dependabot[bot]
85d5aa2d77
🌱 Bump tj-actions/changed-files from 37.4.0 to 37.5.0 ( #3303 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.4.0 to 37.5.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](de0eba3279...920e7b9ae1
2023-07-25 07:46:24 -05:00
Spencer Schrock
4ac9999462
🌱 Ensure check markdown is kept in sync with source yaml. ( #3300 )
...
* Ensure check markdown is kept in sync with check yaml.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* change generate-docs target to detect changes to docs/checks.md directly.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-24 14:10:13 -07:00
Spencer Schrock
a779588f35
🌱 Add separate cache for long-running tests ( #3293 )
...
* Add separate cache for unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* share cache with gitlab tests too.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* share cache with github integration tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* explicitly download modules in unit test job
Signed-off-by: Spencer Schrock <sschrock@google.com>
* checkout needs to be before the go.mod is read.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* checkout needs to be before the go.sum files are hashed.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-21 14:46:49 -07:00
Spencer Schrock
67e3f7567f
🌱 Consolidate GitLab e2e workflows. ( #3278 )
...
* Move gitlab to different workflow to parallelize.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add missing versions.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-21 11:13:33 -07:00
Spencer Schrock
d52897036f
🌱 Fix hanging docker jobs for doc only changes. ( #3292 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-21 17:20:51 +00:00
Spencer Schrock
2255c88656
🌱 Use a matrix for when building binaries in main.yml ( #3291 )
...
* Use matrix for build jobs.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* These build targets dont seem to need protoc.
This lets us save the API quota.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-21 09:32:54 -07:00
Spencer Schrock
be7c032020
🌱 Use a matrix for docker image building ( #3290 )
...
* working matrix.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove unneeded env vars. Add comments.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* minor syntax change.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-20 19:03:18 -07:00
dependabot[bot]
f83d2ec396
🌱 Bump tj-actions/changed-files from 37.3.0 to 37.4.0
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.3.0 to 37.4.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](39283171ce...de0eba3279
2023-07-20 20:22:10 +00:00
Spencer Schrock
2a7344bce3
🌱 Include attestor Dockerfile in CI and dependabot updates ( #3285 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-20 13:00:51 -07:00
dependabot[bot]
c299c00ea5
🌱 Bump tj-actions/changed-files from 37.1.2 to 37.3.0 ( #3280 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.1.2 to 37.3.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](2a968ff601...39283171ce
2023-07-19 10:37:45 -05:00
Spencer Schrock
7cc6482680
🌱 Delete unused project-update functionality. ( #3269 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-18 21:58:19 +00:00
Naveen
4d85d8f1cc
🌱 Excluded dependabot from codecov ( #3272 )
...
- Exclude dependabot from codecov job in main.yml
[.github/workflows/main.yml]
- Exclude dependabot from codecov job
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-07-17 17:09:15 +00:00
dependabot[bot]
9545d797fc
🌱 Bump tj-actions/changed-files from 37.1.1 to 37.1.2 ( #3266 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.1.1 to 37.1.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](1f20fb83f0...2a968ff601
2023-07-16 17:46:25 +00:00
dependabot[bot]
7753d7d8c3
🌱 Bump tj-actions/changed-files from 37.1.0 to 37.1.1 ( #3259 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.1.0 to 37.1.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](87e23c4c79...1f20fb83f0
2023-07-11 08:13:42 -05:00
dependabot[bot]
abcf148cb9
🌱 Bump tj-actions/changed-files from 37.0.5 to 37.1.0 ( #3253 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.0.5 to 37.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](54849deb96...87e23c4c79
2023-07-10 12:07:18 -05:00
Spencer Schrock
271f0f2a27
🌱 Linter workflow cleanup ( #3247 )
...
* Fix linter timeout by renaming deprecated deadline.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Disable depguard linter.
