Latortuga
f9f910d437
✨ Commit depth feature ( #2407 )
...
* 🌱 Bump actions/dependency-review-action from 2.4.1 to 2.5.1
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.1 to 2.5.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9c96258789...0efb1d1d84
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* commit_depth feature
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added more descriptive comments, changed numberofcommits variable name, moved paging for commits into seperate function.
small changes
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
linter
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added unit tests
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
added test in e2e
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2397 )
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump cloud.google.com/go/pubsub from 1.25.1 to 1.26.0
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.25.1 to 1.26.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.25.1...pubsub/v1.26.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.73.1 to 0.74.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.73.1...v0.74.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.20.2 to 1.23.0 (#2409 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.20.2 to 1.23.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.20.2...v1.23.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.50.0...v1.50.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump goreleaser/goreleaser-action from 2.9.1 to 3.2.0 (#2363 )
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.1 to 3.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b953231f81...b508e2e3ef
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2373 )
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.11.5 to 1.12.3.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.11.5...v1.12.3 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* fix workflow (#2417 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Bump scorecard-action (#2416 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Fail unit-test job if codecov upload fails (#2415 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Enable comparison for alternative isText implementation (#2414 )
* use more performant IsText
Signed-off-by: Spencer Schrock <sschrock@google.com>
* AB test isText implementations
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add comparison env var to release test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* go mod tidy for attestor
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🐛 modify alternative isText to accept carriage returns (#2421 )
* modify IsText from golang.org/x/tools/godoc/util to accept carriage returns.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add TODO reminder to cleanup after release tests
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.23.0 to 1.24.0
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.23.0...v1.24.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.29 to 2.1.30
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* revert failing unit-test on ci error (#2422 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ Improved Security Policy Check (#2195 )
* ✨ Improved Security Policy Check (#2137 )
* Examines and awards points for linked content (URLs / Emails)
* Examines and awards points for hints of disclosure and vulnerability practices
* Examines and awards points for hints of elaboration of timelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired Security Policy to correctly use linked content length for evaluation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* gofmt'ed changes
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired the case in the evaluation which was too sensitive to content length over the length of the linked content for urls and emails
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added unit test cases for the new content-based Security Policy checks
Signed-off-by: Scott Hissam <shissam@gmail.com>
* reverted the direct (mistaken) change to checks.md and updated the checks.yaml for generate-docs
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ Improved Security Policy Check (#2137 ) (revisted based on comments)
* replaced reason strings with log.Info & log.Warn (as seen in --show-details)
* internal assertion check for nil (*pinfo) and empty pfile
* internal switched to FileTypeText over FileTypeSource
* internal implement type SecurityPolicyInformationType/SecurityPolicyInformation revised SecurityPolicyData to support only one file
* revised expected unit-test results and revised unit-test to reflect the new SecurityPolicyData type
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; e2e tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed PR comments; added telemetry for policy hits in security policy file to track hits by line number
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflict with checks.yaml
Signed-off-by: Scott Hissam <shissam@gmail.com>
* updated raw results to emit all the raw information for the new security policy check
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflicts and lint errors with json_raw_results.go
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to reorganize security policy data struct to support the potential for multiple security policy files.
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Added logic to the security policy to process multiple security policy files only after future improvements to aggregating scoring across such files are designed. For now the security policy behaves as originally designed to stop once one of the expected policy files are found in the repo
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added comments regarding the capacity to support multiple policy files and removed unneeded break statements in the code
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to remove the dependency on the path in the filename from the code and introduced FileSize to checker.File type and removed the SecurityContentLength which was used to hold that information for the new security policy assessment
Signed-off-by: Scott Hissam <shissam@gmail.com>
* restored reporting full security policy path and filename for policies found in the org level repos
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved conflicts in checks.yaml for documentation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
* removed whitespace before stanza for Run attestor e2e
Signed-off-by: Scott Hissam <shissam@gmail.com>
* resolved code review and doc review comments
Signed-off-by: Scott Hissam <shissam@gmail.com>
* repaired the link for the maintainer's guide for supporting the coordinated vulnerability disclosure guidelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.30 to 2.1.31 (#2431 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* enable more performant isText (#2433 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* modified tests,InitRepo Function, Added GetCommitDepth Function to Client Interface
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* removed getcommitdepth function
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added TODO
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 in /tools (#2436 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Code Review: treat merging a PR as code review (#2413 )
* Merges on Github count as a code review by the maintainer
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update Raw Results
* More detailed information for Changesets
* If there's no Revision ID, use the Commit SHA instead
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Check that pull request had atleast one reviewer that wasn't its author
* Add field for Pull Request Merged-By to Github and Gitlab
* Note, this check can be bypassed if an author opens a PR with other
people's commits
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Trivial: Fix typo (exepted -> expected) (#2440 )
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump step-security/harden-runner from 1.5.0 to 2.0.0 (#2443 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.5.0 to 2.0.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](2e205a28d0...ebacdc22ef
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 cron: support reading prefix from file for controller input files (7/n) (#2445 )
* add prefix marker file to config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read the new config values, if they exist.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add function to fetch prefix file config value.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read prefix file if prefix not set.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests to verify how List works with various prefixes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests for getPrefix
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove panics from iterator helper functions
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Detect SECURITY.markdown in addition to SECURITY.md (#2447 )
GitHub probably supports many more file extensions for Markdown
files, but at the very least, `.md` and `.markdown` have been
standardized in RFC 7763.
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor (#2430 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 cron: expose the stackdriver prefix as a config variable so it can be changed. (#2446 )
* Expose the stackdriver prefix as a config variable so it can be changed.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* fix linter warning
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Only write to the rawBucket if the value exists. (#2451 )
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0 (#2448 )
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.2.0...v0.3.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump attestor modules
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Move cron monitoring to a non-internal location. (#2453 )
This allows external workers (e.g. criticality_score) to use the same
monitoring code.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#2455 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 3.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84...30d5821115
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents (#2454 )
* Generalize the transfer logic so it is easy to build new transfer agents
This change moves code that reads shards and produces summaries into the
data package so that it can be reused to create new transfer agents,
similar to the BigQuery transfer agent in cron/internal/bq.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* Lint fix and commentary.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/addlicense in /tools (#2459 )
Bumps [github.com/google/addlicense](https://github.com/google/addlicense ) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/google/addlicense/releases )
- [Changelog](https://github.com/google/addlicense/blob/master/.goreleaser.yaml )
- [Commits](https://github.com/google/addlicense/compare/v1.0.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/google/addlicense
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/go-containerregistry
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.12.0 to 0.12.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.12.0...v0.12.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* go mod tidy
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Added <= instead of == incase negative int is passed
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* missed test fix
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Latortuga <42878263+latortuga71@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: scott hissam <shissam@users.noreply.github.com>
Co-authored-by: Michael Scovetta <michael.scovetta@microsoft.com>
Co-authored-by: favonia <favonia@gmail.com>
Co-authored-by: Caleb Brown <calebbrown@google.com>
2022-11-22 16:11:36 +00:00
dependabot[bot]
555a7bf6b5
🌱 Bump actions/dependency-review-action from 3.0.0 to 3.0.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](30d5821115...11310527b4
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-17 23:31:36 +00:00
dependabot[bot]
ca44cf8346
🌱 Bump github/codeql-action from 2.1.31 to 2.1.33 ( #2461 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.31 to 2.1.33.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c3b6fce4ee...678fc3afe2
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-17 16:52:18 -06:00
dependabot[bot]
439f90ac7d
🌱 Bump actions/dependency-review-action from 2.5.1 to 3.0.0 ( #2455 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 3.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84...30d5821115
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-14 08:47:45 -06:00
dependabot[bot]
9c07d1155c
🌱 Bump step-security/harden-runner from 1.5.0 to 2.0.0 ( #2443 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.5.0 to 2.0.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](2e205a28d0...ebacdc22ef
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-09 06:53:40 -08:00
dependabot[bot]
45528812cb
🌱 Bump github/codeql-action from 2.1.30 to 2.1.31 ( #2431 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-04 20:32:11 -05:00
scott hissam
9a85fad9c0
✨ Improved Security Policy Check ( #2195 )
...
