dependabot[bot]
81717d87b8
🌱 Bump step-security/harden-runner from 2.4.1 to 2.5.0
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](55d479fb1c...cba0d00b1f
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-25 12:54:45 +00:00
dependabot[bot]
85d5aa2d77
🌱 Bump tj-actions/changed-files from 37.4.0 to 37.5.0 ( #3303 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.4.0 to 37.5.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](de0eba3279...920e7b9ae1
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-25 07:46:24 -05:00
Spencer Schrock
4ac9999462
🌱 Ensure check markdown is kept in sync with source yaml. ( #3300 )
...
* Ensure check markdown is kept in sync with check yaml.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* change generate-docs target to detect changes to docs/checks.md directly.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-24 14:10:13 -07:00
Spencer Schrock
a779588f35
🌱 Add separate cache for long-running tests ( #3293 )
...
* Add separate cache for unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* share cache with gitlab tests too.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* share cache with github integration tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* explicitly download modules in unit test job
Signed-off-by: Spencer Schrock <sschrock@google.com>
* checkout needs to be before the go.mod is read.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* checkout needs to be before the go.sum files are hashed.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-21 14:46:49 -07:00
Spencer Schrock
67e3f7567f
🌱 Consolidate GitLab e2e workflows. ( #3278 )
...
* Move gitlab to different workflow to parallelize.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add missing versions.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-21 11:13:33 -07:00
Spencer Schrock
d52897036f
🌱 Fix hanging docker jobs for doc only changes. ( #3292 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-21 17:20:51 +00:00
Spencer Schrock
2255c88656
🌱 Use a matrix for when building binaries in main.yml ( #3291 )
...
* Use matrix for build jobs.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* These build targets dont seem to need protoc.
This lets us save the API quota.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-21 09:32:54 -07:00
Spencer Schrock
be7c032020
🌱 Use a matrix for docker image building ( #3290 )
...
* working matrix.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove unneeded env vars. Add comments.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* minor syntax change.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-20 19:03:18 -07:00
dependabot[bot]
f83d2ec396
🌱 Bump tj-actions/changed-files from 37.3.0 to 37.4.0
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.3.0 to 37.4.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](39283171ce...de0eba3279
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-20 20:22:10 +00:00
Spencer Schrock
2a7344bce3
🌱 Include attestor Dockerfile in CI and dependabot updates ( #3285 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-20 13:00:51 -07:00
dependabot[bot]
c299c00ea5
🌱 Bump tj-actions/changed-files from 37.1.2 to 37.3.0 ( #3280 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.1.2 to 37.3.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](2a968ff601...39283171ce
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-19 10:37:45 -05:00
Spencer Schrock
7cc6482680
🌱 Delete unused project-update functionality. ( #3269 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-18 21:58:19 +00:00
Naveen
4d85d8f1cc
🌱 Excluded dependabot from codecov ( #3272 )
...
- Exclude dependabot from codecov job in main.yml
[.github/workflows/main.yml]
- Exclude dependabot from codecov job
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-07-17 17:09:15 +00:00
dependabot[bot]
9545d797fc
🌱 Bump tj-actions/changed-files from 37.1.1 to 37.1.2 ( #3266 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.1.1 to 37.1.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](1f20fb83f0...2a968ff601
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-16 17:46:25 +00:00
dependabot[bot]
7753d7d8c3
🌱 Bump tj-actions/changed-files from 37.1.0 to 37.1.1 ( #3259 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.1.0 to 37.1.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](87e23c4c79...1f20fb83f0
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-11 08:13:42 -05:00
dependabot[bot]
abcf148cb9
🌱 Bump tj-actions/changed-files from 37.0.5 to 37.1.0 ( #3253 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.0.5 to 37.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](54849deb96...87e23c4c79
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-10 12:07:18 -05:00
Spencer Schrock
271f0f2a27
🌱 Linter workflow cleanup ( #3247 )
...
* Fix linter timeout by renaming deprecated deadline.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Disable depguard linter.
