dependabot[bot]
c9a09a14c4
🌱 Bump actions/upload-artifact in the github-actions group ( #4328 )
CodeQL / Analyze (go) (push) Has been cancelled
CodeQL / Analyze (javascript) (push) Has been cancelled
gitlab-tests / gitlab-integration-trusted (push) Has been cancelled
golangci-lint / check-linter (push) Has been cancelled
build / unit-test (push) Has been cancelled
build / generate-mocks (push) Has been cancelled
build / generate-docs (push) Has been cancelled
build / build-proto (push) Has been cancelled
build / validate-docs (push) Has been cancelled
build / add-projects (push) Has been cancelled
build / validate-projects (push) Has been cancelled
build / license boilerplate check (push) Has been cancelled
Scorecard analysis workflow / Scorecard analysis (push) Has been cancelled
build / ${{ matrix.target }} (build-add-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-bq-transfer) (push) Has been cancelled
build / ${{ matrix.target }} (build-cii-worker) (push) Has been cancelled
build / ${{ matrix.target }} (build-controller) (push) Has been cancelled
build / ${{ matrix.target }} (build-github-server) (push) Has been cancelled
build / ${{ matrix.target }} (build-scorecard) (push) Has been cancelled
build / ${{ matrix.target }} (build-shuffler) (push) Has been cancelled
build / ${{ matrix.target }} (build-validate-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-webhook) (push) Has been cancelled
build / ${{ matrix.target }} (build-worker) (push) Has been cancelled
2024-09-03 18:25:09 +00:00
dependabot[bot]
a8252b2175
🌱 Bump github/codeql-action ( #4321 )
2024-08-29 18:26:59 +00:00
Spencer Schrock
4303b741ea
🌱 Update Go toolchain to 1.23 ( #4300 )
...
CodeQL / Analyze (go) (push) Has been cancelled
CodeQL / Analyze (javascript) (push) Has been cancelled
gitlab-tests / gitlab-integration-trusted (push) Has been cancelled
golangci-lint / check-linter (push) Has been cancelled
build / unit-test (push) Has been cancelled
build / generate-mocks (push) Has been cancelled
build / generate-docs (push) Has been cancelled
build / build-proto (push) Has been cancelled
build / validate-docs (push) Has been cancelled
build / add-projects (push) Has been cancelled
build / validate-projects (push) Has been cancelled
build / license boilerplate check (push) Has been cancelled
Scorecard analysis workflow / Scorecard analysis (push) Has been cancelled
build / ${{ matrix.target }} (build-add-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-bq-transfer) (push) Has been cancelled
build / ${{ matrix.target }} (build-cii-worker) (push) Has been cancelled
build / ${{ matrix.target }} (build-controller) (push) Has been cancelled
build / ${{ matrix.target }} (build-github-server) (push) Has been cancelled
build / ${{ matrix.target }} (build-scorecard) (push) Has been cancelled
build / ${{ matrix.target }} (build-shuffler) (push) Has been cancelled
build / ${{ matrix.target }} (build-validate-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-webhook) (push) Has been cancelled
build / ${{ matrix.target }} (build-worker) (push) Has been cancelled
* update workflows to use go 1.23
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update tools/go.mod to 1.23
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump docker files
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-08-19 18:12:59 -04:00
dependabot[bot]
97dbce4066
🌱 Bump the github-actions group with 4 updates ( #4293 )
2024-08-12 17:02:09 +00:00
dependabot[bot]
d50480ac12
🌱 Bump actions/upload-artifact in the github-actions group ( #4282 )
CodeQL / Analyze (go) (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
2024-08-05 17:51:33 +00:00
dependabot[bot]
8a971217ac
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4276 )
2024-08-01 20:22:18 +00:00
dependabot[bot]
ad2d3438a5
🌱 Bump actions/setup-go from 5.0.1 to 5.0.2 ( #4239 )
2024-07-22 22:33:10 +00:00
dependabot[bot]
4772478f93
🌱 Bump the github-actions group across 1 directory with 4 updates ( #4249 )
2024-07-22 22:23:30 +00:00
dependabot[bot]
22b0ad13e2
🌱 Bump the github-actions group with 2 updates ( #4221 )
2024-07-10 21:29:26 +00:00
dependabot[bot]
98bb37fd3f
🌱 Bump github/codeql-action in the github-actions group ( #4202 )
2024-07-03 22:42:05 +00:00
Spencer Schrock
4895019884
fix dependabot config to group docker images ( #4211 )
...
This is apparently required with the current implementation of multi dir PRs.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-03 16:47:20 -04:00
dependabot[bot]
89d94606a1
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4190 )
...
Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout ), [github/codeql-action](https://github.com/github/codeql-action ) and [ko-build/setup-ko](https://github.com/ko-build/setup-ko ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...23acc5c183https://github.com/ko-build/setup-ko/releases )
- [Commits](ace48d7935...3aebd0597d
2024-06-26 21:01:56 +00:00
dependabot[bot]
6cae56f02b
🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 ( #4158 )
...
* 🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5.1.0 to 6.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5742e2a039...286f3b13b1https://goreleaser.com/deprecations/#-skip
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update config for v2
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use goreleaser v2 tooling for makefile
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Stephen Augustus <justaugustus@users.noreply.github.com>
2024-06-25 22:30:41 +00:00
Spencer Schrock
0d57c0224a
📖 Generate probe markdown documentation ( #4184 )
...
* generate probe markdown documentation
Walks the various probes def.yaml files and puts them in a single
markdown document. This doesn't currently include the remediation, but
neither does the existing checks.md document either.
In order to avoid duplicating yaml definitions, this existing ones were
moved to an internal directory so they can be reused.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe doc generation to Makefile
Note: There is no validate-docs step for the probes code, as the
def.yml fields are validated elsewhere currently in the unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix license for new yaml package
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-06-20 21:05:06 +00:00
dependabot[bot]
397ca510b4
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4159 )
...
Bumps the github-actions group with 3 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner ), [github/codeql-action](https://github.com/github/codeql-action ) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `step-security/harden-runner` from 2.8.0 to 2.8.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](f086349bfa...17d0e2bd7dhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...2e230e8fe0https://github.com/actions/dependency-review-action/releases )
- [Commits](0c155c5e85...72eb03d02c
2024-06-10 12:51:30 -04:00
dependabot[bot]
465add2acb
🌱 Bump the github-actions group with 2 updates ( #4127 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `step-security/harden-runner` from 2.7.1 to 2.8.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](a4aa98b93c...f086349bfahttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b7cec75265...9fdb3e4972
2024-05-29 08:23:28 -07:00
dependabot[bot]
72d60412a0
🌱 Bump actions/checkout in the github-actions group ( #4116 )
...
Bumps the github-actions group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.5 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4
2024-05-20 17:15:02 -04:00
dependabot[bot]
840f30c7c3
🌱 Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 ( #4103 )
...
* 🌱 Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](7ec5c2b0c6...5742e2a039
2024-05-14 10:36:59 -07:00
dependabot[bot]
6815161e15
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4105 )
2024-05-13 20:31:43 +00:00
dependabot[bot]
81d239f19c
🌱 Bump actions/setup-go from 5.0.0 to 5.0.1 ( #4083 )
2024-05-06 21:15:59 +00:00
dependabot[bot]
f3859fcd73
🌱 Bump the github-actions group across 1 directory with 2 updates ( #4085 )
2024-05-06 20:59:35 +00:00
dependabot[bot]
6147f367c4
🌱 Bump the github-actions group across 1 directory with 4 updates ( #4067 )
2024-04-30 21:18:01 +00:00
Spencer Schrock
d4487dc774
🌱 Enable dependabot multi-directory updates ( #4062 )
...
* allowed shared updates across gomod directories
Signed-off-by: Spencer Schrock <sschrock@google.com>
* group docker directories
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-30 13:36:49 -07:00
dependabot[bot]
db55585a49
🌱 Bump the github-actions group across 1 directory with 6 updates ( #4051 )
2024-04-24 17:59:20 +00:00
Spencer Schrock
252eee2f68
🌱 bump publishimage version ( #4028 )
...
* bump version
Signed-off-by: Spencer Schrock <sschrock@google.com>
* only publish images for tagged releases or candidates.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-24 10:27:28 -07:00
Adam Harvey
b77f248ff6
🌱 Bump CodeQL Action version to 3.24.10 and remove whitespace ( #3972 )
...
* 🌱 Remove whitespace
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
* 🌱 Bump CodeQL Action version manually
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
* 🌱 Bump CodeQL Action to v3.x series
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
* chore(ci): Bump to latest CodeQL action hash/version
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
---------
Signed-off-by: Adam Harvey <33203301+adamdmharvey@users.noreply.github.com>
2024-04-12 05:28:34 +00:00
dependabot[bot]
d58bfb03aa
🌱 Bump the github-actions group with 6 updates ( #3985 )
...
Updates the requirements on [actions/checkout](https://github.com/actions/checkout ), [github/codeql-action](https://github.com/github/codeql-action ), [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [actions/cache](https://github.com/actions/cache ), [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) and [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) to permit the latest version.
Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cdcdbb5797https://github.com/actions/dependency-review-action/releases )
- [Commits](9129d7d40b...5bbc3ba658https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](ab5e6d0c87...0c45773b62https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0 )
Updates `slsa-framework/slsa-verifier` from 2.4.1 to 2.5.1
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1...v2.5.1 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-type: direct:production
dependency-group: github-actions
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-01 14:27:31 -07:00
Spencer Schrock
e780e089f5
🌱 polish scorecard workflow for use as example workflow ( #3969 )
...
This updates the version comments, adds some explanatory comments,
and generally makes it better. The intent is to use this file as an example
for the Scorecard Action repo so it remains up-to-date.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-03-22 11:14:57 -07:00
dependabot[bot]
90a3708b19
🌱 Bump the github-actions group with 2 updates ( #3911 )
...
Bumps the github-actions group with 2 updates: [actions/cache](https://github.com/actions/cache ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/cache` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](13aacd865c...ab5e6d0c87https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...c850b930e6
2024-03-04 09:48:54 -08:00
afmarcum
60eec25c8c
🌱 Update stale.yml, issue template label references ( #3907 )
...
Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com>
2024-02-29 14:18:25 -08:00
dependabot[bot]
b972699842
🌱 Bump the github-actions group with 1 update ( #3896 )
...
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/dependency-review-action` from 4.0.0 to 4.1.3
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](4901385134...9129d7d40b
2024-02-22 18:51:29 +00:00
Spencer Schrock
4f4b44d08a
🌱 Use git diff instead of external action for changed files ( #3894 )
...
* Use git diff instead of third party action.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* clarify approach
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-02-22 10:07:06 -08:00
dependabot[bot]
9b65bde9a6
🌱 Bump the github-actions group with 1 update ( #3870 )
...
Bumps the github-actions group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ).
Updates `golangci/golangci-lint-action` from 3.7.0 to 4.0.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](3a91952989...3cfe3a4abb
2024-02-13 15:42:00 +00:00
dependabot[bot]
fb3edd9d63
🌱 Bump the github-actions group with 6 updates ( #3860 )
...
Bumps the github-actions group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner ) | `2.6.1` | `2.7.0` |
| [nick-invision/retry](https://github.com/nick-invision/retry ) | `2.9.0` | `3.0.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `3.1.5` | `3.1.6` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.3.0` | `3.4.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.0` | `4.3.1` |
| [actions/download-artifact](https://github.com/actions/download-artifact ) | `4.1.1` | `4.1.2` |
Updates `step-security/harden-runner` from 2.6.1 to 2.7.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](eb238b55ef...63c24ba6bdhttps://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](14672906e6...7152eba30chttps://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](4fe8c5f003...ab904c41d6https://github.com/sigstore/cosign-installer/releases )
- [Commits](9614fae9e5...e1523de757https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312https://github.com/actions/download-artifact/releases )
- [Commits](6b208ae046...eaceaf801f
2024-02-07 12:21:56 -08:00
Spencer Schrock
64d330790d
🌱 Update Go toolchain to 1.22 ( #3859 )
...
* update workflows to use go 1.22
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update tools go.mod to 1.22.
no one imports this, so we can bump it now and
avoid issues in the future where we need to upgrade.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump docker files
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-02-07 11:36:37 -08:00
dependabot[bot]
ccf2553bef
🌱 Bump arduino/setup-protoc from 1.3.0 to 3.0.0 ( #3853 )
...
* 🌱 Bump arduino/setup-protoc from 1.3.0 to 3.0.0
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](149f6c87b9...c65c819552
2024-02-06 21:40:01 +00:00
dependabot[bot]
6f816c80bc
🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2 ( #3834 )
...
* 🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.6.1...v1.6.2 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* specify go patch version
go mod tidy requires this. I was able to delete the toolchain directive,
and it wasn't added back.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump dockerfiles to 1.21.6 so the build works
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump go version used in codeql workflow
github runners currently use Go 1.20 by default,
which doesn't understand 1.21.x format.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-01-31 18:54:06 +00:00
dependabot[bot]
a25f108f4b
🌱 Bump the github-actions group with 3 updates ( #3825 )
...
Bumps the github-actions group with 3 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [codecov/codecov-action](https://github.com/codecov/codecov-action ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `tj-actions/changed-files` from 42.0.0 to 42.0.2
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](ae82ed4ae0...90a06d6ba9https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](eaaf4bedf3...4fe8c5f003https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-29 11:07:53 -08:00
Josh Soref
3b948257fc
📖 Fix spelling ( #3804 )
...