* ✨ Improved Security Policy Check (#2137 )
* Examines and awards points for linked content (URLs / Emails)
* Examines and awards points for hints of disclosure and vulnerability practices
* Examines and awards points for hints of elaboration of timelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired Security Policy to correctly use linked content length for evaluation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* gofmt'ed changes
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired the case in the evaluation which was too sensitive to content length over the length of the linked content for urls and emails
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added unit test cases for the new content-based Security Policy checks
Signed-off-by: Scott Hissam <shissam@gmail.com>
* reverted the direct (mistaken) change to checks.md and updated the checks.yaml for generate-docs
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ Improved Security Policy Check (#2137 ) (revisted based on comments)
* replaced reason strings with log.Info & log.Warn (as seen in --show-details)
* internal assertion check for nil (*pinfo) and empty pfile
* internal switched to FileTypeText over FileTypeSource
* internal implement type SecurityPolicyInformationType/SecurityPolicyInformation revised SecurityPolicyData to support only one file
* revised expected unit-test results and revised unit-test to reflect the new SecurityPolicyData type
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; e2e tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed PR comments; added telemetry for policy hits in security policy file to track hits by line number
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflict with checks.yaml
Signed-off-by: Scott Hissam <shissam@gmail.com>
* updated raw results to emit all the raw information for the new security policy check
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflicts and lint errors with json_raw_results.go
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to reorganize security policy data struct to support the potential for multiple security policy files.
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Added logic to the security policy to process multiple security policy files only after future improvements to aggregating scoring across such files are designed. For now the security policy behaves as originally designed to stop once one of the expected policy files are found in the repo
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added comments regarding the capacity to support multiple policy files and removed unneeded break statements in the code
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to remove the dependency on the path in the filename from the code and introduced FileSize to checker.File type and removed the SecurityContentLength which was used to hold that information for the new security policy assessment
Signed-off-by: Scott Hissam <shissam@gmail.com>
* restored reporting full security policy path and filename for policies found in the org level repos
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved conflicts in checks.yaml for documentation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
* removed whitespace before stanza for Run attestor e2e
Signed-off-by: Scott Hissam <shissam@gmail.com>
* resolved code review and doc review comments
Signed-off-by: Scott Hissam <shissam@gmail.com>
* repaired the link for the maintainer's guide for supporting the coordinated vulnerability disclosure guidelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
2022-11-04 14:35:44 -07:00
Spencer Schrock
d67fcbab59
revert failing unit-test on ci error ( #2422 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-11-04 09:11:44 -07:00
dependabot[bot]
6a00f92156
🌱 Bump github/codeql-action from 2.1.29 to 2.1.30
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-03 13:46:47 +00:00
Spencer Schrock
fba72f8974
Fail unit-test job if codecov upload fails ( #2415 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-11-01 19:13:07 -07:00
Spencer Schrock
9ae801fb11
Bump scorecard-action ( #2416 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-11-01 15:16:22 -07:00
Spencer Schrock
d8737fde18
fix workflow ( #2417 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-11-01 14:11:50 -07:00
raghavkaul
a8f98be924
✨ CLI for scorecard-attestor ( #2309 )
...
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-11-01 18:30:17 +00:00
dependabot[bot]
a45b506ac0
🌱 Bump goreleaser/goreleaser-action from 2.9.1 to 3.2.0 ( #2363 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.1 to 3.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b953231f81...b508e2e3ef
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-30 11:18:02 -05:00
dependabot[bot]
b878d2d1a5
🌱 Bump actions/dependency-review-action from 2.4.1 to 2.5.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.1 to 2.5.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9c96258789...0efb1d1d84
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-26 20:37:38 +00:00
dependabot[bot]
4c43f61de9
🌱 Bump github/codeql-action from 2.1.28 to 2.1.29
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.28 to 2.1.29.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cc7986c02b...ec3cf9c605
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-26 18:39:24 +00:00
dependabot[bot]
e4f84df788
🌱 Bump peter-evans/create-or-update-comment from 2.0.1 to 2.1.0
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](2b2c85d0bf...5adcb0bb0f
)
---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-26 16:34:09 +00:00
dependabot[bot]
9e2eafc3ae
🌱 Bump sigstore/cosign-installer from 2.7.0 to 2.8.1 ( #2402 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.7.0 to 2.8.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](ced07f21fb...9becc61764
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-26 08:59:37 -05:00
dependabot[bot]
d56e2b840d
🌱 Bump actions/setup-go from 3.3.0 to 3.3.1 ( #2400 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](268d8c0ca0...c4a742cab1
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-26 07:14:09 +00:00
dependabot[bot]
13cd222a88
🌱 Bump actions/upload-artifact from 3.1.0 to 3.1.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](3cea537223...83fd05a356
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-25 19:04:50 +00:00
dependabot[bot]
b3439c15ec
🌱 Bump github/codeql-action from 2.1.27 to 2.1.28 ( #2398 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.27 to 2.1.28.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](807578363a...cc7986c02b
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:21:02 -07:00
dependabot[bot]
078d23ca53
🌱 Bump peter-evans/find-comment from 2.0.0 to 2.0.1 ( #2387 )
...
* 🌱 Bump peter-evans/find-comment from 2.0.0 to 2.0.1
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](1769778a0c...b657a70ff1
)
Signed-off-by: Spencer Schrock <sschrock@google.com>
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump version comment
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2022-10-25 03:19:22 +00:00
dependabot[bot]
2c40753c6d
🌱 Bump crazy-max/ghaction-import-gpg from 5.1.0 to 5.2.0 ( #2386 )
...
* 🌱 Bump crazy-max/ghaction-import-gpg from 5.1.0 to 5.2.0
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Commits](c8bb57c57e...111c56156b
)
Signed-off-by: Spencer Schrock <sschrock@google.com>
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* version comment bump
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2022-10-25 02:12:38 +00:00
dependabot[bot]
4d0b374d03
🌱 Bump nick-invision/retry from 2.8.1 to 2.8.2 ( #2359 )
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.8.1 to 2.8.2.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](b4fa57557d...3e91a01664
)
---
updated-dependencies:
- dependency-name: nick-invision/retry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 00:25:15 +00:00
Spencer Schrock
93f3d93749
🌱 Manual bump every docker distroless:base to 99133cb
( #2392 )
...