As of golangci-lint v3.5.0, the depguard linter is complaining. We don't use a .depguard.yml file, so just disabling the linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Move linter into own workflow.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Fix bash command substitution.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add harden runner.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch names to existing linter job
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Update golangci-lint to v1.53.3
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-07 16:03:29 -04:00
dependabot[bot]
15b9046188
🌱 Bump tj-actions/changed-files from 37.0.4 to 37.0.5 ( #3239 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.0.4 to 37.0.5.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](bb3376162b...54849deb96
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-30 08:10:26 -05:00
dependabot[bot]
b2bc681a00
🌱 Bump sigstore/cosign-installer from 3.0.5 to 3.1.1
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.5 to 3.1.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](dd6b2e2b61...6e04d228eb
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-28 17:05:18 +00:00
dependabot[bot]
0a39e0b352
🌱 Bump tj-actions/changed-files from 37.0.3 to 37.0.4 ( #3228 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.0.3 to 37.0.4.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](ec1e14cf27...bb3376162b
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-28 11:53:59 -05:00
dependabot[bot]
cf2e0667af
🌱 Bump tj-actions/changed-files from 36.4.1 to 37.0.3
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.4.1 to 37.0.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](54479c37f5...ec1e14cf27
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 16:37:27 +00:00
dependabot[bot]
a912722ae9
🌱 Bump ossf/scorecard-action from 2.1.3 to 2.2.0 ( #3212 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](80e868c13c...08b4669551
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 11:14:24 -05:00
dependabot[bot]
8788f114a0
🌱 Bump tj-actions/changed-files from 36.4.0 to 36.4.1
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.4.0 to 36.4.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](e1754a427f...54479c37f5
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 09:20:04 +00:00
dependabot[bot]
119acffec7
🌱 Bump step-security/harden-runner from 2.4.0 to 2.4.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](128a63446a...55d479fb1c
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 09:07:21 +00:00
dependabot[bot]
77919b0418
🌱 Bump tj-actions/changed-files from 36.2.1 to 36.4.0 ( #3175 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.2.1 to 36.4.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](c9124514c3...e1754a427f
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-18 14:50:58 +00:00
dependabot[bot]
f928748c0e
🌱 Bump tj-actions/changed-files from 36.1.0 to 36.2.1 ( #3169 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.1.0 to 36.2.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](fb20f4d248...c9124514c3
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-15 15:02:13 +00:00
dependabot[bot]
1336d9481c
🌱 Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](f82d6c1c34...336e29918d
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-13 22:20:55 +00:00
dependabot[bot]
d5ed41db02
🌱 Bump actions/checkout from 3.5.2 to 3.5.3 ( #3148 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-13 18:06:39 +00:00
dependabot[bot]
9dee205a3c
🌱 Bump github/codeql-action from 2.3.6 to 2.13.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.6 to 2.13.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](83f0fe6c49...cdcdbb5797
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-13 09:07:07 +00:00
dependabot[bot]
0d84edf76a
🌱 Bump tj-actions/changed-files from 36.0.18 to 36.1.0 ( #3143 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.18 to 36.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](07e0177b72...fb20f4d248
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-09 10:54:18 -05:00
dependabot[bot]
2734a0c841
🌱 Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 ( #3139 )
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-08 18:02:42 +00:00
dependabot[bot]
cf103dea9e
🌱 Bump tj-actions/changed-files from 36.0.15 to 36.0.18
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.15 to 36.0.18.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5d2fcdb4cb...07e0177b72
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-08 09:07:58 +00:00
Raghav Kaul
fdfe2b9b9e
Don't run pat e2e on dependabot merges ( #3119 )
...
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-06-03 17:42:08 -05:00
dependabot[bot]
7772314743
🌱 Bump tj-actions/changed-files from 36.0.12 to 36.0.15 ( #3116 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.12 to 36.0.15.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5978e5a2df...5d2fcdb4cb
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-02 11:45:25 -05:00
dependabot[bot]
14c8ade533
🌱 Bump github/codeql-action from 2.3.5 to 2.3.6 ( #3112 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-02 11:31:52 -05:00
dependabot[bot]
3c400c7dd6
🌱 Bump tj-actions/changed-files from 36.0.9 to 36.0.12 ( #3108 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.9 to 36.0.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](cf4fe8759a...5978e5a2df
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-01 12:24:28 -05:00
dependabot[bot]
d5c80c933f
🌱 Bump actions/dependency-review-action from 3.0.4 to 3.0.6 ( #3104 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.4 to 3.0.6.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f46c48ed6d...1360a344cc
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-01 11:13:10 -05:00
dependabot[bot]
dc7350546e
🌱 Bump tj-actions/changed-files from 36.0.3 to 36.0.9 ( #3088 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.3 to 36.0.9.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25eaddf37a...cf4fe8759a
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-30 16:15:44 +00:00
dependabot[bot]
7406bcb85e
🌱 Bump arduino/setup-protoc from 1.2.0 to 1.3.0 ( #3089 )
...
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](4b3578161e...149f6c87b9
)
---
updated-dependencies:
- dependency-name: arduino/setup-protoc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-30 11:00:09 -05:00
dependabot[bot]
e82a1aea5c
🌱 Bump tj-actions/changed-files from 35.9.2 to 36.0.3 ( #3071 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.9.2 to 36.0.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](b2d17f5124...25eaddf37a
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-26 11:02:36 +00:00
dependabot[bot]
17cf8d0dd8
🌱 Bump github/codeql-action from 2.3.4 to 2.3.5 ( #3072 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0e3dfb303...0225834cc5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-26 05:48:23 -05:00
dependabot[bot]
e0ac01d9ec
🌱 Bump github/codeql-action from 2.3.3 to 2.3.4 ( #3064 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...f0e3dfb303
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-25 09:05:06 -05:00
Spencer Schrock
68c23e166d
🌱 Simplify caching in docker workflow ( #3061 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-05-24 22:46:04 +00:00
Spencer Schrock
30fd0ca413
only run e2e pat on push ( #3056 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-05-24 10:00:49 -05:00
Naveen
e0a6d1544b
Update main.yml ( #3054 )
...
-Fixed the YAML indenting issue.
