dependabot[bot]
1e1bfabccf
🌱 Bump actions/cache from 3.0.6 to 3.0.7
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](f4278025ab...a7c34adf76
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:59:50 +00:00
Carlos Tadeu Panato Junior
83c07bfd32
🌱 github actions cleanup and set to get the latest go available ( #2135 )
...
* update slsa generator to 1.2.0 and use git hash
Signed-off-by: cpanato <ctadeu@gmail.com>
* update go to get always the latest available and general cleanup
Signed-off-by: cpanato <ctadeu@gmail.com>
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-08-10 08:44:33 -07:00
dependabot[bot]
0eb7cb2d74
🌱 Bump nick-invision/retry from 2.8.0 to 2.8.1 ( #2130 )
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](616fa81820...b4fa57557d
)
---
updated-dependencies:
- dependency-name: nick-invision/retry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-08 06:37:24 -10:00
dependabot[bot]
596a2e1ba4
🌱 Bump actions/cache from 3.0.5 to 3.0.6 ( #2127 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.5 to 3.0.6.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0865c47f36...f4278025ab
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-06 08:25:05 -05:00
dependabot[bot]
86eff21160
🌱 Bump nick-invision/retry from 2.6.0 to 2.8.0
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.6.0 to 2.8.0.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](7f8f3d9f0f...616fa81820
)
---
updated-dependencies:
- dependency-name: nick-invision/retry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-04 14:39:28 +00:00
dependabot[bot]
384c79d511
🌱 Bump actions/stale from 5.1.0 to 5.1.1 ( #2106 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](532554b8a8...9c1b1c6e11
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-28 09:25:15 -05:00
Azeem Shaikh
5fa75960db
Scorecard runs fail with any unrecognized steps ( #2103 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-07-27 22:32:37 +00:00
Azeem Shaikh
d7cb711207
Fix bug in Scorecard analysis CI ( #2099 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-07-27 14:09:28 -07:00
Azeem Shaikh
c581062fe7
Enable Scorecard badge ( #2097 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-07-27 19:04:07 +00:00
dependabot[bot]
4f30e02a24
🌱 Bump sigstore/cosign-installer from 2.4.1 to 2.5.0
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](48866aa521...09a077b27e
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-27 18:24:07 +00:00
dependabot[bot]
baedf84082
🌱 Bump imjasonh/setup-ko from 0.4 to 0.5 ( #2096 )
...
Bumps [imjasonh/setup-ko](https://github.com/imjasonh/setup-ko ) from 0.4 to 0.5.
- [Release notes](https://github.com/imjasonh/setup-ko/releases )
- [Commits](2c3450ca27...78eea08f10
)
---
updated-dependencies:
- dependency-name: imjasonh/setup-ko
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-27 12:44:30 -05:00
dependabot[bot]
8f96d6ba25
🌱 Bump crazy-max/ghaction-import-gpg from 5.0.0 to 5.1.0 ( #2091 )
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](34ea557550...c8bb57c57e
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-25 09:28:08 -05:00
dependabot[bot]
d77f59f0ef
🌱 Bump sigstore/cosign-installer from 1.2.1 to 2.4.1 ( #2021 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 1.2.1 to 2.4.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](f700e6fbba...48866aa521
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-23 05:42:10 -05:00
dependabot[bot]
96835aae83
🌱 Bump actions/stale from 5.0.0 to 5.1.0
...
Bumps [actions/stale](https://github.com/actions/stale ) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](3cc1237663...532554b8a8
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-23 04:13:36 +00:00
Carlos Tadeu Panato Junior
0e4f5db4e4
remove not used workflow ( #2089 )
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-07-22 06:39:59 -07:00
dependabot[bot]
59c06f00de
🌱 Bump ossf/scorecard-action from 1.1.0 to 1.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.0 to 1.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](5c8bc69dc8...ce330fde6b
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-16 17:41:23 +00:00
dependabot[bot]
4ff5b2b489
🌱 Bump actions/cache from 3.0.4 to 3.0.5 ( #2049 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](c3f1317a9e...0865c47f36
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-14 10:11:31 +00:00
dependabot[bot]
287ee7d319
🌱 Bump actions/dependency-review-action from 2.0.2 to 2.0.4 ( #2054 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.0.2 to 2.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](1c59cdf2a9...94145f3150
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-14 04:05:13 -05:00
dependabot[bot]
220c49d52b
🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 ( #2040 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](b22fbbc292...84cbf80943
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-07-12 22:22:25 +00:00
dependabot[bot]
e608741e58
🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](248ae51c2e...74b568e859
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-11 21:42:33 +00:00
raghavkaul
90ed090448
🌱 Build/test fixes: Install protoc and protoc-gen-go ( #2038 )
...
* Install protoc in validate-projects step
The `validate-projects` Makefile target depends on compilation of all go
binaries, including the protobuf generated go binaries
* Makefile: Cron build relies on `make install` for tools deps
* Add an explicit dependency to the build-proto steps
* Remove sleep
2022-07-11 20:02:22 +00:00
dependabot[bot]
f3e21fa970
🌱 Bump actions/cache from 3.0.3 to 3.0.4 ( #1988 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](30f413bfed...c3f1317a9e
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-08 15:48:42 +00:00
dependabot[bot]
f1dfbcb892
🌱 Bump actions/dependency-review-action from 1.0.2 to 2.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.2 to 2.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](a9c83d3af6...1c59cdf2a9
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-08 14:31:37 +00:00
Naveen
bc12ba6f78
🌱 Workaround for Protoc failures in GH Actions ( #2025 )
...