* Reduce docker updates to weekly
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Bump all dockers to 99133cb
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-10-24 18:43:46 +00:00
Gabriela Gutierrez
d5fa5d1eff
fix: Replace deprecated set-output with GITHUB_OUTPUT ( #2384 )
...
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2022-10-22 15:42:25 +00:00
dependabot[bot]
fa6ccebea0
🌱 Bump actions/cache from 3.0.10 to 3.0.11 ( #2351 )
...
* 🌱 Bump actions/cache from 3.0.10 to 3.0.11
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.10 to 3.0.11.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](56461b9eb0...9b0c1fce7a
)
Signed-off-by: Spencer Schrock <sschrock@google.com>
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump version comment
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2022-10-22 03:04:47 +00:00
dependabot[bot]
94187db06d
🌱 Bump peter-evans/create-or-update-comment from 2.0.0 to 2.0.1 ( #2360 )
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](c9fcb64660...2b2c85d0bf
)
---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-21 18:43:07 -07:00
Spencer Schrock
6558626f94
Disable auto rebasing when PR merged ( #2378 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-10-21 10:44:03 -07:00
dependabot[bot]
7f214bf2eb
🌱 Bump actions/dependency-review-action from 2.4.0 to 2.4.1 ( #2345 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](375c537008...9c96258789
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-13 08:43:18 -05:00
dependabot[bot]
83db8ba313
🌱 Bump github/codeql-action from 2.1.26 to 2.1.27 ( #2336 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.26 to 2.1.27.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e0e5ded33c...807578363a
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-09 18:20:38 +00:00
Naveen
53e9246681
🌱 Migrate to go 1.19 ( #2332 )
...
- Migrate to go 1.19
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-10-06 21:09:38 -04:00
dependabot[bot]
b4d97f9598
🌱 Bump actions/checkout from 3.0.2 to 3.1.0 ( #2324 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.0.2...93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-04 16:29:22 -05:00
dependabot[bot]
2c16c8ff48
🌱 Bump actions/cache from 3.0.8 to 3.0.10 ( #2322 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.8 to 3.0.10.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](fd5de65bc8...56461b9eb0
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-04 07:48:40 -05:00
dependabot[bot]
b491f40d44
🌱 Bump github/codeql-action from 2.1.24 to 2.1.26
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.24 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](904260d7d9...e0e5ded33c
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-30 14:00:23 +00:00
dependabot[bot]
9b4a675f77
🌱 Bump step-security/harden-runner from 1.4.5 to 1.5.0 ( #2316 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.5 to 1.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](dd2c410b08...2e205a28d0
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-30 06:39:48 -05:00
dependabot[bot]
469374748e
🌱 Bump sigstore/cosign-installer from 2.6.0 to 2.7.0 ( #2300 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.6.0 to 2.7.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](f3c664df7a...ced07f21fb
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-27 19:20:15 +00:00
dependabot[bot]
37d873d512
🌱 Bump actions/dependency-review-action from 2.2.0 to 2.4.0
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.2.0 to 2.4.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](2b96ea7f03...375c537008
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-27 15:26:35 +00:00
Naveen
97df43bebe
🌱 Reduce the number of PR's opened by dependabot ( #2297 )
...
- Reduce the number of PR's opened by dependabot
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-09-22 23:23:03 +00:00
Azeem Shaikh
88e5ff7f11
Improve API limiting and cache ( #2294 )
...
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-09-22 16:25:54 -04:00
dependabot[bot]
a29813284f
🌱 Bump actions/dependency-review-action from 2.1.0 to 2.2.0 ( #2282 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](23d1ffffb6...2b96ea7f03
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-21 07:40:40 -05:00
dependabot[bot]
3629fd8d11
🌱 Bump github/codeql-action from 2.1.22 to 2.1.24
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.22 to 2.1.24.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b398f525a5...904260d7d9
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-19 17:22:31 +00:00
Naveen
9f67c4ead1
🌱 Invite @spencerschrock as maintainer ( #2269 )
...
- Invite @spencerschrock as a contributor to Scorecard
- Spencer has been participating and actively contributing https://github.com/ossf/allstar/issues/238
- Spencer has contributed 17 commits
https://github.com/ossf/scorecard/commits?author=spencerschrock and
some are significant changes.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-09-19 16:10:04 +00:00
dependabot[bot]
856d2ddfd6
🌱 Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 ( #2253 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](b3413d484c...f3c664df7a
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-12 07:41:56 -05:00
dependabot[bot]
7c66ae860f
🌱 Bump imjasonh/setup-ko from 0.5 to 0.6 ( #2231 )
...
Bumps [imjasonh/setup-ko](https://github.com/imjasonh/setup-ko ) from 0.5 to 0.6.
- [Release notes](https://github.com/imjasonh/setup-ko/releases )
- [Commits](78eea08f10...ace48d7935
)
---
updated-dependencies:
- dependency-name: imjasonh/setup-ko
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-07 05:04:19 -05:00
dependabot[bot]
ec15af5ec4
🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 ( #2227 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.21 to 2.1.22.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c7f292ea4f...b398f525a5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-02 14:36:21 +00:00
dependabot[bot]
fb630a8042
🌱 Bump github/codeql-action from 2.1.20 to 2.1.21 ( #2200 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.20 to 2.1.21.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7fee4ca032...c7f292ea4f
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-26 06:40:40 -05:00
dependabot[bot]
32d6ba2775
🌱 Bump actions/setup-go from 3.2.1 to 3.3.0 ( #2194 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](84cbf80943...268d8c0ca0
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-24 07:53:48 -05:00
dependabot[bot]
8b3793ac51
🌱 Bump github/codeql-action from 2.1.19 to 2.1.20 ( #2187 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.19 to 2.1.20.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f5d217be74...7fee4ca032
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-23 09:08:36 -05:00
dependabot[bot]
e2813b8e8d
🌱 Bump actions/cache from 3.0.7 to 3.0.8 ( #2184 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.7 to 3.0.8.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](a7c34adf76...fd5de65bc8
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-22 10:18:23 -05:00
dependabot[bot]
af2ee3d73f
🌱 Bump github/codeql-action from 1.0.0 to 2.1.19 ( #2178 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.0 to 2.1.19.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1...f5d217be74900c6ac8fbbe53f3c10376ba4e64da )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-20 14:58:53 +00:00
dependabot[bot]
25fd14dfe2
🌱 Bump actions/dependency-review-action from 2.0.4 to 2.1.0 ( #2176 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.0.4 to 2.1.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](94145f3150...23d1ffffb6
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19 08:45:15 -05:00
Azeem Shaikh
f7c0db7377
Update scorecard-action to v2:alpha ( #2171 )
2022-08-18 20:26:48 +00:00
dependabot[bot]
c86a1aad96
🌱 Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 ( #2167 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](09a077b27e...b3413d484c
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-17 11:08:01 -05:00
Naveen
10b6052acf
🌱 Upgrade to go 1.18 ( #2143 )
...