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2023-05-23 18:36:26 +00:00
Naveen
c631ebd7fb
🌱 Run E2E PAT test for push to main ( #3046 )
...
- Add E2E PAT tests for push to main.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-05-23 12:53:57 -05:00
dependabot[bot]
73c145c5e8
🌱 Bump arduino/setup-protoc from 1.1.2 to 1.2.0
...
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](64c0c85d18...4b3578161e
)
---
updated-dependencies:
- dependency-name: arduino/setup-protoc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-18 19:47:41 +00:00
dependabot[bot]
682f274d53
🌱 Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 ( #3029 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](03d0fecf17...dd6b2e2b61
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-18 19:32:37 +00:00
Naveen
a3a133181a
🌱 Included e2e tests for push to main ( #2951 )
...
- Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-05-17 16:27:22 +00:00
dependabot[bot]
2113975043
🌱 Bump sigstore/cosign-installer from 3.0.3 to 3.0.4
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](204a51a57a...03d0fecf17
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-17 15:02:24 +00:00
dependabot[bot]
4048d22622
🌱 Bump codecov/codecov-action from 3.1.3 to 3.1.4
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](894ff025c7...eaaf4bedf3
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-16 15:45:44 +00:00
dependabot[bot]
661df0e5dd
🌱 Bump actions/setup-go from 4.0.0 to 4.0.1
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4d34df0c23...fac708d667
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-16 15:31:17 +00:00
dependabot[bot]
a268d57ac4
🌱 Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0
...
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-12 13:01:42 +00:00
raghavkaul
4eddb16b35
🌱 Gitlab: e2e test fixes in main ( #2992 )
...
* test secret chagnes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update score
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* address cr comments
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-05-11 22:31:26 +00:00
dependabot[bot]
fdea7aef4f
🌱 Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 15:05:01 +00:00
dependabot[bot]
7d994707a9
🌱 Bump github/codeql-action from 2.3.2 to 2.3.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f3feb00acb...29b1f65c5e
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-05 18:15:53 +00:00
dependabot[bot]
3e4f22c4bd
🌱 Bump step-security/harden-runner from 2.3.0 to 2.4.0 ( #2957 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/v2.3.0...128a63446a954579617e875aaab7d2978154e969 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-05 18:00:36 +00:00
dependabot[bot]
72e697786c
🌱 Bump tj-actions/changed-files from 35.9.1 to 35.9.2 ( #2933 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.9.1 to 35.9.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](4a0aac0d19...b2d17f5124
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-02 10:00:27 -05:00
dependabot[bot]
3564a6dab0
🌱 Bump slsa-framework/slsa-verifier from 2.1.0 to 2.2.0 ( #2930 )
...
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.1.0...v2.2.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-01 07:52:45 -05:00
Batuhan Apaydın
195767d90b
feature: enable verification for provenance ( #2765 )
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2023-04-28 14:23:42 -07:00
dependabot[bot]
273dccda33
🌱 Bump github/codeql-action from 2.3.1 to 2.3.2 ( #2924 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8662eabe0e...f3feb00acb
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-28 13:19:40 +00:00
dependabot[bot]
2d87611dbd
🌱 Bump tj-actions/changed-files from 35.9.0 to 35.9.1
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.9.0 to 35.9.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](ce810b29b2...4a0aac0d19
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-28 13:05:22 +00:00
dependabot[bot]
7586d2f272
🌱 Bump github/codeql-action from 2.3.0 to 2.3.1 ( #2920 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...8662eabe0e
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-27 11:37:46 -05:00
Naveen
2239b1338f
🌱 Included coverage metrics from other e2e ( #2905 )
...
* 🌱 Included coverage metrics from other e2e
- Update codecov to include multiple directories in the workflow integration
[.github/workflows/integration.yml]
- Update codecov files to include multiple directories
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated based on code review comments.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-26 19:13:34 +00:00
Spencer Schrock
032f2998c0
🌱 Skip cosign confirmation prompt. ( #2918 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-04-26 18:45:52 +00:00
Spencer Schrock
f3b777086f
🌱 Use Go version as specified by our go.mod file. ( #2912 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-04-26 17:10:06 +00:00
dependabot[bot]
dd352a1d37
🌱 Bump sigstore/cosign-installer from 3.0.2 to 3.0.3
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](9e9de2292d...204a51a57a
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-26 12:08:28 +00:00
dependabot[bot]
63b3177921
🌱 Bump tj-actions/changed-files from 35.8.0 to 35.9.0 ( #2901 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.8.0 to 35.9.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](7ecfc6730d...ce810b29b2
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-25 15:09:29 +00:00
raghavkaul
c54fb4f8eb
✨ Gitlab: Maintained check ( #2860 )
...
* gitlab: maintained check
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update workflow
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-04-25 10:40:14 -04:00
dependabot[bot]
0739e9eed0
🌱 Bump codecov/codecov-action from 3.1.2 to 3.1.3 ( #2903 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.2...894ff025c7b54547a9a2a1e9f228beae737ad3c2 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-25 09:54:50 -04:00
raghavkaul
46c6fe700c
✨ Gitlab: CI-Tests check ( #2833 )
...