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-07-06 14:22:06 -04:00
laurentsimon
3b7c46f779
✨ SLSA provenance/build ( #1702 )
...
* SLSA build
* missing files
* updates
* updates
* updates
* indent fix
* update
* update
* updates
* updates
* updates
* updates
2022-06-08 09:54:09 -07:00
laurentsimon
4bd3391a36
✨ Raw results for Pinned-Dependencies ( #1932 )
...
* backup
* update
* update
* draft
* updates
* updates
* updates
* updates
* fix
* linter
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* linter
* comments
* linter
* linter
* tests
* updates
* updates
* tests
2022-06-06 14:31:22 -07:00
laurentsimon
23523f6d09
Update publishimage.yml ( #1977 )
2022-06-01 16:42:23 -07:00
Naveen
0eeb0c20cd
🌱 Signing scorecard images using cosign ( #1970 )
...
* --wip-- [skip ci]
* 🌱 Signing scorecard images using cosign
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-31 16:42:32 +00:00
dependabot[bot]
4a88dac00f
🌱 Bump actions/cache from 3.0.2 to 3.0.3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](48af2dc4a9...30f413bfed
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 16:14:24 +00:00
dependabot[bot]
1471c807da
🌱 Bump crazy-max/ghaction-import-gpg from 4.4.0 to 5
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.4.0 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](e00cb83a68...34ea557550
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 16:31:07 +00:00
dependabot[bot]
a997c0abe1
🌱 Bump actions/setup-go from 3.1.0 to 3.2.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fcdc43634a...b22fbbc292
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 16:08:17 +00:00
dependabot[bot]
b491e47611
🌱 Bump ossf/scorecard-action from 1.0.4 to 1.1.0 ( #1963 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...5c8bc69dc8
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 18:26:59 +00:00
dependabot[bot]
d5e755cb08
🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](39e692fa32...a9c83d3af6
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 13:54:08 +00:00
dependabot[bot]
108f88d056
🌱 Bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #1941 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6673cd052c...3cea537223
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-23 06:41:30 -05:00
dependabot[bot]
fc7157e38a
🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 ( #1923 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](3f943b86c9...39e692fa32
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-18 07:10:22 -05:00
dependabot[bot]
6406cfd4e3
🌱 Bump actions/setup-go from 3.0.0 to 3.1.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634a
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 16:52:04 +00:00
dependabot[bot]
e97bf30ef6
🌱 Bump step-security/harden-runner from 1.4.2 to 1.4.3
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](34cbc43f0b...248ae51c2e
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-02 08:45:02 -05:00
dependabot[bot]
5d8a277d76
🌱 Bump crazy-max/ghaction-import-gpg from 4.3.0 to 4.4.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](4d58d49bfe...e00cb83a68
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 10:28:45 -05:00
dependabot[bot]
dbaba8a536
🌱 Bump step-security/harden-runner from 1.4.1 to 1.4.2
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/v1.4.1...34cbc43f0b10c9dda284e663cf43c2ebaf83e956 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 09:29:45 -05:00
dependabot[bot]
ee1086efd7
🌱 Bump codecov/codecov-action from 3.0.0 to 3.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-22 07:25:53 -05:00
dependabot[bot]
64bf903f36
🌱 Bump actions/checkout from 3.0.1 to 3.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](dcd71f6466...2541b1294d
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-22 07:02:44 -05:00
naveensrinivasan
6ed6c9b70e
🌱 Publish images with ko
...
- Publish images with ko
https://github.com/ossf/scorecard/issues/744
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-18 10:40:05 -05:00
dependabot[bot]
6c59ff9bfe
🌱 Bump actions/checkout from 3.0.0 to 3.0.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a12a3943b4...dcd71f6466
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-15 05:34:31 -05:00
laurentsimon
6a48f174ce
fix
2022-04-12 10:54:38 -05:00
laurentsimon
2873c0d58d
e2e for GITHUB_TOKEN
2022-04-12 10:54:38 -05:00
dependabot[bot]
fb0c0e1527
🌱 Bump actions/cache from 3.0.1 to 3.0.2
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](136d96b4ae...48af2dc4a9
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-11 07:36:08 -05:00
naveensrinivasan
f9c2f9d79f
🌱 Dependency review action
...
Included the https://github.com/actions/dependency-review-action
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-09 14:09:42 -05:00
dependabot[bot]
4df16f3350
🌱 Bump codecov/codecov-action from 2.1.0 to 3
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 14:55:05 +00:00
naveensrinivasan
761bb4e4b3
🌱 Fixes the golang version
...
Hopefully this fixes the make linter failures
https://github.com/ossf/scorecard/runs/5834278035?check_suite_focus=true
I noticed while trying to debug , which was using go 1.18 in the
workflow log.
Which made me decide to pin it to specific version of go 1.17.7
```
go env -w GOFLAGS=-mod=mod
make check-linter
shell: /usr/bin/bash -e {0}
env:
PROTOC_VERSION: 3.17.3
GOROOT: /opt/hostedtoolcache/go/1.18.0/x64
```
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-05 14:45:31 -05:00
naveensrinivasan
648b6634e6
🌱 Experimental option for codeql
...