* 🌱 Upgrade to go 1.18
- Upgrade to go 1.18
- Updated the deps to avoid critical CVE's
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated dockerfile.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the linter issues.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the CVE dependencies
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Rmoved the cache which is changing between 1.17 and 1.18
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Rmoved the cache which is changing between 1.17 and 1.18
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated ko to latest
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed linter issue.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed linter issue.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-08-16 20:55:48 -05:00
laurentsimon
887facf3ca
Use generic generator for SLSA ( #2146 )
...
* update
* update
* update
* update
* update
* update
* update
* update
* update
* update
2022-08-17 00:27:03 +00:00
dependabot[bot]
6f4115d9f0
🌱 Bump step-security/harden-runner from 1.4.4 to 1.4.5 ( #2148 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](74b568e859...dd2c410b08
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-15 06:41:14 -07:00
dependabot[bot]
1e1bfabccf
🌱 Bump actions/cache from 3.0.6 to 3.0.7
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](f4278025ab...a7c34adf76
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:59:50 +00:00
Carlos Tadeu Panato Junior
83c07bfd32
🌱 github actions cleanup and set to get the latest go available ( #2135 )
...
* update slsa generator to 1.2.0 and use git hash
Signed-off-by: cpanato <ctadeu@gmail.com>
* update go to get always the latest available and general cleanup
Signed-off-by: cpanato <ctadeu@gmail.com>
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-08-10 08:44:33 -07:00
dependabot[bot]
0eb7cb2d74
🌱 Bump nick-invision/retry from 2.8.0 to 2.8.1 ( #2130 )
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](616fa81820...b4fa57557d
)
---
updated-dependencies:
- dependency-name: nick-invision/retry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-08 06:37:24 -10:00
dependabot[bot]
596a2e1ba4
🌱 Bump actions/cache from 3.0.5 to 3.0.6 ( #2127 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.5 to 3.0.6.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0865c47f36...f4278025ab
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-06 08:25:05 -05:00
dependabot[bot]
86eff21160
🌱 Bump nick-invision/retry from 2.6.0 to 2.8.0
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.6.0 to 2.8.0.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](7f8f3d9f0f...616fa81820
)
---
updated-dependencies:
- dependency-name: nick-invision/retry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-04 14:39:28 +00:00
dependabot[bot]
384c79d511
🌱 Bump actions/stale from 5.1.0 to 5.1.1 ( #2106 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](532554b8a8...9c1b1c6e11
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-28 09:25:15 -05:00
Azeem Shaikh
5fa75960db
Scorecard runs fail with any unrecognized steps ( #2103 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-07-27 22:32:37 +00:00
Azeem Shaikh
d7cb711207
Fix bug in Scorecard analysis CI ( #2099 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-07-27 14:09:28 -07:00
Azeem Shaikh
c581062fe7
Enable Scorecard badge ( #2097 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-07-27 19:04:07 +00:00
dependabot[bot]
4f30e02a24
🌱 Bump sigstore/cosign-installer from 2.4.1 to 2.5.0
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](48866aa521...09a077b27e
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-27 18:24:07 +00:00
dependabot[bot]
baedf84082
🌱 Bump imjasonh/setup-ko from 0.4 to 0.5 ( #2096 )
...
Bumps [imjasonh/setup-ko](https://github.com/imjasonh/setup-ko ) from 0.4 to 0.5.
- [Release notes](https://github.com/imjasonh/setup-ko/releases )
- [Commits](2c3450ca27...78eea08f10
)
---
updated-dependencies:
- dependency-name: imjasonh/setup-ko
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-27 12:44:30 -05:00
dependabot[bot]
8f96d6ba25
🌱 Bump crazy-max/ghaction-import-gpg from 5.0.0 to 5.1.0 ( #2091 )
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](34ea557550...c8bb57c57e
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-25 09:28:08 -05:00
dependabot[bot]
d77f59f0ef
🌱 Bump sigstore/cosign-installer from 1.2.1 to 2.4.1 ( #2021 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 1.2.1 to 2.4.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](f700e6fbba...48866aa521
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-23 05:42:10 -05:00
dependabot[bot]
96835aae83
🌱 Bump actions/stale from 5.0.0 to 5.1.0
...
Bumps [actions/stale](https://github.com/actions/stale ) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](3cc1237663...532554b8a8
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-23 04:13:36 +00:00
Carlos Tadeu Panato Junior
0e4f5db4e4
remove not used workflow ( #2089 )
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-07-22 06:39:59 -07:00
dependabot[bot]
59c06f00de
🌱 Bump ossf/scorecard-action from 1.1.0 to 1.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.0 to 1.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](5c8bc69dc8...ce330fde6b
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-16 17:41:23 +00:00
dependabot[bot]
4ff5b2b489
🌱 Bump actions/cache from 3.0.4 to 3.0.5 ( #2049 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](c3f1317a9e...0865c47f36
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-14 10:11:31 +00:00
dependabot[bot]
287ee7d319
🌱 Bump actions/dependency-review-action from 2.0.2 to 2.0.4 ( #2054 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.0.2 to 2.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](1c59cdf2a9...94145f3150
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-14 04:05:13 -05:00
dependabot[bot]
220c49d52b
🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 ( #2040 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](b22fbbc292...84cbf80943
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-07-12 22:22:25 +00:00
dependabot[bot]
e608741e58
🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](248ae51c2e...74b568e859
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-11 21:42:33 +00:00
raghavkaul
90ed090448
🌱 Build/test fixes: Install protoc and protoc-gen-go ( #2038 )
...
* Install protoc in validate-projects step
The `validate-projects` Makefile target depends on compilation of all go
binaries, including the protobuf generated go binaries
* Makefile: Cron build relies on `make install` for tools deps
* Add an explicit dependency to the build-proto steps
* Remove sleep
2022-07-11 20:02:22 +00:00
dependabot[bot]
f3e21fa970
🌱 Bump actions/cache from 3.0.3 to 3.0.4 ( #1988 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](30f413bfed...c3f1317a9e
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-08 15:48:42 +00:00
dependabot[bot]
f1dfbcb892
🌱 Bump actions/dependency-review-action from 1.0.2 to 2.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.2 to 2.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](a9c83d3af6...1c59cdf2a9
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-08 14:31:37 +00:00
Naveen
bc12ba6f78
🌱 Workaround for Protoc failures in GH Actions ( #2025 )
...
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-07-06 14:22:06 -04:00
laurentsimon
3b7c46f779
✨ SLSA provenance/build ( #1702 )
...
* SLSA build
* missing files
* updates
* updates
* updates
* indent fix
* update
* update
* updates
* updates
* updates
* updates
2022-06-08 09:54:09 -07:00
laurentsimon
4bd3391a36
✨ Raw results for Pinned-Dependencies ( #1932 )
...
* backup
* update
* update
* draft
* updates
* updates
* updates
* updates
* fix
* linter
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* linter
* comments
* linter
* linter
* tests
* updates
* updates
* tests
2022-06-06 14:31:22 -07:00
laurentsimon
23523f6d09
Update publishimage.yml ( #1977 )
2022-06-01 16:42:23 -07:00
Naveen
0eeb0c20cd
🌱 Signing scorecard images using cosign ( #1970 )
...