* gitlab: support ci-tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update gitlab workflows
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
2023-04-24 17:58:27 +00:00
dependabot[bot]
d31e28afae
🌱 Bump github/codeql-action from 2.2.12 to 2.3.0 ( #2900 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-24 10:05:01 -07:00
dependabot[bot]
9a3ed3de69
🌱 Bump codecov/codecov-action from 3.1.2 to 3.1.3 ( #2894 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](40a12dcee2...894ff025c7
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-21 12:00:44 +00:00
dependabot[bot]
ef77082908
🌱 Bump step-security/harden-runner from 2.3.0 to 2.3.1 ( #2889 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](03bee39306...6b3083af28
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-20 13:36:52 +00:00
dependabot[bot]
1c441f3773
🌱 Bump slsa-framework/slsa-github-generator from 1.4.0 to 1.5.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-15 15:52:51 +00:00
dependabot[bot]
d0e952c317
🌱 Bump github/codeql-action from 2.2.11 to 2.2.12
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-14 18:02:17 +00:00
dependabot[bot]
7eeffb16e4
🌱 Bump actions/checkout from 3.5.1 to 3.5.2 ( #2869 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](83b7061638...8e5e7e5ab8
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-14 12:46:17 -05:00
dependabot[bot]
3704b1f260
🌱 Bump tj-actions/changed-files from 35.7.12 to 35.8.0
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.12 to 35.8.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](b109d83a62...7ecfc6730d
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-13 13:37:19 +00:00
dependabot[bot]
973b2d37d6
🌱 Bump actions/checkout from 3.5.0 to 3.5.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8f4b7f8486...83b7061638
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-13 13:23:40 +00:00
dependabot[bot]
862bfc6ed7
🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.2
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](81cd2dc814...40a12dcee2
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-12 11:50:45 +00:00
dependabot[bot]
e8cf5d4e00
🌱 Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 ( #2842 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](c3667d9942...9e9de2292d
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-10 10:00:03 -05:00
dependabot[bot]
cf0533a0a2
🌱 Bump tj-actions/changed-files from 35.7.8 to 35.7.12
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.8 to 35.7.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](e9b5807e92...b109d83a62
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-09 14:57:18 +00:00
dependabot[bot]
fade79ba6b
🌱 Bump github/codeql-action from 2.2.9 to 2.2.11 ( #2836 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-07 12:56:14 -05:00
dependabot[bot]
73e857ecdf
🌱 Bump step-security/harden-runner from 2.2.1 to 2.3.0 ( #2823 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1f99358870...03bee39306
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 10:41:09 -05:00
dependabot[bot]
41d4c1b39a
🌱 Bump ossf/scorecard-action from 2.1.2 to 2.1.3 ( #2806 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-30 22:51:58 -07:00
dependabot[bot]
3411949faf
🌱 Bump tj-actions/changed-files from 35.7.7 to 35.7.8 ( #2801 )
2023-03-30 05:32:30 +00:00
dependabot[bot]
a394c13c3f
🌱 Bump github/codeql-action from 2.2.8 to 2.2.9 ( #2802 )
2023-03-30 05:16:35 +00:00
dependabot[bot]
22e9419159
🌱 Bump actions/checkout from 3.4.0 to 3.5.0 ( #2800 )
2023-03-30 03:04:06 +00:00
dependabot[bot]
c219f04edc
🌱 Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 ( #2628 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](8f67e590f2...f82d6c1c34
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-28 22:26:43 -07:00
dependabot[bot]
ed26d9b110
🌱 Bump actions/setup-go from 3.5.0 to 4.0.0 ( #2757 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...4d34df0c23
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-28 21:15:21 -07:00
dependabot[bot]
497815daa8
🌱 Bump actions/stale from 6.0.1 to 8.0.0 ( #2793 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 6.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](5ebf00ea0e...1160a22402
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-28 20:33:32 -07:00
dependabot[bot]
9358843a7f
🌱 Bump tj-actions/changed-files from 35.7.6 to 35.7.7 ( #2797 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.6 to 35.7.7.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](07f86bcdc4...db5dd7c176
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-28 11:40:41 -05:00
dependabot[bot]
dde9aa1aef
🌱 Bump actions/dependency-review-action from 3.0.3 to 3.0.4 ( #2785 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](c090f4e553...f46c48ed6d
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 10:45:32 -05:00
dependabot[bot]
ffdca54779
🌱 Bump github/codeql-action from 2.2.7 to 2.2.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.7 to 2.2.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](168b99b3c2...67a35a0858
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-26 17:09:43 +00:00
dependabot[bot]
daeb90ec55
🌱 Bump actions/checkout from 3.3.0 to 3.4.0 ( #2767 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...24cb908017
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-23 15:38:08 +00:00
dependabot[bot]
82f1dead19
🌱 Bump tj-actions/changed-files from 35.7.0 to 35.7.6 ( #2782 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.0 to 35.7.6.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](bd376fbcfa...07f86bcdc4
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-23 05:25:39 -05:00
dependabot[bot]
dfc2439625
🌱 Bump github/codeql-action from 2.2.6 to 2.2.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.6 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16964e90ba...168b99b3c2
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-17 17:47:54 +00:00
Naveen
c20ed9e8d4
🌱 Update .github/workflows/goreleaser.yaml ( #2755 )
...