- Included the experimental option for Codeql
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
2022-04-01 19:15:44 -05:00
naveensrinivasan
ab9769a4da
🌱 Fix protoc build failures
...
- Fix protoc build failures by retries
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-31 14:33:45 -05:00
dependabot[bot]
99ecdea2dd
🌱 Bump actions/cache from 3.0.0 to 3.0.1
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](4b0cf6cc46...136d96b4ae
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-31 17:37:21 +00:00
cpanato
93889a8e70
install missing tool in add-projects job
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
cpanato
f1268bfaee
cleanup protoc version
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
Carlos Tadeu Panato Junior
92027ed41b
small cleanup on the workflow jobs and remove the master branch reference ( #1800 )
...
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-03-30 16:11:30 +00:00
Azeem Shaikh
6a078c68c2
Use GITHUB_TOKEN
for downloading protoc ( #1797 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-03-29 13:55:45 -07:00
Guillaume Ross
682e6ea176
Explicit permissions for github actions
...
To improve OSSF Scorecard score on Scorecard repo
2022-03-29 10:29:08 -05:00
dependabot[bot]
10bd777ddf
🌱 Bump peter-evans/find-comment from 1.3.0 to 2
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1.3.0 to 2.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](d2dae40ed1...1769778a0c
)
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-23 01:08:04 +00:00
dependabot[bot]
aecff0bc1b
🌱 Bump peter-evans/create-or-update-comment from 1.4.5 to 2
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 1.4.5 to 2.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](a35cf36e53...c9fcb64660
)
---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 23:36:02 +00:00
dependabot[bot]
c671bac37d
🌱 Bump peter-evans/slash-command-dispatch from 2.3.0 to 3
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.3.0 to 3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](40877f718d...2afb49dbaa
)
---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 22:59:08 +00:00
dependabot[bot]
28635662b8
🌱 Bump actions/upload-artifact from 2.3.1 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052c
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 22:11:20 +00:00
dependabot[bot]
a69fda734d
🌱 Bump actions/cache from 2.1.7 to 3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases )
- [Commits](937d244753...4b0cf6cc46
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 10:48:03 -05:00
Naveen
1c61acd325
Update main.yml
2022-03-21 09:00:27 -05:00
Naveen
8fd286d225
Update stale.yml
2022-03-21 09:00:27 -05:00
naveensrinivasan
76d3e10536
🌱 Restrict egress on github actions
...
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-21 09:00:27 -05:00
dependabot[bot]
64893b84a9
🌱 Bump step-security/harden-runner from 1.4.0 to 1.4.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](bdb12b622a...9b0655f430
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-21 04:44:28 -05:00
Naveen
c8acf3645f
🌱 .github: Audit CodeQL egress with harden-runner ( #1728 )
2022-03-15 16:14:03 +00:00
dependabot[bot]
c8af71cf35
🌱 Bump crazy-max/ghaction-import-gpg from 4.2.0 to 4.3.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](b7c9a01276...4d58d49bfe
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-15 05:11:38 -05:00
dependabot[bot]
189cdc5b9b
🌱 Bump actions/stale from 4.1.0 to 5
...
Bumps [actions/stale](https://github.com/actions/stale ) from 4.1.0 to 5.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](7fb802b307...3cc1237663
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 09:03:04 -06:00
dependabot[bot]
23819152f8
🌱 Bump crazy-max/ghaction-import-gpg from 4.1.0 to 4.2.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](cb4264d331...b7c9a01276
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 08:10:27 -06:00
dependabot[bot]
13b9cc5212
🌱 Bump actions/checkout from 2.4.0 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ec3a7ce113...a12a3943b4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 07:29:16 -06:00
dependabot[bot]
837729418a
🌱 Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](c127c9be61...b953231f81
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-01 06:42:36 -06:00
dependabot[bot]
dd9ae7df99
🌱 Bump actions/setup-go from 2.2.0 to 3
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](bfdd3570ce...f6164bd8c8
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-01 06:33:03 -06:00
dependabot[bot]
4635570f7c
🌱 Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.8.1 to 2.9.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](79d4afbba1...c127c9be61
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-28 06:37:46 -06:00
Azeem Shaikh
504f134416
Update scorecard-analysis.yml ( #1674 )
2022-02-23 21:08:46 -08:00
naveen
5dbc04a0c6
🌱 Avoid duplicate builds
...
Avoiding duplicate builds on main
https://github.community/t/how-to-trigger-an-action-on-push-or-pull-request-but-not-both/16662/2
2022-02-21 00:56:51 -06:00
dependabot[bot]
1306b34853
🌱 Bump ossf/scorecard-action from 1.0.3 to 1.0.4
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](b614d455ee...c1aec4ac82
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-18 07:38:26 -06:00
naveen
bba55d4257
🌱 Parallelize builds
...
- parallelize builds
2022-02-17 15:23:21 -06:00
naveen
1aff6db9f6
🌱 Ignore docker builds
...
- ignore docker builds for non-main branches
- ignore docker builds for *.md
2022-02-16 17:52:55 -06:00
Azeem Shaikh
de5224bbc5
Update e2e tests ( #1641 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 19:27:45 +00:00
naveen
35511342c8
🌱 Parallelize the builds
...