* spelling: accurate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: administrator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: analyze
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: andtwenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ascii
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: association
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: at least
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: attestor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: barbaric
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: bucket
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: by
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: can
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-insensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-sensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: checking
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: command-line
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: commit
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: committed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: conclusion
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: corresponding
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: created
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dataset
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: default
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: defines
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependabot
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependency
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: depending
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: desired
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: different
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: disclose
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: download
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: each
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: enforce
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: every time
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: exist
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: existing
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: fields
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: files
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: for
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: force-push
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: gitlab
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ignoreed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implementation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implements
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: increase
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: indicates
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: initialized
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: instructions
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: invalid
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: marshal
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: match
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: name
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: nonexistent
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: organization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: package
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: provenance
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: query
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: readers
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: receive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: registered
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: remediate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requests
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requires
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: return
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: scorecard
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: separator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: serialization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: sign up
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specifications
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: successfully
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: their
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: twenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unexpected
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unused
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unverified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: validate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vendor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulns
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: will
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: without
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflow
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflows
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---------
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-01-26 23:08:26 +00:00
dependabot[bot]
e41a3febdb
🌱 Bump the github-actions group with 4 updates ( #3815 )
...
Bumps the github-actions group with 4 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [actions/cache](https://github.com/actions/cache ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/dependency-review-action` from 3.1.5 to 4.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](c74b580d73...4901385134https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](62f4729b5d...ae82ed4ae0https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](e12d46a63a...13aacd865chttps://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b
2024-01-22 08:43:02 -06:00
Spencer Schrock
ee4e83a318
🌱 Enforce make add-projects for GitHub and GitLab repos ( #3780 )
...
* fail if add-projects not run
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add gitlab file to add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* order gitlab projects with make add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* simplify workflow job
this binary doesn't need the build protos
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-01-19 14:11:19 -08:00
dependabot[bot]
8ac9ca15a3
🌱 Bump the github-actions group with 4 updates ( #3794 )
...
Bumps the github-actions group with 4 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [actions/cache](https://github.com/actions/cache ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `tj-actions/changed-files` from 41.0.1 to 41.1.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](716b1e1304...62f4729b5dhttps://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](704facf57e...e12d46a63ahttps://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3ehttps://github.com/actions/download-artifact/releases )
- [Commits](f44cd7b40b...6b208ae046
2024-01-15 08:49:23 -06:00
dependabot[bot]
6f31d2da0b
🌱 Bump the github-actions group with 1 update ( #3775 )
...
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/dependency-review-action` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](01bc87099b...c74b580d73
2024-01-08 06:51:19 -06:00
dependabot[bot]
c90e0bb4d3
🌱 Bump the github-actions group with 4 updates ( #3747 )
...
Bumps the github-actions group with 4 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `tj-actions/changed-files` from 40.2.2 to 41.0.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](9454999946...716b1e1304https://github.com/sigstore/cosign-installer/releases )
- [Commits](1fc5bd396d...9614fae9e5https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32ehttps://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...f44cd7b40b
2023-12-28 19:26:38 +00:00
dependabot[bot]
6a226ce06b
🌱 Bump actions/setup-go from 4.1.0 to 5.0.0 ( #3726 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2023-12-28 02:06:04 +00:00
dependabot[bot]
39d1b33a19
🌱 Bump the github-actions group with 2 updates ( #3725 )
...
Bumps the github-actions group with 2 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [actions/stale](https://github.com/actions/stale ).
Updates `tj-actions/changed-files` from 40.2.1 to 40.2.2
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](1c938490c8...9454999946https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](1160a22402...28ca103628
2023-12-13 21:35:02 +00:00
Pedro Kaj Kjellerup Nacht
663e1a9bad
🌱 Use backlog and "help wanted" labels on issues/PRs to keep stale-bot away ( #3690 )
...
* Use "never stale" tag on issues/PRs to keep stale-bot away
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace 'never stale' with 'icebox', 'help wanted'
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace "icebox,help needed" with "backlog,help wanted"
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
2023-12-12 19:01:00 +00:00
dependabot[bot]
320ce05868
🌱 Bump the github-actions group with 3 updates ( #3715 )
...
Bumps the github-actions group with 3 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ).
Updates `actions/dependency-review-action` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](7bbfa034e7...01bc87099bhttps://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25ef3926d1...1c938490c8https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](3c3411345e...012269a88f
2023-12-05 22:25:19 +00:00
Spencer Schrock
84bd607ae8
🌱 fix script injection ( #3695 )
...
Thanks to @AdnaneKhan for the report.
* start with reporter patch
* use env variable for bash step too
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-27 23:10:51 +00:00
dependabot[bot]
76878e5b4d
🌱 Bump the github-actions group with 2 updates ( #3686 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [actions/github-script](https://github.com/actions/github-script ).
Updates `step-security/harden-runner` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1b05615854...eb238b55efhttps://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
2023-11-20 12:16:39 -05:00