* --wip-- [skip ci]
* 🌱 Signing scorecard images using cosign
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-31 16:42:32 +00:00
dependabot[bot]
4a88dac00f
🌱 Bump actions/cache from 3.0.2 to 3.0.3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](48af2dc4a9...30f413bfed
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 16:14:24 +00:00
dependabot[bot]
1471c807da
🌱 Bump crazy-max/ghaction-import-gpg from 4.4.0 to 5
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.4.0 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](e00cb83a68...34ea557550
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 16:31:07 +00:00
dependabot[bot]
a997c0abe1
🌱 Bump actions/setup-go from 3.1.0 to 3.2.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fcdc43634a...b22fbbc292
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 16:08:17 +00:00
dependabot[bot]
b491e47611
🌱 Bump ossf/scorecard-action from 1.0.4 to 1.1.0 ( #1963 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...5c8bc69dc8
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 18:26:59 +00:00
dependabot[bot]
d5e755cb08
🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](39e692fa32...a9c83d3af6
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 13:54:08 +00:00
dependabot[bot]
108f88d056
🌱 Bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #1941 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6673cd052c...3cea537223
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-23 06:41:30 -05:00
dependabot[bot]
fc7157e38a
🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 ( #1923 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](3f943b86c9...39e692fa32
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-18 07:10:22 -05:00
dependabot[bot]
6406cfd4e3
🌱 Bump actions/setup-go from 3.0.0 to 3.1.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634a
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 16:52:04 +00:00
dependabot[bot]
e97bf30ef6
🌱 Bump step-security/harden-runner from 1.4.2 to 1.4.3
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](34cbc43f0b...248ae51c2e
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-02 08:45:02 -05:00
dependabot[bot]
5d8a277d76
🌱 Bump crazy-max/ghaction-import-gpg from 4.3.0 to 4.4.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](4d58d49bfe...e00cb83a68
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 10:28:45 -05:00
dependabot[bot]
dbaba8a536
🌱 Bump step-security/harden-runner from 1.4.1 to 1.4.2
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/v1.4.1...34cbc43f0b10c9dda284e663cf43c2ebaf83e956 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 09:29:45 -05:00
dependabot[bot]
ee1086efd7
🌱 Bump codecov/codecov-action from 3.0.0 to 3.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-22 07:25:53 -05:00
dependabot[bot]
64bf903f36
🌱 Bump actions/checkout from 3.0.1 to 3.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](dcd71f6466...2541b1294d
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-22 07:02:44 -05:00
naveensrinivasan
6ed6c9b70e
🌱 Publish images with ko
...
- Publish images with ko
https://github.com/ossf/scorecard/issues/744
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-18 10:40:05 -05:00
dependabot[bot]
6c59ff9bfe
🌱 Bump actions/checkout from 3.0.0 to 3.0.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a12a3943b4...dcd71f6466
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-15 05:34:31 -05:00
laurentsimon
6a48f174ce
fix
2022-04-12 10:54:38 -05:00
laurentsimon
2873c0d58d
e2e for GITHUB_TOKEN
2022-04-12 10:54:38 -05:00
dependabot[bot]
fb0c0e1527
🌱 Bump actions/cache from 3.0.1 to 3.0.2
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](136d96b4ae...48af2dc4a9
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-11 07:36:08 -05:00
naveensrinivasan
f9c2f9d79f
🌱 Dependency review action
...
Included the https://github.com/actions/dependency-review-action
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-09 14:09:42 -05:00
dependabot[bot]
4df16f3350
🌱 Bump codecov/codecov-action from 2.1.0 to 3
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 14:55:05 +00:00
naveensrinivasan
761bb4e4b3
🌱 Fixes the golang version
...
Hopefully this fixes the make linter failures
https://github.com/ossf/scorecard/runs/5834278035?check_suite_focus=true
I noticed while trying to debug , which was using go 1.18 in the
workflow log.
Which made me decide to pin it to specific version of go 1.17.7
```
go env -w GOFLAGS=-mod=mod
make check-linter
shell: /usr/bin/bash -e {0}
env:
PROTOC_VERSION: 3.17.3
GOROOT: /opt/hostedtoolcache/go/1.18.0/x64
```
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-05 14:45:31 -05:00
naveensrinivasan
648b6634e6
🌱 Experimental option for codeql
...
- Included the experimental option for Codeql
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
2022-04-01 19:15:44 -05:00
naveensrinivasan
ab9769a4da
🌱 Fix protoc build failures
...
- Fix protoc build failures by retries
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-31 14:33:45 -05:00
dependabot[bot]
99ecdea2dd
🌱 Bump actions/cache from 3.0.0 to 3.0.1
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](4b0cf6cc46...136d96b4ae
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-31 17:37:21 +00:00
cpanato
93889a8e70
install missing tool in add-projects job
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
cpanato
f1268bfaee
cleanup protoc version
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
Carlos Tadeu Panato Junior
92027ed41b
small cleanup on the workflow jobs and remove the master branch reference ( #1800 )
...
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-03-30 16:11:30 +00:00
Azeem Shaikh
6a078c68c2
Use GITHUB_TOKEN
for downloading protoc ( #1797 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-03-29 13:55:45 -07:00
Guillaume Ross
682e6ea176
Explicit permissions for github actions
...
To improve OSSF Scorecard score on Scorecard repo
2022-03-29 10:29:08 -05:00
dependabot[bot]
10bd777ddf
🌱 Bump peter-evans/find-comment from 1.3.0 to 2
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1.3.0 to 2.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](d2dae40ed1...1769778a0c
)
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-23 01:08:04 +00:00
dependabot[bot]
aecff0bc1b
🌱 Bump peter-evans/create-or-update-comment from 1.4.5 to 2
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 1.4.5 to 2.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](a35cf36e53...c9fcb64660
)
---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 23:36:02 +00:00
dependabot[bot]
c671bac37d
🌱 Bump peter-evans/slash-command-dispatch from 2.3.0 to 3
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.3.0 to 3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](40877f718d...2afb49dbaa
)
---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 22:59:08 +00:00
dependabot[bot]
28635662b8
🌱 Bump actions/upload-artifact from 2.3.1 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052c
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 22:11:20 +00:00
dependabot[bot]
a69fda734d
🌱 Bump actions/cache from 2.1.7 to 3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases )
- [Commits](937d244753...4b0cf6cc46
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 10:48:03 -05:00
Naveen
1c61acd325
Update main.yml
2022-03-21 09:00:27 -05:00
Naveen
8fd286d225
Update stale.yml
2022-03-21 09:00:27 -05:00
naveensrinivasan
76d3e10536
🌱 Restrict egress on github actions
...