- Update `goreleaser/goreleaser-action` to `v2.5.0`
- Remove GPG key import step and `GPG_FINGERPRINT` from environment variables
- Move `version_flags` to `GITHUB_OUTPUT`
[.github/workflows/goreleaser.yaml]
- Remove GPG key import step
- Update `goreleaser/goreleaser-action` to `v2.5.0`
- Remove `GPG_FINGERPRINT` from environment variables
- Move `version_flags` to `GITHUB_OUTPUT`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-03-15 11:37:55 -07:00
dependabot[bot]
0b45c903b8
🌱 Bump step-security/harden-runner from 2.2.0 to 2.2.1 ( #2753 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](c8454efe5d...1f99358870
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-15 11:15:08 -05:00
dependabot[bot]
23bd295ed8
🌱 Bump github/codeql-action from 2.2.4 to 2.2.6 ( #2741 )
2023-03-14 20:28:41 +00:00
dependabot[bot]
2e04214e4c
🌱 Bump tj-actions/changed-files from 35.6.2 to 35.7.0
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.6.2 to 35.7.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5ce975c602...bd376fbcfa
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-14 14:16:11 +00:00
dependabot[bot]
e36b590f9d
🌱 Bump actions/cache from 3.3.0 to 3.3.1 ( #2740 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](940f3d7cf1...88522ab9f3
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-14 08:59:20 -05:00
raghavkaul
110e352273
✨ Gitlab support: RepoClient ( #2655 )
...
* Add make targets and E2E test target for GitLab only
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add GitLab support to RepoClient
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Build
* Make target for e2e-gitlab-token
* Only run Gitlab tests in CI that don't require a token
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove spurious printf
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* 🐛 Check OSS Fuzz build file for Fuzzing check (#2719 )
* Check OSS-Fuzz using project list
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Use clients.RepoClient interface to perform the new OSS Fuzz check
Signed-off-by: Spencer Schrock <sschrock@google.com>
* wip: add eager client for better repeated lookup of projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Split lazy and eager behavior into different implementations.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests and benchmarks
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Switch to always parsing JSON to determine if a project is present. The other approach of looking for a substring match would lead to false positives.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add eager constructor to surface status file errors sooner.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Switch existing users to new OSS Fuzz client
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Mark old method as deprecated in the godoc
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unused comment.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Use new OSS Fuzz client in e2e test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix typo.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Fix potential path bug with test server.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Force include the two JSON files which were being ignored by .gitignore
Signed-off-by: Spencer Schrock <sschrock@google.com>
* trim the status json file
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2023-03-13 11:13:50 -04:00
dependabot[bot]
a7e81bbcf3
🌱 Bump actions/cache from 3.2.6 to 3.3.0 ( #2738 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.6 to 3.3.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](69d9d449ac...940f3d7cf1
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-10 08:20:28 -06:00
dependabot[bot]
b5254fea7c
🌱 Bump tj-actions/changed-files from 35.6.1 to 35.6.2 ( #2736 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.6.1 to 35.6.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](04124efe75...5ce975c602
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-09 09:11:18 -06:00
dependabot[bot]
d708c6c580
🌱 Bump tj-actions/changed-files from 35.5.4 to 35.6.1
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.5.4 to 35.6.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](74338865c1...04124efe75
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-07 16:57:14 +00:00
dependabot[bot]
82a122bc00
🌱 Bump sigstore/cosign-installer from 2.8.1 to 3.0.1
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.8.1 to 3.0.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](9becc61764...c3667d9942
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-02 17:36:15 +00:00
dependabot[bot]
35a7dd5b25
🌱 Bump kubernetes-sigs/kubebuilder-release-tools
...
Bumps [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ) from 0.1.1 to 0.3.0.