As of golangci-lint v3.5.0, the depguard linter is complaining. We don't use a .depguard.yml file, so just disabling the linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Move linter into own workflow.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Fix bash command substitution.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add harden runner.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch names to existing linter job
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Update golangci-lint to v1.53.3
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-07-07 16:03:29 -04:00
dependabot[bot]
15b9046188
🌱 Bump tj-actions/changed-files from 37.0.4 to 37.0.5 ( #3239 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.0.4 to 37.0.5.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](bb3376162b...54849deb96
2023-06-30 08:10:26 -05:00
dependabot[bot]
b2bc681a00
🌱 Bump sigstore/cosign-installer from 3.0.5 to 3.1.1
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.5 to 3.1.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](dd6b2e2b61...6e04d228eb
2023-06-28 17:05:18 +00:00
dependabot[bot]
0a39e0b352
🌱 Bump tj-actions/changed-files from 37.0.3 to 37.0.4 ( #3228 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.0.3 to 37.0.4.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](ec1e14cf27...bb3376162b
2023-06-28 11:53:59 -05:00
dependabot[bot]
cf2e0667af
🌱 Bump tj-actions/changed-files from 36.4.1 to 37.0.3
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.4.1 to 37.0.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](54479c37f5...ec1e14cf27
2023-06-26 16:37:27 +00:00
dependabot[bot]
a912722ae9
🌱 Bump ossf/scorecard-action from 2.1.3 to 2.2.0 ( #3212 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](80e868c13c...08b4669551
2023-06-26 11:14:24 -05:00
dependabot[bot]
8788f114a0
🌱 Bump tj-actions/changed-files from 36.4.0 to 36.4.1
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.4.0 to 36.4.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](e1754a427f...54479c37f5
2023-06-21 09:20:04 +00:00
dependabot[bot]
119acffec7
🌱 Bump step-security/harden-runner from 2.4.0 to 2.4.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](128a63446a...55d479fb1c
2023-06-21 09:07:21 +00:00
dependabot[bot]
77919b0418
🌱 Bump tj-actions/changed-files from 36.2.1 to 36.4.0 ( #3175 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.2.1 to 36.4.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](c9124514c3...e1754a427f
2023-06-18 14:50:58 +00:00
dependabot[bot]
f928748c0e
🌱 Bump tj-actions/changed-files from 36.1.0 to 36.2.1 ( #3169 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.1.0 to 36.2.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](fb20f4d248...c9124514c3
2023-06-15 15:02:13 +00:00
dependabot[bot]
1336d9481c
🌱 Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](f82d6c1c34...336e29918d
2023-06-13 22:20:55 +00:00
dependabot[bot]
d5ed41db02
🌱 Bump actions/checkout from 3.5.2 to 3.5.3 ( #3148 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-13 18:06:39 +00:00
dependabot[bot]
9dee205a3c
🌱 Bump github/codeql-action from 2.3.6 to 2.13.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.6 to 2.13.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](83f0fe6c49...cdcdbb5797
2023-06-13 09:07:07 +00:00
dependabot[bot]
0d84edf76a
🌱 Bump tj-actions/changed-files from 36.0.18 to 36.1.0 ( #3143 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.18 to 36.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](07e0177b72...fb20f4d248
2023-06-09 10:54:18 -05:00
dependabot[bot]
2734a0c841
🌱 Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 ( #3139 )
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-08 18:02:42 +00:00
dependabot[bot]
cf103dea9e
🌱 Bump tj-actions/changed-files from 36.0.15 to 36.0.18
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.15 to 36.0.18.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5d2fcdb4cb...07e0177b72
2023-06-08 09:07:58 +00:00
Raghav Kaul
fdfe2b9b9e
Don't run pat e2e on dependabot merges ( #3119 )
...
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-06-03 17:42:08 -05:00
dependabot[bot]
7772314743
🌱 Bump tj-actions/changed-files from 36.0.12 to 36.0.15 ( #3116 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.12 to 36.0.15.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5978e5a2df...5d2fcdb4cb
2023-06-02 11:45:25 -05:00
dependabot[bot]
14c8ade533
🌱 Bump github/codeql-action from 2.3.5 to 2.3.6 ( #3112 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49
2023-06-02 11:31:52 -05:00
dependabot[bot]
3c400c7dd6
🌱 Bump tj-actions/changed-files from 36.0.9 to 36.0.12 ( #3108 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.9 to 36.0.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](cf4fe8759a...5978e5a2df
2023-06-01 12:24:28 -05:00
dependabot[bot]
d5c80c933f
🌱 Bump actions/dependency-review-action from 3.0.4 to 3.0.6 ( #3104 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.4 to 3.0.6.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f46c48ed6d...1360a344cc
2023-06-01 11:13:10 -05:00
dependabot[bot]
dc7350546e
🌱 Bump tj-actions/changed-files from 36.0.3 to 36.0.9 ( #3088 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.3 to 36.0.9.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25eaddf37a...cf4fe8759a
2023-05-30 16:15:44 +00:00
dependabot[bot]
7406bcb85e
🌱 Bump arduino/setup-protoc from 1.2.0 to 1.3.0 ( #3089 )
...
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](4b3578161e...149f6c87b9
2023-05-30 11:00:09 -05:00
dependabot[bot]
e82a1aea5c
🌱 Bump tj-actions/changed-files from 35.9.2 to 36.0.3 ( #3071 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.9.2 to 36.0.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](b2d17f5124...25eaddf37a
2023-05-26 11:02:36 +00:00
dependabot[bot]
17cf8d0dd8
🌱 Bump github/codeql-action from 2.3.4 to 2.3.5 ( #3072 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0e3dfb303...0225834cc5
2023-05-26 05:48:23 -05:00
dependabot[bot]
e0ac01d9ec
🌱 Bump github/codeql-action from 2.3.3 to 2.3.4 ( #3064 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...f0e3dfb303
2023-05-25 09:05:06 -05:00
Spencer Schrock
68c23e166d
🌱 Simplify caching in docker workflow ( #3061 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-05-24 22:46:04 +00:00
Spencer Schrock
30fd0ca413
only run e2e pat on push ( #3056 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-05-24 10:00:49 -05:00
Naveen
e0a6d1544b
Update main.yml ( #3054 )
...
-Fixed the YAML indenting issue.
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2023-05-23 18:36:26 +00:00
Naveen
c631ebd7fb
🌱 Run E2E PAT test for push to main ( #3046 )
...