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-21 09:00:27 -05:00
dependabot[bot]
64893b84a9
🌱 Bump step-security/harden-runner from 1.4.0 to 1.4.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](bdb12b622a...9b0655f430
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-21 04:44:28 -05:00
Naveen
c8acf3645f
🌱 .github: Audit CodeQL egress with harden-runner ( #1728 )
2022-03-15 16:14:03 +00:00
dependabot[bot]
c8af71cf35
🌱 Bump crazy-max/ghaction-import-gpg from 4.2.0 to 4.3.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](b7c9a01276...4d58d49bfe
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-15 05:11:38 -05:00
laurentsimon
3818dbe839
Update CODEOWNERS ( #1701 )
...
@inferno-chromium asked to be removed because he's not actively reviewing PRs anymore and his inbox is being bombarded :-)
cc @inferno-chromium
2022-03-02 16:21:38 +00:00
dependabot[bot]
189cdc5b9b
🌱 Bump actions/stale from 4.1.0 to 5
...
Bumps [actions/stale](https://github.com/actions/stale ) from 4.1.0 to 5.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](7fb802b307...3cc1237663
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 09:03:04 -06:00
dependabot[bot]
23819152f8
🌱 Bump crazy-max/ghaction-import-gpg from 4.1.0 to 4.2.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](cb4264d331...b7c9a01276
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 08:10:27 -06:00
dependabot[bot]
13b9cc5212
🌱 Bump actions/checkout from 2.4.0 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ec3a7ce113...a12a3943b4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 07:29:16 -06:00
dependabot[bot]
837729418a
🌱 Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](c127c9be61...b953231f81
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-01 06:42:36 -06:00
dependabot[bot]
dd9ae7df99
🌱 Bump actions/setup-go from 2.2.0 to 3
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](bfdd3570ce...f6164bd8c8
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-01 06:33:03 -06:00
dependabot[bot]
4635570f7c
🌱 Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.8.1 to 2.9.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](79d4afbba1...c127c9be61
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-28 06:37:46 -06:00
Stephen Augustus (he/him)
692c682f22
Refine copy for PR template and add a release-note
code fence ( #1678 )
...
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-02-24 22:37:34 -05:00
Azeem Shaikh
504f134416
Update scorecard-analysis.yml ( #1674 )
2022-02-23 21:08:46 -08:00
naveen
5dbc04a0c6
🌱 Avoid duplicate builds
...
Avoiding duplicate builds on main
https://github.community/t/how-to-trigger-an-action-on-push-or-pull-request-but-not-both/16662/2
2022-02-21 00:56:51 -06:00
dependabot[bot]
1306b34853
🌱 Bump ossf/scorecard-action from 1.0.3 to 1.0.4
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](b614d455ee...c1aec4ac82
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-18 07:38:26 -06:00
naveen
bba55d4257
🌱 Parallelize builds
...
- parallelize builds
2022-02-17 15:23:21 -06:00
naveen
1aff6db9f6
🌱 Ignore docker builds
...
- ignore docker builds for non-main branches
- ignore docker builds for *.md
2022-02-16 17:52:55 -06:00
Azeem Shaikh
de5224bbc5
Update e2e tests ( #1641 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 19:27:45 +00:00
naveen
35511342c8
🌱 Parallelize the builds
...
- Created a workflow with multiple jobs for each of the docker builds
- Created a workflow with multiple jobs for each of the ko builds
- Removed the reference to dockerbuild and kobuild in the build-targets
make target
- This should reduce the time required to finish the CI builds as it
makes it parallel.
2022-02-15 11:51:54 -06:00
dependabot[bot]
9b921f07c7
🌱 Bump actions/setup-go from 2.1.5 to 2.2.0 ( #1619 )
2022-02-10 10:13:56 +00:00
laurentsimon
61e52d4a65
update workflow ( #1617 )
2022-02-09 10:51:58 -08:00
Naveen
30fc06e4a8
Fixed the formatting issue
2022-02-07 15:15:57 -06:00
naveen
aaf7a9f208
🌱 Cache builds between runs
...
Cache builds between runs.
2022-02-07 11:52:36 -06:00
laurentsimon
7032b1910e
Ignore all files under testdata/ ( #1594 )
2022-02-02 19:17:21 +00:00
dependabot[bot]
9d38be486e
🌱 Bump ossf/scorecard-action from 1.0.2 to 1.0.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](c8416b0b2b...b614d455ee
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-01 12:12:33 -06:00
naveen
3d5a08d4fe
🌱 Included dependabot setting for tools
...
Included dependabot setting for tools module to get updates.
2022-01-26 18:20:31 -06:00
Stephen Augustus (he/him)
16c0d375d6
🌱 CODEOWNERS: Add Stephen Augustus (justaugustus) as maintainer ( #1530 )
...
* CODEOWNERS: Simplify maintainers
.github/workflows/* CODEOWNERS are effectively maintainers, but
with the current configuration, they are not being automatically
tagged for review for other file changes.
Here we simplify to `*`, in preparation for adding additional
maintainers.
(Maintainers have also been alpha-sorted.)
Signed-off-by: Stephen Augustus <foo@auggie.dev>
* CODEOWNERS: Add Stephen Augustus (justaugustus) as maintainer
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-01-25 20:33:27 -08:00
dependabot[bot]
19a73a4696
🌱 Bump ossf/scorecard-action from 1.0.1 to 1.0.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](e3e75cf2ff...c8416b0b2b
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-25 06:33:45 -06:00
naveen
026d98edf8
🌱 Included e2e coverage for codecov
2022-01-19 19:41:03 -06:00
naveen
2dcdbcd32b
🌱 Track code coverage
...
Track code coverage
https://github.com/ossf/scorecard/issues/986
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-19 16:29:31 -06:00
Azeem Shaikh
fc87431507
Add exemption to stale issue workflow ( #1486 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-01-18 14:45:35 -06:00
dependabot[bot]
b8e054ba9e
🌱 Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5df302e5e9...79d4afbba1
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-17 19:23:17 -06:00
dependabot[bot]
4837262895
🌱 Bump ossf/scorecard-action from 1.0.0 to 1.0.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](005020cb6a...e3e75cf2ff
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-17 09:07:59 -06:00
dependabot[bot]
361fbd0fc9
🌱 Bump ossf/scorecard-action from 0.0.2 to 1.0.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 0.0.2 to 1.0.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](5f4e3145c8...005020cb6a
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-14 07:45:26 -06:00
dependabot[bot]
1e821a1231
🌱 Bump ossf/scorecard-action from 0.0.1 to 0.0.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 0.0.1 to 0.0.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](175f59783f...5f4e3145c8
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-10 08:00:54 -06:00
dependabot[bot]
d6c8bb40d7
🌱 Bump ossf/scorecard-action ( #1435 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 5fc8ff3ee41559cbd1079b561414c8fe3272afab to 0.0.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](5fc8ff3ee4...175f59783f
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-06 17:33:31 +00:00
laurentsimon
f94bf80dda
Delete scorecard-policy.yml ( #1439 )
...
We no longer need this policy file.