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](4777888c37...4f3d1085b4
)
---
updated-dependencies:
- dependency-name: kubernetes-sigs/kubebuilder-release-tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-26 19:27:28 +00:00
dependabot[bot]
c7e362d682
🌱 Bump step-security/harden-runner from 2.1.0 to 2.2.0
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](18bf8ad2ca...c8454efe5d
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-26 19:01:04 +00:00
dependabot[bot]
db6a26eb46
🌱 Bump actions/cache from 3.2.3 to 3.2.6
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.3 to 3.2.6.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](58c146cc91...69d9d449ac
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-22 16:46:45 +00:00
dependabot[bot]
047c01424d
🌱 Bump github/codeql-action from 2.2.3 to 2.2.4 ( #2676 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8775e86802...17573ee1cc
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-18 07:02:45 -06:00
dependabot[bot]
353e2c6ce6
🌱 Bump tj-actions/changed-files from 35.5.0 to 35.5.4 ( #2674 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.5.0 to 35.5.4.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](db3ea27a0c...74338865c1
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-16 08:55:48 -06:00
Spencer Schrock
c9f582b620
Limit integration tests to ones that work with the GITHUB_TOKEN. ( #2672 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-02-15 15:09:54 -08:00
dependabot[bot]
93900aca36
🌱 Bump github/codeql-action from 2.2.0 to 2.2.3 ( #2649 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](436dbd9100...8775e86802
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-09 09:15:51 +00:00
dependabot[bot]
8115756259
🌱 Bump peter-evans/find-comment from 2.1.0 to 2.2.1 ( #2641 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 2.1.0 to 2.2.1.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](f4499a714d...85a676a525
)
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-06 02:44:34 -06:00
dependabot[bot]
ac008ece9c
🌱 Bump tj-actions/changed-files from 35.4.4 to 35.5.0 ( #2635 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.4.4 to 35.5.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](57d9664f8e...db3ea27a0c
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-03 09:34:43 -06:00
dependabot[bot]
4ebe521141
🌱 Bump github/codeql-action from 2.1.39 to 2.2.0 ( #2618 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...436dbd9100
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-27 08:22:12 -06:00
dependabot[bot]
3f372e9af1
🌱 Bump tj-actions/changed-files from 35.4.1 to 35.4.4
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.4.1 to 35.4.4.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](487675b843...57d9664f8e
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-24 17:17:00 +00:00
dependabot[bot]
99398db46d
🌱 Bump github/codeql-action from 2.1.38 to 2.1.39 ( #2607 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](515828d974...a34ca99b46
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-24 10:10:58 -06:00
Spencer Schrock
9385905804
Revert "perf.: run integration tests only on approved PRs ( #2609 )" ( #2612 )
...
This reverts commit a29182d3f2
.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-01-23 19:53:23 +00:00
Siddhant Khare
a29182d3f2
perf.: run integration tests only on approved PRs ( #2609 )
...
Signed-off-by: Siddhant Khare <Siddhantkhare2694@gmail.com>
Signed-off-by: Siddhant Khare <Siddhantkhare2694@gmail.com>
2023-01-21 17:33:53 +00:00
dependabot[bot]
6112c07341
🌱 Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 ( #2539 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 3.2.0 to 4.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b508e2e3ef...8f67e590f2
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 10:27:36 -06:00
dependabot[bot]
f1ca6d711e
🌱 Bump actions/cache from 3.0.11 to 3.2.3 ( #2599 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.11 to 3.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](9b0c1fce7a...58c146cc91
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 17:01:23 -06:00
dependabot[bot]
9c49fbfc07
🌱 Bump step-security/harden-runner from 2.0.0 to 2.1.0 ( #2604 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](ebacdc22ef...18bf8ad2ca
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 11:31:15 -06:00
dependabot[bot]
1b5bdb4ef5
🌱 Bump actions/upload-artifact from 3.1.1 to 3.1.2 ( #2601 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](83fd05a356...0b7f8abb15
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-17 16:13:18 +00:00
dependabot[bot]
67daaccd87
🌱 Bump tj-actions/changed-files from 35.2.0 to 35.4.1 ( #2598 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.2.0 to 35.4.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](392359fc8c...487675b843
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-16 08:04:05 -06:00
dependabot[bot]
fc299e3335
🌱 Bump actions/dependency-review-action from 3.0.2 to 3.0.3 ( #2585 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0ff3da6f81...c090f4e553
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-16 11:10:07 +11:00
dependabot[bot]
4a9c77427b
🌱 Bump github/codeql-action from 2.1.36 to 2.1.38 ( #2597 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.36 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a669cc5936...515828d974
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-13 09:57:47 -06:00
dependabot[bot]
a2bc29a7a3
🌱 Bump actions/checkout from 3.2.0 to 3.3.0 ( #2583 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-06 17:04:10 +00:00
dependabot[bot]
7c0edac8fb
🌱 Bump nick-invision/retry from 2.8.2 to 2.8.3 ( #2576 )
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.8.2 to 2.8.3.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](3e91a01664...943e742917
)
---
updated-dependencies:
- dependency-name: nick-invision/retry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-05 11:14:36 -06:00
dependabot[bot]
6ff06a378d
🌱 Bump actions/setup-go from 3.3.1 to 3.5.0 ( #2575 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.3.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](c4a742cab1...6edd4406fa
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-02 11:00:51 -06:00
dependabot[bot]
72d4e98978
🌱 Bump tj-actions/changed-files from 35.1.0 to 35.2.0 ( #2574 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.1.0 to 35.2.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](0626c3f940...392359fc8c
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-30 08:53:23 -06:00
dependabot[bot]
cf3a43fa88
🌱 Bump ossf/scorecard-action from 2.1.1 to 2.1.2 ( #2570 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](15c10fcf1c...e38b1902ae
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 16:20:32 -08:00
laurentsimon
90cdd98809
Disable scorecard on PRs ( #2571 )
...
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-12-27 11:31:00 -08:00
Spencer Schrock
6bf19d5bdb
🌱 Switch from paths-ignore to changed-files action to skip required checks. ( #2566 )
...