- Add E2E PAT tests for push to main.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-05-23 12:53:57 -05:00
dependabot[bot]
73c145c5e8
🌱 Bump arduino/setup-protoc from 1.1.2 to 1.2.0
...
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](64c0c85d18...4b3578161e
2023-05-18 19:47:41 +00:00
dependabot[bot]
682f274d53
🌱 Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 ( #3029 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](03d0fecf17...dd6b2e2b61
2023-05-18 19:32:37 +00:00
Naveen
a3a133181a
🌱 Included e2e tests for push to main ( #2951 )
...
- Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-05-17 16:27:22 +00:00
dependabot[bot]
2113975043
🌱 Bump sigstore/cosign-installer from 3.0.3 to 3.0.4
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](204a51a57a...03d0fecf17
2023-05-17 15:02:24 +00:00
dependabot[bot]
4048d22622
🌱 Bump codecov/codecov-action from 3.1.3 to 3.1.4
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](894ff025c7...eaaf4bedf3
2023-05-16 15:45:44 +00:00
dependabot[bot]
661df0e5dd
🌱 Bump actions/setup-go from 4.0.0 to 4.0.1
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4d34df0c23...fac708d667
2023-05-16 15:31:17 +00:00
dependabot[bot]
a268d57ac4
🌱 Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0
...
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-12 13:01:42 +00:00
raghavkaul
4eddb16b35
🌱 Gitlab: e2e test fixes in main ( #2992 )
...
* test secret chagnes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update score
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* address cr comments
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-05-11 22:31:26 +00:00
dependabot[bot]
fdea7aef4f
🌱 Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 15:05:01 +00:00
dependabot[bot]
7d994707a9
🌱 Bump github/codeql-action from 2.3.2 to 2.3.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f3feb00acb...29b1f65c5e
2023-05-05 18:15:53 +00:00
dependabot[bot]
3e4f22c4bd
🌱 Bump step-security/harden-runner from 2.3.0 to 2.4.0 ( #2957 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/v2.3.0...128a63446a954579617e875aaab7d2978154e969 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-05 18:00:36 +00:00
dependabot[bot]
72e697786c
🌱 Bump tj-actions/changed-files from 35.9.1 to 35.9.2 ( #2933 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.9.1 to 35.9.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](4a0aac0d19...b2d17f5124
2023-05-02 10:00:27 -05:00
dependabot[bot]
3564a6dab0
🌱 Bump slsa-framework/slsa-verifier from 2.1.0 to 2.2.0 ( #2930 )
...
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.1.0...v2.2.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-01 07:52:45 -05:00
Batuhan Apaydın
195767d90b
feature: enable verification for provenance ( #2765 )
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2023-04-28 14:23:42 -07:00
dependabot[bot]
273dccda33
🌱 Bump github/codeql-action from 2.3.1 to 2.3.2 ( #2924 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8662eabe0e...f3feb00acb
2023-04-28 13:19:40 +00:00
dependabot[bot]
2d87611dbd
🌱 Bump tj-actions/changed-files from 35.9.0 to 35.9.1
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.9.0 to 35.9.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](ce810b29b2...4a0aac0d19
2023-04-28 13:05:22 +00:00
dependabot[bot]
7586d2f272
🌱 Bump github/codeql-action from 2.3.0 to 2.3.1 ( #2920 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...8662eabe0e
2023-04-27 11:37:46 -05:00
Naveen
2239b1338f
🌱 Included coverage metrics from other e2e ( #2905 )
...
* 🌱 Included coverage metrics from other e2e
- Update codecov to include multiple directories in the workflow integration
[.github/workflows/integration.yml]
- Update codecov files to include multiple directories
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated based on code review comments.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-26 19:13:34 +00:00
Spencer Schrock
032f2998c0
🌱 Skip cosign confirmation prompt. ( #2918 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-04-26 18:45:52 +00:00
Spencer Schrock
f3b777086f
🌱 Use Go version as specified by our go.mod file. ( #2912 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-04-26 17:10:06 +00:00
dependabot[bot]
dd352a1d37
🌱 Bump sigstore/cosign-installer from 3.0.2 to 3.0.3
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](9e9de2292d...204a51a57a
2023-04-26 12:08:28 +00:00
dependabot[bot]
63b3177921
🌱 Bump tj-actions/changed-files from 35.8.0 to 35.9.0 ( #2901 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.8.0 to 35.9.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](7ecfc6730d...ce810b29b2
2023-04-25 15:09:29 +00:00
raghavkaul
c54fb4f8eb
✨ Gitlab: Maintained check ( #2860 )
...
* gitlab: maintained check
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update workflow
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-04-25 10:40:14 -04:00
dependabot[bot]
0739e9eed0
🌱 Bump codecov/codecov-action from 3.1.2 to 3.1.3 ( #2903 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.2...894ff025c7b54547a9a2a1e9f228beae737ad3c2 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-25 09:54:50 -04:00
raghavkaul
46c6fe700c
✨ Gitlab: CI-Tests check ( #2833 )
...