2022-01-06 01:35:02 +00:00
dependabot[bot]
eef99b5ce0
🌱 Bump actions/setup-go from 2.1.4 to 2.1.5 ( #1407 )
2021-12-22 08:40:44 -06:00
dependabot[bot]
090ae4f0bb
🌱 Bump actions/stale from 4.0.0 to 4.1.0 ( #1384 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](cdf15f641a...7fb802b307
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-12-17 17:53:20 +00:00
Azeem Shaikh
26733c95be
Update timeout for retries ( #1403 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-16 10:25:35 -08:00
Azeem Shaikh
be7fe32866
Fix more retry breakages ( #1398 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-15 23:27:23 +00:00
Azeem Shaikh
bbbca2bd87
Fix retry workflow ( #1397 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-15 14:31:46 -08:00
naveen
a13b63eae2
🌱 Improves the ci-e2e with retries
2021-12-15 12:50:36 -06:00
Naveen
a0513aa877
Update stale.yml
2021-12-13 16:53:51 -06:00
Naveen
9c89717239
🌱 Fix the stale configuration. ( #1385 )
...
The number of issues and PR aren't getting attention and this will help
us with this.
2021-12-13 08:52:01 -08:00
laurentsimon
8cb4804c28
✨ Update action names ( #1346 )
...
* update action
* add schedule
* comments
* e2e fix
2021-12-03 02:17:00 +00:00
Varun Sharma
9ab2b20b07
Update verify.yml ( #1325 )
...
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-12-02 22:11:00 +00:00
Azeem Shaikh
aa558ff2f4
Add parallelism to improve build times ( #1342 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-02 12:20:27 -08:00
laurentsimon
fb3d483c7d
✨ Only run license check and not everything ( #1333 )
...
* remove make all
* pin
* fix
2021-12-01 14:10:42 +00:00
Varun Sharma
f9b9773e2f
🌱 Secure workflow stale.yml ( #1326 )
...
* Update stale.yml
* Update stale.yml
* Update stale.yml
* Update stale.yml
2021-11-23 23:33:49 +00:00
laurentsimon
67c5e933d0
fix ( #1318 )
2021-11-19 21:27:14 -08:00
asraa
730076fab1
🐛 fix dangerous workflow test and workflow parsing ( #1283 )
...
* fix dangerous workflow
Signed-off-by: Asra Ali <asraa@google.com>
* check if removing label comment fixes
Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-11-20 00:16:02 +00:00
Azeem Shaikh
10ee2c069f
Use pull_request_target
+ protected env for e2e ( #1308 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-11-19 15:48:31 -08:00
Evgeny Vereshchagin
b4e32052fe
ci: drop trailing whitespaces ( #1292 )
...
This should help to prevent various linters from complaining about
trailing whitespaces when the file is copy-pasted to other repositories:
```
.github/workflows/scorecard-analysis.yml:2: trailing whitespace.
+on:
.github/workflows/scorecard-analysis.yml:18: trailing whitespace.
+
.github/workflows/scorecard-analysis.yml:40: trailing whitespace.
+
```
2021-11-17 20:40:53 +00:00
Naveen
0339eeadc2
🌱 Fix integration test runs ( #1286 )
2021-11-17 03:36:39 +00:00
laurentsimon
b3ac52a06b
PR support ( #1227 )
2021-11-08 13:48:29 -08:00
Naveen
4ee366eb0f
🌱 Move docker build checks to ko ( #1214 )
...
Move the docker builds checks to ko
2021-11-08 15:55:58 +00:00
dependabot[bot]
6562cc1f44
🌱 Bump actions/checkout from 2.3.5 to 2.4.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1e204e9a92...ec3a7ce113
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-03 10:56:59 -05:00
laurentsimon
59edb12f2a
🐛 Use only olivekl@ in CODEOWNER ( #1212 )
...
* codeowner
* workflows
2021-11-02 19:44:01 +00:00
Romain Dauby
6467b31c4c
📖 Update CODEOWNERS ( #1189 )
...
* Update CODEOWNERS
* Add 2 code owners
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-10-29 08:36:51 -05:00
Azeem Shaikh
c73c5628ea
Fix GitHub workflows failing ( #1172 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-10-28 18:42:55 +00:00
naveen
aa634bd251
🌱 Fixes the broken e2e
...
Fixes for broken e2e
2021-10-26 20:11:21 -05:00
naveen
fd238d0e40
🌱 Fix goreleaser permission and flags
...
Fixes goreleaser flags issue and sets specific permission for
goreleaser.
2021-10-26 16:32:05 -05:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image ( #1127 )
...
* feat: add google/ko support for building/pusing container image
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
* feat: updates according to reviews
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2021-10-26 17:22:22 +00:00
dependabot[bot]
f38abc03be
🌱 Bump actions/checkout from 1 to 2.3.5 ( #1137 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 1 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v1...1e204e9a9253d643386038d443f96446fa156a97 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-19 19:28:58 +00:00
dependabot[bot]
b3874325f8
🌱 Bump goreleaser/goreleaser-action from 2.7.0 to 2.8.0 ( #1136 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5a54d7e660...5df302e5e9
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-10-18 15:23:28 +00:00
dependabot[bot]
a020b1632f
🌱 Bump crazy-max/ghaction-import-gpg from 4.0.0 to 4.1.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](8c43807e82...cb4264d331
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-10-18 08:05:46 -07:00
Naveen
aaa3512af7
🌱 Fix integration githubaction permissions ( #985 )
...
* Changed the integration GitHub action permissions to contents:read, pull-requests:write
2021-10-04 09:33:31 -05:00
dependabot[bot]
f63f07ddc5
🌱 Bump actions/github-script from 4.1.1 to 5 ( #1067 )
...
* 🌱 Bump actions/github-script from 4.1.1 to 5
Bumps [actions/github-script](https://github.com/actions/github-script ) from 4.1.1 to 5.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](deb7ae927c...441359b1a3
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update integration.yml
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-10-01 03:57:43 +00:00
laurentsimon
e60bf03d91
disable PR ( #1093 )
2021-10-01 00:13:47 +00:00
laurentsimon
83bb5af0ef
fix ( #1089 )
2021-09-29 23:19:44 +00:00
laurentsimon
b4e0ee2fe8
✨ Start support for action on PR ( #1085 )
...
* changes
* fix
* fix
* fix
* comment
* bug
2021-09-29 01:03:30 +00:00
laurentsimon
67a8e5f9f6
fix ( #1080 )
2021-09-28 15:49:29 +00:00
laurentsimon
676885f752
✨ Add scorecard analysis for dogfooding ( #1073 )
...
* fix
* fix
* updates
* fix
* comments
* fix
* test comment
2021-09-27 23:13:29 +00:00
Azeem Shaikh
1d3f3e3e77
gpg-private-key
in goreleaser (#1064 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-27 01:09:10 +00:00
dependabot[bot]
42e2b98a45
🌱 Bump actions/github-script from 4.1.0 to 4.1.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](f891eff651...deb7ae927c
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-09-24 10:43:16 -05:00
naveen
1e4f7232e8
🌱 Fixes permission for main.yml action
...
https://github.com/ossf/scorecard/issues/942
2021-09-15 16:30:36 -05:00
Naveen
af24ed4d7f
🌱 Included codeql check for GitHub Actions ( #988 )
...
Included codeql check for GitHub actions https://github.com/ossf/scorecard/issues/987
2021-09-09 23:02:11 +00:00
Naveen
a3d63bf324
🌱 Updated actions permission for codeql ( #964 )
...