* Switch from paths-ignore to changed-files action. This allows doc only changes to pass CI, which are currently blocked waiting for these required checks which will never run due to the path filter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Pin checkout action. Disable redundant docker build on push to main since cloud build handles the images.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-12-27 09:18:25 -08:00
dependabot[bot]
376f465c11
🌱 Bump actions/dependency-review-action from 3.0.1 to 3.0.2 ( #2551 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](11310527b4...0ff3da6f81
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-21 12:02:54 -08:00
dependabot[bot]
9efd21db31
🌱 Bump ossf/scorecard-action from 2.0.6 to 2.1.1 ( #2553 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...15c10fcf1c
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-21 06:54:39 -08:00
dependabot[bot]
20cc4eee98
🌱 Bump actions/checkout from 3.1.0 to 3.2.0 ( #2537 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](93ea575cb5...755da8c3cf
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-13 08:55:17 -06:00
dependabot[bot]
ac8c57580c
🌱 Bump github/codeql-action from 2.1.35 to 2.1.36 ( #2530 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2a92eb56d...a669cc5936
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-09 10:05:06 -06:00
dependabot[bot]
f5e6f63f04
🌱 Bump actions/stale from 5.1.1 to 6.0.1 ( #2511 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 5.1.1 to 6.0.1.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](9c1b1c6e11...5ebf00ea0e
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-06 10:37:16 -06:00
dependabot[bot]
045109e783
🌱 Bump github/codeql-action from 2.1.33 to 2.1.35 ( #2510 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.33 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](678fc3afe2...b2a92eb56d
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-05 13:23:00 -06:00
laurentsimon
e2846c0ae7
Update goreleaser.yaml ( #2516 )
...
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-12-02 14:17:49 -06:00
Arnaud J Le Hors
2169bc44c7
Use new project name in Copyright notices ( #2505 )
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-12-01 15:08:48 -08:00
raghavkaul
4c7066e3b6
🌱 attestor: module -> subpackage ( #2464 )
...
* Enable cilint checking on attestor and fix cilint errors
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Make attestor a subpackage of scorecard
* Move e2e test
* Use scorecard logger
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-11-30 10:22:00 -08:00
dependabot[bot]
7df624229f
🌱 Bump peter-evans/find-comment from 2.0.1 to 2.1.0 ( #2497 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](b657a70ff1...f4499a714d
)
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-29 09:18:07 -06:00
Naveen
fb07860d86
🌱 Included Gitlab token ( #2484 )
...
- Including Gitlab token for https://github.com/ossf/scorecard/pull/2280
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-11-23 17:41:22 -08:00
laurentsimon
e74e69f6cd
Enable scorecard run on pull request ( #2478 )
...
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-11-22 16:53:32 -06:00
Latortuga
f9f910d437
✨ Commit depth feature ( #2407 )
...
* 🌱 Bump actions/dependency-review-action from 2.4.1 to 2.5.1
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.1 to 2.5.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9c96258789...0efb1d1d84
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* commit_depth feature
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added more descriptive comments, changed numberofcommits variable name, moved paging for commits into seperate function.
small changes
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
linter
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added unit tests
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
added test in e2e
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2397 )
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump cloud.google.com/go/pubsub from 1.25.1 to 1.26.0
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.25.1 to 1.26.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.25.1...pubsub/v1.26.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.73.1 to 0.74.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.73.1...v0.74.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.20.2 to 1.23.0 (#2409 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.20.2 to 1.23.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.20.2...v1.23.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.50.0...v1.50.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump goreleaser/goreleaser-action from 2.9.1 to 3.2.0 (#2363 )
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.1 to 3.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b953231f81...b508e2e3ef
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2373 )
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.11.5 to 1.12.3.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.11.5...v1.12.3 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* fix workflow (#2417 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Bump scorecard-action (#2416 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Fail unit-test job if codecov upload fails (#2415 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Enable comparison for alternative isText implementation (#2414 )
* use more performant IsText
Signed-off-by: Spencer Schrock <sschrock@google.com>
* AB test isText implementations
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add comparison env var to release test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* go mod tidy for attestor
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🐛 modify alternative isText to accept carriage returns (#2421 )
* modify IsText from golang.org/x/tools/godoc/util to accept carriage returns.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add TODO reminder to cleanup after release tests
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.23.0 to 1.24.0
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.23.0...v1.24.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.29 to 2.1.30
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* revert failing unit-test on ci error (#2422 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ Improved Security Policy Check (#2195 )
* ✨ Improved Security Policy Check (#2137 )
* Examines and awards points for linked content (URLs / Emails)
* Examines and awards points for hints of disclosure and vulnerability practices
* Examines and awards points for hints of elaboration of timelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired Security Policy to correctly use linked content length for evaluation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* gofmt'ed changes
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired the case in the evaluation which was too sensitive to content length over the length of the linked content for urls and emails
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added unit test cases for the new content-based Security Policy checks
Signed-off-by: Scott Hissam <shissam@gmail.com>
* reverted the direct (mistaken) change to checks.md and updated the checks.yaml for generate-docs
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ Improved Security Policy Check (#2137 ) (revisted based on comments)
* replaced reason strings with log.Info & log.Warn (as seen in --show-details)
* internal assertion check for nil (*pinfo) and empty pfile
* internal switched to FileTypeText over FileTypeSource
* internal implement type SecurityPolicyInformationType/SecurityPolicyInformation revised SecurityPolicyData to support only one file
* revised expected unit-test results and revised unit-test to reflect the new SecurityPolicyData type
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; e2e tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed PR comments; added telemetry for policy hits in security policy file to track hits by line number
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflict with checks.yaml
Signed-off-by: Scott Hissam <shissam@gmail.com>
* updated raw results to emit all the raw information for the new security policy check
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflicts and lint errors with json_raw_results.go
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to reorganize security policy data struct to support the potential for multiple security policy files.