- Created a workflow with multiple jobs for each of the docker builds
- Created a workflow with multiple jobs for each of the ko builds
- Removed the reference to dockerbuild and kobuild in the build-targets
make target
- This should reduce the time required to finish the CI builds as it
makes it parallel.
2022-02-15 11:51:54 -06:00
dependabot[bot]
9b921f07c7
🌱 Bump actions/setup-go from 2.1.5 to 2.2.0 ( #1619 )
2022-02-10 10:13:56 +00:00
laurentsimon
61e52d4a65
update workflow ( #1617 )
2022-02-09 10:51:58 -08:00
Naveen
30fc06e4a8
Fixed the formatting issue
2022-02-07 15:15:57 -06:00
naveen
aaf7a9f208
🌱 Cache builds between runs
...
Cache builds between runs.
2022-02-07 11:52:36 -06:00
laurentsimon
7032b1910e
Ignore all files under testdata/ ( #1594 )
2022-02-02 19:17:21 +00:00
dependabot[bot]
9d38be486e
🌱 Bump ossf/scorecard-action from 1.0.2 to 1.0.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](c8416b0b2b...b614d455ee
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-01 12:12:33 -06:00
dependabot[bot]
19a73a4696
🌱 Bump ossf/scorecard-action from 1.0.1 to 1.0.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](e3e75cf2ff...c8416b0b2b
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-25 06:33:45 -06:00
naveen
026d98edf8
🌱 Included e2e coverage for codecov
2022-01-19 19:41:03 -06:00
naveen
2dcdbcd32b
🌱 Track code coverage
...
Track code coverage
https://github.com/ossf/scorecard/issues/986
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-19 16:29:31 -06:00
Azeem Shaikh
fc87431507
Add exemption to stale issue workflow ( #1486 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-01-18 14:45:35 -06:00
dependabot[bot]
b8e054ba9e
🌱 Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5df302e5e9...79d4afbba1
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-17 19:23:17 -06:00
dependabot[bot]
4837262895
🌱 Bump ossf/scorecard-action from 1.0.0 to 1.0.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](005020cb6a...e3e75cf2ff
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-17 09:07:59 -06:00
dependabot[bot]
361fbd0fc9
🌱 Bump ossf/scorecard-action from 0.0.2 to 1.0.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 0.0.2 to 1.0.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](5f4e3145c8...005020cb6a
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-14 07:45:26 -06:00
dependabot[bot]
1e821a1231
🌱 Bump ossf/scorecard-action from 0.0.1 to 0.0.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 0.0.1 to 0.0.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](175f59783f...5f4e3145c8
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-10 08:00:54 -06:00
dependabot[bot]
d6c8bb40d7
🌱 Bump ossf/scorecard-action ( #1435 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 5fc8ff3ee41559cbd1079b561414c8fe3272afab to 0.0.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](5fc8ff3ee4...175f59783f
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-06 17:33:31 +00:00
dependabot[bot]
eef99b5ce0
🌱 Bump actions/setup-go from 2.1.4 to 2.1.5 ( #1407 )
2021-12-22 08:40:44 -06:00
dependabot[bot]
090ae4f0bb
🌱 Bump actions/stale from 4.0.0 to 4.1.0 ( #1384 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](cdf15f641a...7fb802b307
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-12-17 17:53:20 +00:00
Azeem Shaikh
26733c95be
Update timeout for retries ( #1403 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-16 10:25:35 -08:00
Azeem Shaikh
be7fe32866
Fix more retry breakages ( #1398 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-15 23:27:23 +00:00
Azeem Shaikh
bbbca2bd87
Fix retry workflow ( #1397 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-15 14:31:46 -08:00
naveen
a13b63eae2
🌱 Improves the ci-e2e with retries
2021-12-15 12:50:36 -06:00
Naveen
a0513aa877
Update stale.yml
2021-12-13 16:53:51 -06:00
Naveen
9c89717239
🌱 Fix the stale configuration. ( #1385 )
...
The number of issues and PR aren't getting attention and this will help
us with this.
2021-12-13 08:52:01 -08:00
laurentsimon
8cb4804c28
✨ Update action names ( #1346 )
...
* update action
* add schedule
* comments
* e2e fix
2021-12-03 02:17:00 +00:00
Varun Sharma
9ab2b20b07
Update verify.yml ( #1325 )
...
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-12-02 22:11:00 +00:00
Azeem Shaikh
aa558ff2f4
Add parallelism to improve build times ( #1342 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-02 12:20:27 -08:00
laurentsimon
fb3d483c7d
✨ Only run license check and not everything ( #1333 )
...
* remove make all
* pin
* fix
2021-12-01 14:10:42 +00:00
Varun Sharma
f9b9773e2f
🌱 Secure workflow stale.yml ( #1326 )
...
* Update stale.yml
* Update stale.yml
* Update stale.yml
* Update stale.yml
2021-11-23 23:33:49 +00:00
laurentsimon
67c5e933d0
fix ( #1318 )
2021-11-19 21:27:14 -08:00
asraa
730076fab1
🐛 fix dangerous workflow test and workflow parsing ( #1283 )
...
* fix dangerous workflow
Signed-off-by: Asra Ali <asraa@google.com>
* check if removing label comment fixes
Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-11-20 00:16:02 +00:00
Azeem Shaikh
10ee2c069f
Use pull_request_target
+ protected env for e2e ( #1308 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-11-19 15:48:31 -08:00
Evgeny Vereshchagin
b4e32052fe
ci: drop trailing whitespaces ( #1292 )
...