* gitlab: support ci-tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update gitlab workflows
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
2023-04-24 17:58:27 +00:00
dependabot[bot]
d31e28afae
🌱 Bump github/codeql-action from 2.2.12 to 2.3.0 ( #2900 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
2023-04-24 10:05:01 -07:00
dependabot[bot]
9a3ed3de69
🌱 Bump codecov/codecov-action from 3.1.2 to 3.1.3 ( #2894 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](40a12dcee2...894ff025c7
2023-04-21 12:00:44 +00:00
dependabot[bot]
ef77082908
🌱 Bump step-security/harden-runner from 2.3.0 to 2.3.1 ( #2889 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](03bee39306...6b3083af28
2023-04-20 13:36:52 +00:00
dependabot[bot]
1c441f3773
🌱 Bump slsa-framework/slsa-github-generator from 1.4.0 to 1.5.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-15 15:52:51 +00:00
dependabot[bot]
d0e952c317
🌱 Bump github/codeql-action from 2.2.11 to 2.2.12
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
2023-04-14 18:02:17 +00:00
dependabot[bot]
7eeffb16e4
🌱 Bump actions/checkout from 3.5.1 to 3.5.2 ( #2869 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](83b7061638...8e5e7e5ab8
2023-04-14 12:46:17 -05:00
dependabot[bot]
3704b1f260
🌱 Bump tj-actions/changed-files from 35.7.12 to 35.8.0
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.12 to 35.8.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](b109d83a62...7ecfc6730d
2023-04-13 13:37:19 +00:00
dependabot[bot]
973b2d37d6
🌱 Bump actions/checkout from 3.5.0 to 3.5.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8f4b7f8486...83b7061638
2023-04-13 13:23:40 +00:00
dependabot[bot]
862bfc6ed7
🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.2
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](81cd2dc814...40a12dcee2
2023-04-12 11:50:45 +00:00
dependabot[bot]
e8cf5d4e00
🌱 Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 ( #2842 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](c3667d9942...9e9de2292d
2023-04-10 10:00:03 -05:00
dependabot[bot]
cf0533a0a2
🌱 Bump tj-actions/changed-files from 35.7.8 to 35.7.12
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.8 to 35.7.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](e9b5807e92...b109d83a62
2023-04-09 14:57:18 +00:00
dependabot[bot]
fade79ba6b
🌱 Bump github/codeql-action from 2.2.9 to 2.2.11 ( #2836 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
2023-04-07 12:56:14 -05:00
dependabot[bot]
73e857ecdf
🌱 Bump step-security/harden-runner from 2.2.1 to 2.3.0 ( #2823 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1f99358870...03bee39306
2023-04-05 10:41:09 -05:00
dependabot[bot]
41d4c1b39a
🌱 Bump ossf/scorecard-action from 2.1.2 to 2.1.3 ( #2806 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
2023-03-30 22:51:58 -07:00
dependabot[bot]
3411949faf
🌱 Bump tj-actions/changed-files from 35.7.7 to 35.7.8 ( #2801 )
2023-03-30 05:32:30 +00:00
dependabot[bot]
a394c13c3f
🌱 Bump github/codeql-action from 2.2.8 to 2.2.9 ( #2802 )
2023-03-30 05:16:35 +00:00
dependabot[bot]
22e9419159
🌱 Bump actions/checkout from 3.4.0 to 3.5.0 ( #2800 )
2023-03-30 03:04:06 +00:00
dependabot[bot]
c219f04edc
🌱 Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 ( #2628 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](8f67e590f2...f82d6c1c34
2023-03-28 22:26:43 -07:00
dependabot[bot]
ed26d9b110
🌱 Bump actions/setup-go from 3.5.0 to 4.0.0 ( #2757 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...4d34df0c23
2023-03-28 21:15:21 -07:00
dependabot[bot]
497815daa8
🌱 Bump actions/stale from 6.0.1 to 8.0.0 ( #2793 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 6.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](5ebf00ea0e...1160a22402
2023-03-28 20:33:32 -07:00
dependabot[bot]
9358843a7f
🌱 Bump tj-actions/changed-files from 35.7.6 to 35.7.7 ( #2797 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.6 to 35.7.7.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](07f86bcdc4...db5dd7c176
2023-03-28 11:40:41 -05:00
dependabot[bot]
dde9aa1aef
🌱 Bump actions/dependency-review-action from 3.0.3 to 3.0.4 ( #2785 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](c090f4e553...f46c48ed6d
2023-03-27 10:45:32 -05:00
dependabot[bot]
ffdca54779
🌱 Bump github/codeql-action from 2.2.7 to 2.2.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.7 to 2.2.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](168b99b3c2...67a35a0858
2023-03-26 17:09:43 +00:00
dependabot[bot]
daeb90ec55
🌱 Bump actions/checkout from 3.3.0 to 3.4.0 ( #2767 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...24cb908017
2023-03-23 15:38:08 +00:00
dependabot[bot]
82f1dead19
🌱 Bump tj-actions/changed-files from 35.7.0 to 35.7.6 ( #2782 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.0 to 35.7.6.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](bd376fbcfa...07f86bcdc4
2023-03-23 05:25:39 -05:00
dependabot[bot]
dfc2439625
🌱 Bump github/codeql-action from 2.2.6 to 2.2.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.6 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16964e90ba...168b99b3c2
2023-03-17 17:47:54 +00:00
Naveen
c20ed9e8d4
🌱 Update .github/workflows/goreleaser.yaml ( #2755 )
...
