencer Schrock
84bd607ae8
🌱 fix script injection ( #3695 )
...
Thanks to @AdnaneKhan for the report.
* start with reporter patch
* use env variable for bash step too
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-27 23:10:51 +00:00
dependabot[bot]
76878e5b4d
🌱 Bump the github-actions group with 2 updates ( #3686 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [actions/github-script](https://github.com/actions/github-script ).
Updates `step-security/harden-runner` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1b05615854...eb238b55ef
)
Updates `actions/github-script` from 6.4.1 to 7.0.1
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 12:16:39 -05:00