This should help to prevent various linters from complaining about
trailing whitespaces when the file is copy-pasted to other repositories:
```
.github/workflows/scorecard-analysis.yml:2: trailing whitespace.
+on:
.github/workflows/scorecard-analysis.yml:18: trailing whitespace.
+
.github/workflows/scorecard-analysis.yml:40: trailing whitespace.
+
```
2021-11-17 20:40:53 +00:00
Naveen
0339eeadc2
🌱 Fix integration test runs ( #1286 )
2021-11-17 03:36:39 +00:00
laurentsimon
b3ac52a06b
PR support ( #1227 )
2021-11-08 13:48:29 -08:00
Naveen
4ee366eb0f
🌱 Move docker build checks to ko ( #1214 )
...
Move the docker builds checks to ko
2021-11-08 15:55:58 +00:00
dependabot[bot]
6562cc1f44
🌱 Bump actions/checkout from 2.3.5 to 2.4.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1e204e9a92...ec3a7ce113
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-03 10:56:59 -05:00
Azeem Shaikh
c73c5628ea
Fix GitHub workflows failing ( #1172 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-10-28 18:42:55 +00:00
naveen
aa634bd251
🌱 Fixes the broken e2e
...
Fixes for broken e2e
2021-10-26 20:11:21 -05:00
naveen
fd238d0e40
🌱 Fix goreleaser permission and flags
...
Fixes goreleaser flags issue and sets specific permission for
goreleaser.
2021-10-26 16:32:05 -05:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image ( #1127 )
...
* feat: add google/ko support for building/pusing container image
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
* feat: updates according to reviews
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2021-10-26 17:22:22 +00:00
dependabot[bot]
f38abc03be
🌱 Bump actions/checkout from 1 to 2.3.5 ( #1137 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 1 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v1...1e204e9a9253d643386038d443f96446fa156a97 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-19 19:28:58 +00:00
dependabot[bot]
b3874325f8
🌱 Bump goreleaser/goreleaser-action from 2.7.0 to 2.8.0 ( #1136 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5a54d7e660...5df302e5e9
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-10-18 15:23:28 +00:00
dependabot[bot]
a020b1632f
🌱 Bump crazy-max/ghaction-import-gpg from 4.0.0 to 4.1.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](8c43807e82...cb4264d331
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-10-18 08:05:46 -07:00
Naveen
aaa3512af7
🌱 Fix integration githubaction permissions ( #985 )
...
* Changed the integration GitHub action permissions to contents:read, pull-requests:write
2021-10-04 09:33:31 -05:00
dependabot[bot]
f63f07ddc5
🌱 Bump actions/github-script from 4.1.1 to 5 ( #1067 )
...
* 🌱 Bump actions/github-script from 4.1.1 to 5
Bumps [actions/github-script](https://github.com/actions/github-script ) from 4.1.1 to 5.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](deb7ae927c...441359b1a3
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update integration.yml
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-10-01 03:57:43 +00:00
laurentsimon
e60bf03d91
disable PR ( #1093 )
2021-10-01 00:13:47 +00:00
laurentsimon
83bb5af0ef
fix ( #1089 )
2021-09-29 23:19:44 +00:00
laurentsimon
b4e0ee2fe8
✨ Start support for action on PR ( #1085 )
...
* changes
* fix
* fix
* fix
* comment
* bug
2021-09-29 01:03:30 +00:00
laurentsimon
67a8e5f9f6
fix ( #1080 )
2021-09-28 15:49:29 +00:00
laurentsimon
676885f752
✨ Add scorecard analysis for dogfooding ( #1073 )
...
* fix
* fix
* updates
* fix
* comments
* fix
* test comment
2021-09-27 23:13:29 +00:00
Azeem Shaikh
1d3f3e3e77
gpg-private-key
in goreleaser (#1064 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-27 01:09:10 +00:00
dependabot[bot]
42e2b98a45
🌱 Bump actions/github-script from 4.1.0 to 4.1.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](f891eff651...deb7ae927c
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-09-24 10:43:16 -05:00
naveen
1e4f7232e8
🌱 Fixes permission for main.yml action
...
https://github.com/ossf/scorecard/issues/942
2021-09-15 16:30:36 -05:00
Naveen
af24ed4d7f
🌱 Included codeql check for GitHub Actions ( #988 )
...
Included codeql check for GitHub actions https://github.com/ossf/scorecard/issues/987
2021-09-09 23:02:11 +00:00
Naveen
a3d63bf324
🌱 Updated actions permission for codeql ( #964 )
...