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Added logic to the security policy to process multiple security policy files only after future improvements to aggregating scoring across such files are designed. For now the security policy behaves as originally designed to stop once one of the expected policy files are found in the repo
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added comments regarding the capacity to support multiple policy files and removed unneeded break statements in the code
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to remove the dependency on the path in the filename from the code and introduced FileSize to checker.File type and removed the SecurityContentLength which was used to hold that information for the new security policy assessment
Signed-off-by: Scott Hissam <shissam@gmail.com>
* restored reporting full security policy path and filename for policies found in the org level repos
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved conflicts in checks.yaml for documentation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
* removed whitespace before stanza for Run attestor e2e
Signed-off-by: Scott Hissam <shissam@gmail.com>
* resolved code review and doc review comments
Signed-off-by: Scott Hissam <shissam@gmail.com>
* repaired the link for the maintainer's guide for supporting the coordinated vulnerability disclosure guidelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.30 to 2.1.31 (#2431 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* enable more performant isText (#2433 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* modified tests,InitRepo Function, Added GetCommitDepth Function to Client Interface
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* removed getcommitdepth function
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added TODO
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 in /tools (#2436 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Code Review: treat merging a PR as code review (#2413 )
* Merges on Github count as a code review by the maintainer
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update Raw Results
* More detailed information for Changesets
* If there's no Revision ID, use the Commit SHA instead
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Check that pull request had atleast one reviewer that wasn't its author
* Add field for Pull Request Merged-By to Github and Gitlab
* Note, this check can be bypassed if an author opens a PR with other
people's commits
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Trivial: Fix typo (exepted -> expected) (#2440 )
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump step-security/harden-runner from 1.5.0 to 2.0.0 (#2443 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.5.0 to 2.0.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](2e205a28d0...ebacdc22ef
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 cron: support reading prefix from file for controller input files (7/n) (#2445 )
* add prefix marker file to config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read the new config values, if they exist.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add function to fetch prefix file config value.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read prefix file if prefix not set.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests to verify how List works with various prefixes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests for getPrefix
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove panics from iterator helper functions
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Detect SECURITY.markdown in addition to SECURITY.md (#2447 )
GitHub probably supports many more file extensions for Markdown
files, but at the very least, `.md` and `.markdown` have been
standardized in RFC 7763.
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor (#2430 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 cron: expose the stackdriver prefix as a config variable so it can be changed. (#2446 )
* Expose the stackdriver prefix as a config variable so it can be changed.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* fix linter warning
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Only write to the rawBucket if the value exists. (#2451 )
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0 (#2448 )
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.2.0...v0.3.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump attestor modules
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Move cron monitoring to a non-internal location. (#2453 )
This allows external workers (e.g. criticality_score) to use the same
monitoring code.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#2455 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 3.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84...30d5821115
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents (#2454 )
* Generalize the transfer logic so it is easy to build new transfer agents
This change moves code that reads shards and produces summaries into the
data package so that it can be reused to create new transfer agents,
similar to the BigQuery transfer agent in cron/internal/bq.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* Lint fix and commentary.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/addlicense in /tools (#2459 )
Bumps [github.com/google/addlicense](https://github.com/google/addlicense ) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/google/addlicense/releases )
- [Changelog](https://github.com/google/addlicense/blob/master/.goreleaser.yaml )
- [Commits](https://github.com/google/addlicense/compare/v1.0.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/google/addlicense
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/go-containerregistry
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.12.0 to 0.12.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.12.0...v0.12.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* go mod tidy
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Added <= instead of == incase negative int is passed
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* missed test fix
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Latortuga <42878263+latortuga71@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: scott hissam <shissam@users.noreply.github.com>
Co-authored-by: Michael Scovetta <michael.scovetta@microsoft.com>
Co-authored-by: favonia <favonia@gmail.com>
Co-authored-by: Caleb Brown <calebbrown@google.com>
2022-11-22 16:11:36 +00:00
dependabot[bot]
555a7bf6b5
🌱 Bump actions/dependency-review-action from 3.0.0 to 3.0.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](30d5821115...11310527b4
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-17 23:31:36 +00:00
dependabot[bot]
ca44cf8346
🌱 Bump github/codeql-action from 2.1.31 to 2.1.33 ( #2461 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.31 to 2.1.33.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c3b6fce4ee...678fc3afe2
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-17 16:52:18 -06:00