- Update `goreleaser/goreleaser-action` to `v2.5.0`
- Remove GPG key import step and `GPG_FINGERPRINT` from environment variables
- Move `version_flags` to `GITHUB_OUTPUT`
[.github/workflows/goreleaser.yaml]
- Remove GPG key import step
- Update `goreleaser/goreleaser-action` to `v2.5.0`
- Remove `GPG_FINGERPRINT` from environment variables
- Move `version_flags` to `GITHUB_OUTPUT`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-03-15 11:37:55 -07:00
dependabot[bot]
0b45c903b8
🌱 Bump step-security/harden-runner from 2.2.0 to 2.2.1 ( #2753 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](c8454efe5d...1f99358870
2023-03-15 11:15:08 -05:00
dependabot[bot]
23bd295ed8
🌱 Bump github/codeql-action from 2.2.4 to 2.2.6 ( #2741 )
2023-03-14 20:28:41 +00:00
dependabot[bot]
2e04214e4c
🌱 Bump tj-actions/changed-files from 35.6.2 to 35.7.0
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.6.2 to 35.7.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5ce975c602...bd376fbcfa
2023-03-14 14:16:11 +00:00
dependabot[bot]
e36b590f9d
🌱 Bump actions/cache from 3.3.0 to 3.3.1 ( #2740 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](940f3d7cf1...88522ab9f3
2023-03-14 08:59:20 -05:00
raghavkaul
110e352273
✨ Gitlab support: RepoClient ( #2655 )
...
* Add make targets and E2E test target for GitLab only
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add GitLab support to RepoClient
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Build
* Make target for e2e-gitlab-token
* Only run Gitlab tests in CI that don't require a token
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove spurious printf
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* 🐛 Check OSS Fuzz build file for Fuzzing check (#2719 )
* Check OSS-Fuzz using project list
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Use clients.RepoClient interface to perform the new OSS Fuzz check
Signed-off-by: Spencer Schrock <sschrock@google.com>
* wip: add eager client for better repeated lookup of projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Split lazy and eager behavior into different implementations.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests and benchmarks
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Switch to always parsing JSON to determine if a project is present. The other approach of looking for a substring match would lead to false positives.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add eager constructor to surface status file errors sooner.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Switch existing users to new OSS Fuzz client
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Mark old method as deprecated in the godoc
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unused comment.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Use new OSS Fuzz client in e2e test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix typo.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Fix potential path bug with test server.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Force include the two JSON files which were being ignored by .gitignore
Signed-off-by: Spencer Schrock <sschrock@google.com>
* trim the status json file
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2023-03-13 11:13:50 -04:00
dependabot[bot]
a7e81bbcf3
🌱 Bump actions/cache from 3.2.6 to 3.3.0 ( #2738 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.6 to 3.3.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](69d9d449ac...940f3d7cf1
2023-03-10 08:20:28 -06:00
dependabot[bot]
b5254fea7c
🌱 Bump tj-actions/changed-files from 35.6.1 to 35.6.2 ( #2736 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.6.1 to 35.6.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](04124efe75...5ce975c602
2023-03-09 09:11:18 -06:00
dependabot[bot]
d708c6c580
🌱 Bump tj-actions/changed-files from 35.5.4 to 35.6.1
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.5.4 to 35.6.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](74338865c1...04124efe75
2023-03-07 16:57:14 +00:00
dependabot[bot]
82a122bc00
🌱 Bump sigstore/cosign-installer from 2.8.1 to 3.0.1
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.8.1 to 3.0.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](9becc61764...c3667d9942
2023-03-02 17:36:15 +00:00
dependabot[bot]
35a7dd5b25
🌱 Bump kubernetes-sigs/kubebuilder-release-tools
...
Bumps [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ) from 0.1.1 to 0.3.0.
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](4777888c37...4f3d1085b4
2023-02-26 19:27:28 +00:00
dependabot[bot]
c7e362d682
🌱 Bump step-security/harden-runner from 2.1.0 to 2.2.0
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](18bf8ad2ca...c8454efe5d
2023-02-26 19:01:04 +00:00
dependabot[bot]
db6a26eb46
🌱 Bump actions/cache from 3.2.3 to 3.2.6
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.3 to 3.2.6.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](58c146cc91...69d9d449ac
2023-02-22 16:46:45 +00:00
dependabot[bot]
047c01424d
🌱 Bump github/codeql-action from 2.2.3 to 2.2.4 ( #2676 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8775e86802...17573ee1cc
2023-02-18 07:02:45 -06:00
Naveen
559b71b496
Invite @raghavkaul as maintainer ( #2663 )
...