* Updated the actions permissions for codeql from write to specific
settings. https://github.com/ossf/scorecard/issues/942
2021-09-07 08:52:14 -07:00
dependabot[bot]
942c4cfc25
🌱 Bump crazy-max/ghaction-import-gpg from 3.2.0 to 4 ( #971 )
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 3.2.0 to 4.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](1c6a9e9d35...8c43807e82
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-07 15:24:51 +00:00
Chris McGehee
29b7bd3885
Parsing GitHub Workflows should only happen on yaml files
2021-09-06 10:51:33 -05:00
dependabot[bot]
f55b86d662
🌱 Bump peter-evans/slash-command-dispatch from 2.2.1 to 2.3.0 ( #955 )
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](fc430081ad...40877f718d
)
---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-03 16:39:23 +00:00
flying-cow
1434977ac0
:sparkling: Upgraded to go 1.17
2021-09-01 18:31:44 -04:00
dependabot[bot]
f2afdba107
🌱 Bump actions/setup-go from 2.1.3 to 2.1.4
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](37335c7bb2...331ce1d993
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-26 10:56:13 -05:00
Azeem Shaikh
b89808ff8c
Pin protoc by SHA ( #909 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 15:54:10 +00:00
Azeem Shaikh
cc30d54db2
Use arduino/setup-protoc
for installing Protoc ( #903 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 09:31:04 -04:00
dependabot[bot]
7bc2e00589
🌱 Bump peter-evans/find-comment from 1.2.0 to 1.3.0 ( #893 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](309ce798ba...d2dae40ed1
)
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-08-24 22:20:22 +00:00
laurentsimon
276155d1eb
✨ SARIF 4: Add support to output SARIF format ( #866 )
...
* draft1
* draft2
* draft
* draft 3
* typos
* unit tests
* fixes
* fixes
* related locs
* fixes
* version
* fixes
* linter/fix
* fixes
* linter
* gofmt -s
2021-08-23 21:31:33 +00:00
dependabot[bot]
42700ee940
🌱 Bump actions/github-script from 4.0.2 to 4.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 4.0.2 to 4.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](a3e7071a34...f891eff651
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-20 11:05:08 -05:00
Azeem Shaikh
6cc41359a9
Remove false log statement ( #835 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-11 04:09:13 +00:00
dependabot[bot]
a2e34ede98
🌱 Bump crazy-max/ghaction-import-gpg from 3.1.0 to 3.2.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](b0793c0060...1c6a9e9d35
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-10 10:03:06 -05:00
naveen
ef9880c7b3
🌱 Implemented ignore for license check
...
The license check was updated with the ignore files.
Fixed the issue https://github.com/ossf/scorecard/issues/767
2021-08-09 16:09:01 -05:00
Appu
8534836923
Also add version info to goreleaser ( #822 )
...
- shared configuration generation in ./scripts/version-ldflags
Signed-off-by: Appu Goundan <appu@google.com>
2021-08-09 18:22:30 +00:00
Naveen
91d3d82348
🌱 Fix the protobuf GitHub runner issue ( #801 )
...
Fixes the protobuf GitHub runner issue by cloning the repository and
installing it locally.
Source https://lukasjoswiak.com/github-actions-protobuf/
2021-08-02 23:52:57 +00:00
dependabot[bot]
a66b53ebe4
🌱 Bump peter-evans/slash-command-dispatch from 2.1.3 to 2.2.1 ( #735 )
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.1.3 to 2.2.1.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](72ab5a2e41...fc430081ad
)
---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-07-31 11:12:20 +00:00
dependabot[bot]
564b10946f
🌱 Bump goreleaser/goreleaser-action from 2.6.1 to 2.7.0 ( #762 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](ac067437f5...5a54d7e660
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-29 21:51:16 +00:00
Azeem Shaikh
851646d4db
Disable e2e tests temporarily ( #785 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 19:39:39 +00:00
laurentsimon
492d9cd29b
disable license check ( #784 )
2021-07-29 19:30:26 +00:00
dependabot[bot]
428a4d659c
🌱 Bump actions/stale from 3.0.19 to 4 ( #695 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 3.0.19 to 4.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](98ed4cb500...cdf15f641a
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-07-16 17:30:01 +00:00
naveen
a55d542e0d
🌱 Remove gitcache docker
...
Remove the gitcache docker image
2021-07-14 12:31:15 -05:00
naveen
219404e0b7
🌱 Removing gitcache
...
Removing gitcache
2021-07-13 01:03:21 -05:00
dependabot[bot]
18c3178a84
🌱 Bump codecov/codecov-action from 1.5.0 to 1.5.2 ( #558 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](a1ed4b322b...29386c70ef
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-06-28 22:19:47 -07:00
naveen
6aefe1b6ac
🌱 Fix broken e2e tests
...
* Changed the path for the frozen deps to look for within the
.github/worworkflows path
* Included license check to tools.go
* Removed the hard reference to ginkgo within the integration.yml
* The above fixes will fix the broken tests for scorecard.
Repo: github.com/ossf/scorecard
Frozen-Deps: Fail 10
go modules found: go.mod
!! frozen-deps/fetch-execute - .github/workflows/integration.yml is fetching an non-pinned dependency 'go get github.com/onsi/ginkgo/ginkgo@v1.14.2'
!! frozen-deps/fetch-execute - .github/workflows/main.yml is fetching an non-pinned dependency 'go install github.com/google/addlicense@latest'
2021-06-28 15:28:10 -05:00
Naveen
d998d56112
🌱 Fixes GitHub workflow failures ( #593 )
...
The validate and the e2e are failing because of the bug in golang
https://github.com/golang/go/issues/44129
This fix is a temporary workaround.
2021-06-20 15:48:21 -04:00
naveen
e7ea1a2b88
🌱 Fixes the broken PR Verifier
...
Reverted to the original permission.
2021-06-10 12:31:21 -04:00
naveen
28b1db9267
🌱 Fixes write permissions for ok-to-test
...
Allowed write permissions to action for commenting on the status of the
PR.