- Add @raghavkaul as a CODEOWNERS file reviewer
- Update the CODEOWNERS file
[.github/CODEOWNERS]
- Add @raghavkaul to CODEOWNERS file
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-02-16 15:07:41 +00:00
dependabot[bot]
353e2c6ce6
🌱 Bump tj-actions/changed-files from 35.5.0 to 35.5.4 ( #2674 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.5.0 to 35.5.4.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](db3ea27a0c...74338865c1
2023-02-16 08:55:48 -06:00
Spencer Schrock
c9f582b620
Limit integration tests to ones that work with the GITHUB_TOKEN. ( #2672 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-02-15 15:09:54 -08:00
dependabot[bot]
93900aca36
🌱 Bump github/codeql-action from 2.2.0 to 2.2.3 ( #2649 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](436dbd9100...8775e86802
2023-02-09 09:15:51 +00:00
dependabot[bot]
8115756259
🌱 Bump peter-evans/find-comment from 2.1.0 to 2.2.1 ( #2641 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 2.1.0 to 2.2.1.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](f4499a714d...85a676a525
2023-02-06 02:44:34 -06:00
dependabot[bot]
ac008ece9c
🌱 Bump tj-actions/changed-files from 35.4.4 to 35.5.0 ( #2635 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.4.4 to 35.5.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](57d9664f8e...db3ea27a0c
2023-02-03 09:34:43 -06:00
dependabot[bot]
4ebe521141
🌱 Bump github/codeql-action from 2.1.39 to 2.2.0 ( #2618 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...436dbd9100
2023-01-27 08:22:12 -06:00
dependabot[bot]
3f372e9af1
🌱 Bump tj-actions/changed-files from 35.4.1 to 35.4.4
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.4.1 to 35.4.4.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](487675b843...57d9664f8e
2023-01-24 17:17:00 +00:00
dependabot[bot]
99398db46d
🌱 Bump github/codeql-action from 2.1.38 to 2.1.39 ( #2607 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](515828d974...a34ca99b46
2023-01-24 10:10:58 -06:00
Spencer Schrock
9385905804
Revert "perf.: run integration tests only on approved PRs ( #2609 )" ( #2612 )
...
This reverts commit a29182d3f2
2023-01-23 19:53:23 +00:00
Siddhant Khare
a29182d3f2
perf.: run integration tests only on approved PRs ( #2609 )
...
Signed-off-by: Siddhant Khare <Siddhantkhare2694@gmail.com>
Signed-off-by: Siddhant Khare <Siddhantkhare2694@gmail.com>
2023-01-21 17:33:53 +00:00
dependabot[bot]
6112c07341
🌱 Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 ( #2539 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 3.2.0 to 4.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b508e2e3ef...8f67e590f2
2023-01-20 10:27:36 -06:00
dependabot[bot]
f1ca6d711e
🌱 Bump actions/cache from 3.0.11 to 3.2.3 ( #2599 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.11 to 3.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](9b0c1fce7a...58c146cc91
2023-01-18 17:01:23 -06:00
dependabot[bot]
9c49fbfc07
🌱 Bump step-security/harden-runner from 2.0.0 to 2.1.0 ( #2604 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](ebacdc22ef...18bf8ad2ca
2023-01-18 11:31:15 -06:00
dependabot[bot]
1b5bdb4ef5
🌱 Bump actions/upload-artifact from 3.1.1 to 3.1.2 ( #2601 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](83fd05a356...0b7f8abb15
2023-01-17 16:13:18 +00:00
dependabot[bot]
67daaccd87
🌱 Bump tj-actions/changed-files from 35.2.0 to 35.4.1 ( #2598 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.2.0 to 35.4.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](392359fc8c...487675b843
2023-01-16 08:04:05 -06:00
dependabot[bot]
fc299e3335
🌱 Bump actions/dependency-review-action from 3.0.2 to 3.0.3 ( #2585 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0ff3da6f81...c090f4e553
2023-01-16 11:10:07 +11:00
dependabot[bot]
4a9c77427b
🌱 Bump github/codeql-action from 2.1.36 to 2.1.38 ( #2597 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.36 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a669cc5936...515828d974
2023-01-13 09:57:47 -06:00
dependabot[bot]
a2bc29a7a3
🌱 Bump actions/checkout from 3.2.0 to 3.3.0 ( #2583 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
2023-01-06 17:04:10 +00:00
dependabot[bot]
7c0edac8fb
🌱 Bump nick-invision/retry from 2.8.2 to 2.8.3 ( #2576 )
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.8.2 to 2.8.3.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](3e91a01664...943e742917
2023-01-05 11:14:36 -06:00
dependabot[bot]
6ff06a378d
🌱 Bump actions/setup-go from 3.3.1 to 3.5.0 ( #2575 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.3.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](c4a742cab1...6edd4406fa
2023-01-02 11:00:51 -06:00
dependabot[bot]
72d4e98978
🌱 Bump tj-actions/changed-files from 35.1.0 to 35.2.0 ( #2574 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.1.0 to 35.2.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](0626c3f940...392359fc8c
2022-12-30 08:53:23 -06:00
dependabot[bot]
cf3a43fa88
🌱 Bump ossf/scorecard-action from 2.1.1 to 2.1.2 ( #2570 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](15c10fcf1c...e38b1902ae
2022-12-27 16:20:32 -08:00
laurentsimon
90cdd98809
Disable scorecard on PRs ( #2571 )
...
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-12-27 11:31:00 -08:00
Spencer Schrock
6bf19d5bdb
🌱 Switch from paths-ignore to changed-files action to skip required checks. ( #2566 )
...
* Switch from paths-ignore to changed-files action. This allows doc only changes to pass CI, which are currently blocked waiting for these required checks which will never run due to the path filter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Pin checkout action. Disable redundant docker build on push to main since cloud build handles the images.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-12-27 09:18:25 -08:00
dependabot[bot]
376f465c11
🌱 Bump actions/dependency-review-action from 3.0.1 to 3.0.2 ( #2551 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](11310527b4...0ff3da6f81
2022-12-21 12:02:54 -08:00
dependabot[bot]
9efd21db31
🌱 Bump ossf/scorecard-action from 2.0.6 to 2.1.1 ( #2553 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...15c10fcf1c
2022-12-21 06:54:39 -08:00
dependabot[bot]
20cc4eee98
🌱 Bump actions/checkout from 3.1.0 to 3.2.0 ( #2537 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](93ea575cb5...755da8c3cf
2022-12-13 08:55:17 -06:00
dependabot[bot]
ac8c57580c
🌱 Bump github/codeql-action from 2.1.35 to 2.1.36 ( #2530 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2a92eb56d...a669cc5936
2022-12-09 10:05:06 -06:00
dependabot[bot]
f5e6f63f04
🌱 Bump actions/stale from 5.1.1 to 6.0.1 ( #2511 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 5.1.1 to 6.0.1.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](9c1b1c6e11...5ebf00ea0e
2022-12-06 10:37:16 -06:00
dependabot[bot]
045109e783
🌱 Bump github/codeql-action from 2.1.33 to 2.1.35 ( #2510 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.33 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](678fc3afe2...b2a92eb56d
2022-12-05 13:23:00 -06:00
laurentsimon
e2846c0ae7
Update goreleaser.yaml ( #2516 )
...
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-12-02 14:17:49 -06:00
Arnaud J Le Hors
2169bc44c7
Use new project name in Copyright notices ( #2505 )
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-12-01 15:08:48 -08:00
raghavkaul
4c7066e3b6
🌱 attestor: module -> subpackage ( #2464 )
...
* Enable cilint checking on attestor and fix cilint errors
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Make attestor a subpackage of scorecard
* Move e2e test
* Use scorecard logger
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-11-30 10:22:00 -08:00
dependabot[bot]
7df624229f
🌱 Bump peter-evans/find-comment from 2.0.1 to 2.1.0 ( #2497 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](b657a70ff1...f4499a714d
2022-11-29 09:18:07 -06:00
Naveen
fb07860d86
🌱 Included Gitlab token ( #2484 )
...
- Including Gitlab token for https://github.com/ossf/scorecard/pull/2280
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-11-23 17:41:22 -08:00
laurentsimon
e74e69f6cd
Enable scorecard run on pull request ( #2478 )
...
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-11-22 16:53:32 -06:00
Latortuga
f9f910d437
✨ Commit depth feature ( #2407 )
...
* 🌱 Bump actions/dependency-review-action from 2.4.1 to 2.5.1
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.1 to 2.5.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9c96258789...0efb1d1d84🌱 Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2397 )
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump cloud.google.com/go/pubsub from 1.25.1 to 1.26.0
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.25.1 to 1.26.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.25.1...pubsub/v1.26.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.73.1 to 0.74.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.73.1...v0.74.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.20.2 to 1.23.0 (#2409 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.20.2 to 1.23.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.20.2...v1.23.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.50.0...v1.50.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump goreleaser/goreleaser-action from 2.9.1 to 3.2.0 (#2363 )
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.1 to 3.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b953231f81...b508e2e3ef🌱 Bump github.com/goreleaser/goreleaser in /tools (#2373 )
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.11.5 to 1.12.3.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.11.5...v1.12.3 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* fix workflow (#2417 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Bump scorecard-action (#2416 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Fail unit-test job if codecov upload fails (#2415 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Enable comparison for alternative isText implementation (#2414 )
* use more performant IsText
Signed-off-by: Spencer Schrock <sschrock@google.com>
* AB test isText implementations
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add comparison env var to release test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* go mod tidy for attestor
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🐛 modify alternative isText to accept carriage returns (#2421 )
* modify IsText from golang.org/x/tools/godoc/util to accept carriage returns.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add TODO reminder to cleanup after release tests
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.23.0 to 1.24.0
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.23.0...v1.24.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.29 to 2.1.30
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8#2422 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ Improved Security Policy Check (#2195 )
* ✨ Improved Security Policy Check (#2137 )
* Examines and awards points for linked content (URLs / Emails)
* Examines and awards points for hints of disclosure and vulnerability practices
* Examines and awards points for hints of elaboration of timelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired Security Policy to correctly use linked content length for evaluation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* gofmt'ed changes
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired the case in the evaluation which was too sensitive to content length over the length of the linked content for urls and emails
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added unit test cases for the new content-based Security Policy checks
Signed-off-by: Scott Hissam <shissam@gmail.com>
* reverted the direct (mistaken) change to checks.md and updated the checks.yaml for generate-docs
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ Improved Security Policy Check (#2137 ) (revisted based on comments)
* replaced reason strings with log.Info & log.Warn (as seen in --show-details)
* internal assertion check for nil (*pinfo) and empty pfile
* internal switched to FileTypeText over FileTypeSource
* internal implement type SecurityPolicyInformationType/SecurityPolicyInformation revised SecurityPolicyData to support only one file
* revised expected unit-test results and revised unit-test to reflect the new SecurityPolicyData type
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; e2e tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed PR comments; added telemetry for policy hits in security policy file to track hits by line number
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflict with checks.yaml
Signed-off-by: Scott Hissam <shissam@gmail.com>
* updated raw results to emit all the raw information for the new security policy check
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflicts and lint errors with json_raw_results.go
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to reorganize security policy data struct to support the potential for multiple security policy files.