2021-06-07 12:49:11 -04:00
dependabot[bot]
b04df4e256
🌱 Bump goreleaser/goreleaser-action from 2.6.0 to 2.6.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](70eb4e573c...ac067437f5
)
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-31 09:14:30 -04:00
dependabot[bot]
df44a898cf
🌱 Bump goreleaser/goreleaser-action from 2.5.0 to 2.6.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5e15885530...70eb4e573c
)
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-27 15:55:27 -04:00
dependabot[bot]
947a075c7c
🌱 Bump github/codeql-action ( #482 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from cb5810848de15b695cd9ef3b559dd178c43c7df3 to 1.0.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cb5810848d...bc2cbe3983
)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-05-26 16:10:12 +00:00
dependabot[bot]
90e1aeb7ec
🌱 Bump actions/stale from 3.0.18 to 3.0.19 ( #470 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 3.0.18 to 3.0.19.
- [Release notes](https://github.com/actions/stale/releases )
- [Commits](3b3c3f03cd...98ed4cb500
)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-18 10:47:18 -04:00
laurentsimon
6367cc44f6
pin scorecard workflow depepdencies by hash ( #456 )
2021-05-14 16:59:05 -07:00
dependabot[bot]
53262f0368
🌱 Bump codecov/codecov-action from 1 to 1.5.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1 to 1.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v1.5.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 10:38:27 -05:00
dependabot[bot]
33c1e903a4
🌱 Bump actions/checkout from 2 to 2.3.4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 10:26:18 -05:00
dependabot[bot]
dd6c652db6
🌱 Bump actions/stale from 3 to 3.0.18
...
Bumps [actions/stale](https://github.com/actions/stale ) from 3 to 3.0.18.
- [Release notes](https://github.com/actions/stale/releases )
- [Commits](https://github.com/actions/stale/compare/v3...v3.0.18 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 09:34:55 -05:00
dependabot[bot]
775a36a393
🌱 Bump peter-evans/create-or-update-comment from 1 to 1.4.5
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 1 to 1.4.5.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v1...v1.4.5 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 09:30:11 -05:00
dependabot[bot]
35b62a9905
🌱 Bump peter-evans/find-comment from 1 to 1.2.0 ( #439 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1 to 1.2.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](https://github.com/peter-evans/find-comment/compare/v1...v1.2.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-12 13:29:05 +00:00
dependabot[bot]
9478fe3147
🌱 Bump goreleaser/goreleaser-action from 2 to 2.5.0 ( #441 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2 to 2.5.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Changelog](https://github.com/goreleaser/goreleaser-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v2...v2.5.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-12 09:24:03 -04:00
Naveen
14dfc45fae
🌱 Move the docker containers to gcr.io ( #419 )
...
* Included a build on push to master on gcr.io
* Updated the README with the gcr.io
* Removed the docker.yaml build push
2021-05-11 14:11:06 +00:00
dependabot[bot]
c1ef0900f2
🌱 Bump google-github-actions/setup-gcloud from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1 ( #425 )
...
* 🌱 Bump google-github-actions/setup-gcloud
Bumps [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud ) from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/google-github-actions/setup-gcloud/releases )
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/master/CHANGELOG.md )
- [Commits](94337306dd...daadedc81d
)
Signed-off-by: dependabot[bot] <support@github.com>
* Update integration.yml
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
2021-05-10 08:20:31 -07:00
naveen
a4768922a9
🌱 Removed the trivy scan
...
* Removed container using trivy as it is in gcr.io
2021-05-08 17:47:49 -05:00
laurentsimon
82d6c171bc
🐛 Pin workflow dependencies ( #417 )
...
* pin workflow dependencies
* comments
Co-authored-by: Abhishek Arya <inferno@chromium.org>
2021-05-07 18:35:57 -07:00
naveen
a64426e369
🌱 Remove synk
...
Removing synk as per our discussion.
2021-04-29 12:32:21 -05:00
naveen
da2e7029c7
🌱 Update golangci version to 1.39
...
* Upgrade the golangci version to 1.39
* Changed the checkout depth
https://github.com/golangci/golangci-lint/issues/1088#issuecomment-801540792
2021-04-29 08:24:41 -05:00
naveen
872e9139d8
🐛 docker build for gitcache
...
* Fixed docker build for git cache
2021-04-26 10:01:50 -05:00
dependabot[bot]
bdf86e00c8
🌱 Bump actions/github-script from v3 to v4.0.2
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from v3 to v4.0.2.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v3...a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-26 08:30:49 -05:00
naveen
3d24435ba8
🌱 Fixing the docker build issue
2021-04-23 15:17:42 -04:00
Naveen
760e01fbb8
Revert " 🌱 Bump actions/github-script from v3 to v4.0.1"
...
This reverts commit 3ad35e3661
.
2021-04-23 11:53:17 -04:00
dependabot[bot]
3ad35e3661
🌱 Bump actions/github-script from v3 to v4.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from v3 to v4.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v3...85e88a66eaa831097093a3d278536947f2984d20 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-22 08:37:01 -04:00
nathannaveen
f5185e4bd6
🌱 included copyright headers.
2021-04-01 21:36:10 -05:00
naveen
8427362772
🌱 verifier to generate release notes
...
The verifier helps release notes generation.
https://github.com/kubernetes-sigs/kubebuilder-release-tools
https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/verify/main.go
2021-03-18 12:19:06 -04:00
naveen
88de2df279
Feat-Use synk to check cron-job security settings
...
Use synk to check for cron-job yaml for secuity misconfiguration.
2021-03-12 21:03:29 -05:00
naveen
3489c83404
Feat - Include synk check for k8s yaml
...
Synk has set of rules to validate the k8s yaml for insecure
configuration.
This action will validate the k8s yaml for insecure configuration.
2021-03-12 20:56:00 -05:00
naveen
248fda288e
Fix - docker builds for scorecard cron
...
Fixed the docker build for scorecard cron and as well as updated the
integration to test for the docker builds.
2021-03-05 13:14:33 -05:00
naveen
abb06c9dbc
feat- Reorganize the code structure
...
Reorganize the code structure for testing and maintenance.
Feat - Included http endpoint
2021-03-04 19:08:47 -05:00
Naveen
3e979657bf
Implemented docker for gitcache ( #231 )
...
* Implemented caching the git folder instead of just a branch.
Implemented logging.
Refactored code.
* Feat - Implemented docker for gitcache
2021-03-04 03:22:17 +00:00
Naveen
b4c2e4fd13
feat - migrate to go 1.16 ( #233 )
...
Upgrade to go version 1.16
2021-03-03 18:56:29 +00:00
naveen
7b192a0243
feat - Included tests for disk cache
...
Included tests for disk cache.
Cleaned up tests.
2021-02-26 15:46:21 -05:00
naveen
6f2a0f43f4
Fix - Output path for the test runs
2021-02-25 15:59:39 -05:00
naveen
a7174d8ad7
Feature - Include e2e tests for docker
...
Included e2e tests for docker.
Included .Dockerignore to ignore files.
Included Docker build in the Makefile.
2021-02-25 11:02:45 -05:00
naveen
cab29a2747
Feat- Use cloud buckets for caching
...
Use cloud buckets for httpcache.
The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
2021-02-24 11:17:50 -05:00
Naveen
e0a02567fb
Fix - Cleanup the makefile targets ( #207 )
2021-02-21 23:35:39 +00:00
naveen
5018c5012c
Fix - GitHub bot message URL for ok-to-test
...
Fixed the incorrect URL to the ok-to-test bot message
2021-02-19 14:04:24 -05:00
dependabot[bot]
030ab1dbc5
Bump peter-evans/slash-command-dispatch from v1 to v2.1.3
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from v1 to v2.1.3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](https://github.com/peter-evans/slash-command-dispatch/compare/v1...72ab5a2e417e454aa8e89c43b28e36fe331e00a5 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-19 08:28:45 -05:00
naveen
1e93904a66
Fix - Remove the app reference for the slash token
2021-02-18 16:14:12 -05:00
naveen
9b4b8be7e0
Feature - ok-to-test in github action
2021-02-18 15:45:55 -05:00
naveen
f906f3f568
Feature - sign releases
2021-02-17 17:53:41 -05:00
naveen
ef4c8d0758
Fix - refactor the lint in the actions
2021-02-16 15:59:50 -05:00
naveen
51f017b206
Fix - ignore empty github token
2021-02-16 14:35:22 -05:00
naveen
db7bfcf342
Fix - golanglint-ci report only new issues
2021-02-16 14:23:03 -05:00
naveen
ce8e1e79ea
Feature - Include additional linters for golangci
...
Included additional linters for golangci. The new linters would be
reported existing issues.
2021-02-16 14:06:59 -05:00
dependabot[bot]
64660915d6
Bump golangci/golangci-lint-action from v2 to v2.4.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from v2 to v2.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...544d2efb307b3f205f34886f2787046abe7fb26e )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-15 08:48:59 -05:00
naveen
af2132e927
Fix- e2e tests to include the executable
...
Included e2e tests for the executable with JSON
2021-02-14 11:46:17 -05:00
naveen
cb7ee064b9
Feature - container scanning for scorecard
2021-02-12 17:01:58 -05:00
naveen
0b85e7e2e8
Fix - docker latest image
2021-02-11 16:32:07 -05:00
naveen
6dd3698be8
Fix - Fixes the e2e tests for PR's
2021-02-10 16:07:03 -05:00
naveen
7e158f80e5
Docker releases to GitHub Docker registry
...
This will release docker container to GitHub docker registry.
2021-02-09 10:54:01 -05:00
naveen
2a1463b315
Feature - Report codecoverage to codecov.io
2021-01-26 17:49:11 -05:00
naveen
c4c99cd676
feature - Included the e2e into the PR workflows
...
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.
Update the contributing doc with scopes of the personal access token.
Updated the workflow to include the e2e tests.
2021-01-13 13:04:22 -05:00
naveen
91bfea5c2f
feat - Close stale issues
...
Close stale issues.
2021-01-12 18:19:10 -05:00
Naveen
b216a1e494
Feat - implemented goreleaser for releases ( #117 )
...
Implemented goreleaser for releasing the code to github.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-01-04 07:36:56 -06:00
naveen
a56f707350
Feat - Implemented Makefile and actions for PR
...
Implemented Makefile and actions for PR and push to validate fmt, go mod
tidy , go build and go test
2020-12-22 16:51:24 -05:00
Naveen
6549eccacc
Create codeql-analysis.yml ( #101 )
2020-12-22 07:27:02 -06:00