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Added logic to the security policy to process multiple security policy files only after future improvements to aggregating scoring across such files are designed. For now the security policy behaves as originally designed to stop once one of the expected policy files are found in the repo
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added comments regarding the capacity to support multiple policy files and removed unneeded break statements in the code
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to remove the dependency on the path in the filename from the code and introduced FileSize to checker.File type and removed the SecurityContentLength which was used to hold that information for the new security policy assessment
Signed-off-by: Scott Hissam <shissam@gmail.com>
* restored reporting full security policy path and filename for policies found in the org level repos
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved conflicts in checks.yaml for documentation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
* removed whitespace before stanza for Run attestor e2e
Signed-off-by: Scott Hissam <shissam@gmail.com>
* resolved code review and doc review comments
Signed-off-by: Scott Hissam <shissam@gmail.com>
* repaired the link for the maintainer's guide for supporting the coordinated vulnerability disclosure guidelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.30 to 2.1.31 (#2431 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee#2433 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* modified tests,InitRepo Function, Added GetCommitDepth Function to Client Interface
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* removed getcommitdepth function
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added TODO
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 in /tools (#2436 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Code Review: treat merging a PR as code review (#2413 )
* Merges on Github count as a code review by the maintainer
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update Raw Results
* More detailed information for Changesets
* If there's no Revision ID, use the Commit SHA instead
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Check that pull request had atleast one reviewer that wasn't its author
* Add field for Pull Request Merged-By to Github and Gitlab
* Note, this check can be bypassed if an author opens a PR with other
people's commits
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Trivial: Fix typo (exepted -> expected) (#2440 )
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump step-security/harden-runner from 1.5.0 to 2.0.0 (#2443 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.5.0 to 2.0.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](2e205a28d0...ebacdc22ef🌱 cron: support reading prefix from file for controller input files (7/n) (#2445 )
* add prefix marker file to config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read the new config values, if they exist.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add function to fetch prefix file config value.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read prefix file if prefix not set.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests to verify how List works with various prefixes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests for getPrefix
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove panics from iterator helper functions
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Detect SECURITY.markdown in addition to SECURITY.md (#2447 )
GitHub probably supports many more file extensions for Markdown
files, but at the very least, `.md` and `.markdown` have been
standardized in RFC 7763.
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor (#2430 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 cron: expose the stackdriver prefix as a config variable so it can be changed. (#2446 )
* Expose the stackdriver prefix as a config variable so it can be changed.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* fix linter warning
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Only write to the rawBucket if the value exists. (#2451 )
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0 (#2448 )
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.2.0...v0.3.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump attestor modules
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Move cron monitoring to a non-internal location. (#2453 )
This allows external workers (e.g. criticality_score) to use the same
monitoring code.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#2455 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 3.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84...30d5821115🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents (#2454 )
* Generalize the transfer logic so it is easy to build new transfer agents
This change moves code that reads shards and produces summaries into the
data package so that it can be reused to create new transfer agents,
similar to the BigQuery transfer agent in cron/internal/bq.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* Lint fix and commentary.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/addlicense in /tools (#2459 )
Bumps [github.com/google/addlicense](https://github.com/google/addlicense ) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/google/addlicense/releases )
- [Changelog](https://github.com/google/addlicense/blob/master/.goreleaser.yaml )
- [Commits](https://github.com/google/addlicense/compare/v1.0.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/google/addlicense
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/go-containerregistry
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.12.0 to 0.12.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.12.0...v0.12.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* go mod tidy
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Added <= instead of == incase negative int is passed
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* missed test fix
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Latortuga <42878263+latortuga71@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: scott hissam <shissam@users.noreply.github.com>
Co-authored-by: Michael Scovetta <michael.scovetta@microsoft.com>
Co-authored-by: favonia <favonia@gmail.com>
Co-authored-by: Caleb Brown <calebbrown@google.com>
2022-11-22 16:11:36 +00:00
dependabot[bot]
555a7bf6b5
🌱 Bump actions/dependency-review-action from 3.0.0 to 3.0.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](30d5821115...11310527b4
2022-11-17 23:31:36 +00:00
dependabot[bot]
ca44cf8346
🌱 Bump github/codeql-action from 2.1.31 to 2.1.33 ( #2461 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.31 to 2.1.33.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c3b6fce4ee...678fc3afe2
2022-11-17 16:52:18 -06:00