* Updated the actions permissions for codeql from write to specific
settings. https://github.com/ossf/scorecard/issues/942
2021-09-07 08:52:14 -07:00
dependabot[bot]
942c4cfc25
🌱 Bump crazy-max/ghaction-import-gpg from 3.2.0 to 4 ( #971 )
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 3.2.0 to 4.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](1c6a9e9d35...8c43807e82
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-07 15:24:51 +00:00
Chris McGehee
29b7bd3885
Parsing GitHub Workflows should only happen on yaml files
2021-09-06 10:51:33 -05:00
dependabot[bot]
f55b86d662
🌱 Bump peter-evans/slash-command-dispatch from 2.2.1 to 2.3.0 ( #955 )
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](fc430081ad...40877f718d
)
---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-03 16:39:23 +00:00
flying-cow
1434977ac0
:sparkling: Upgraded to go 1.17
2021-09-01 18:31:44 -04:00
naveen
50fd921680
🌱 Fix the dependabot settings
2021-08-26 14:29:12 -05:00
dependabot[bot]
f2afdba107
🌱 Bump actions/setup-go from 2.1.3 to 2.1.4
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](37335c7bb2...331ce1d993
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-26 10:56:13 -05:00
Azeem Shaikh
b89808ff8c
Pin protoc by SHA ( #909 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 15:54:10 +00:00
Azeem Shaikh
cc30d54db2
Use arduino/setup-protoc
for installing Protoc ( #903 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 09:31:04 -04:00
dependabot[bot]
7bc2e00589
🌱 Bump peter-evans/find-comment from 1.2.0 to 1.3.0 ( #893 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](309ce798ba...d2dae40ed1
)
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-08-24 22:20:22 +00:00
laurentsimon
276155d1eb
✨ SARIF 4: Add support to output SARIF format ( #866 )
...
* draft1
* draft2
* draft
* draft 3
* typos
* unit tests
* fixes
* fixes
* related locs
* fixes
* version
* fixes
* linter/fix
* fixes
* linter
* gofmt -s
2021-08-23 21:31:33 +00:00
dependabot[bot]
42700ee940
🌱 Bump actions/github-script from 4.0.2 to 4.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 4.0.2 to 4.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](a3e7071a34...f891eff651
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-20 11:05:08 -05:00
Azeem Shaikh
6cc41359a9
Remove false log statement ( #835 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-11 04:09:13 +00:00
dependabot[bot]
a2e34ede98
🌱 Bump crazy-max/ghaction-import-gpg from 3.1.0 to 3.2.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](b0793c0060...1c6a9e9d35
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-10 10:03:06 -05:00
naveen
ef9880c7b3
🌱 Implemented ignore for license check
...
The license check was updated with the ignore files.
Fixed the issue https://github.com/ossf/scorecard/issues/767
2021-08-09 16:09:01 -05:00
Appu
8534836923
Also add version info to goreleaser ( #822 )
...
- shared configuration generation in ./scripts/version-ldflags
Signed-off-by: Appu Goundan <appu@google.com>
2021-08-09 18:22:30 +00:00
Naveen
91d3d82348
🌱 Fix the protobuf GitHub runner issue ( #801 )
...
Fixes the protobuf GitHub runner issue by cloning the repository and
installing it locally.
Source https://lukasjoswiak.com/github-actions-protobuf/
2021-08-02 23:52:57 +00:00
dependabot[bot]
a66b53ebe4
🌱 Bump peter-evans/slash-command-dispatch from 2.1.3 to 2.2.1 ( #735 )
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.1.3 to 2.2.1.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](72ab5a2e41...fc430081ad
)
---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-07-31 11:12:20 +00:00
dependabot[bot]
564b10946f
🌱 Bump goreleaser/goreleaser-action from 2.6.1 to 2.7.0 ( #762 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](ac067437f5...5a54d7e660
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-29 21:51:16 +00:00
Azeem Shaikh
851646d4db
Disable e2e tests temporarily ( #785 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 19:39:39 +00:00
laurentsimon
492d9cd29b
disable license check ( #784 )
2021-07-29 19:30:26 +00:00
dependabot[bot]
428a4d659c
🌱 Bump actions/stale from 3.0.19 to 4 ( #695 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 3.0.19 to 4.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](98ed4cb500...cdf15f641a
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-07-16 17:30:01 +00:00
naveen
a55d542e0d
🌱 Remove gitcache docker
...
Remove the gitcache docker image
2021-07-14 12:31:15 -05:00
naveen
219404e0b7
🌱 Removing gitcache
...
Removing gitcache
2021-07-13 01:03:21 -05:00
dependabot[bot]
18c3178a84
🌱 Bump codecov/codecov-action from 1.5.0 to 1.5.2 ( #558 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](a1ed4b322b...29386c70ef
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-06-28 22:19:47 -07:00
naveen
6aefe1b6ac
🌱 Fix broken e2e tests
...
* Changed the path for the frozen deps to look for within the
.github/worworkflows path
* Included license check to tools.go
* Removed the hard reference to ginkgo within the integration.yml
* The above fixes will fix the broken tests for scorecard.
Repo: github.com/ossf/scorecard
Frozen-Deps: Fail 10
go modules found: go.mod
!! frozen-deps/fetch-execute - .github/workflows/integration.yml is fetching an non-pinned dependency 'go get github.com/onsi/ginkgo/ginkgo@v1.14.2'
!! frozen-deps/fetch-execute - .github/workflows/main.yml is fetching an non-pinned dependency 'go install github.com/google/addlicense@latest'
2021-06-28 15:28:10 -05:00
Naveen
d998d56112
🌱 Fixes GitHub workflow failures ( #593 )
...
The validate and the e2e are failing because of the bug in golang
https://github.com/golang/go/issues/44129
This fix is a temporary workaround.
2021-06-20 15:48:21 -04:00
naveen
e7ea1a2b88
🌱 Fixes the broken PR Verifier
...
Reverted to the original permission.
2021-06-10 12:31:21 -04:00
naveen
28b1db9267
🌱 Fixes write permissions for ok-to-test
...
Allowed write permissions to action for commenting on the status of the
PR.
2021-06-07 12:49:11 -04:00
dependabot[bot]
b04df4e256
🌱 Bump goreleaser/goreleaser-action from 2.6.0 to 2.6.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](70eb4e573c...ac067437f5
)
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-31 09:14:30 -04:00
dependabot[bot]
df44a898cf
🌱 Bump goreleaser/goreleaser-action from 2.5.0 to 2.6.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5e15885530...70eb4e573c
)
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-27 15:55:27 -04:00
dependabot[bot]
947a075c7c
🌱 Bump github/codeql-action ( #482 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from cb5810848de15b695cd9ef3b559dd178c43c7df3 to 1.0.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cb5810848d...bc2cbe3983
)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-05-26 16:10:12 +00:00
dependabot[bot]
90e1aeb7ec
🌱 Bump actions/stale from 3.0.18 to 3.0.19 ( #470 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 3.0.18 to 3.0.19.
- [Release notes](https://github.com/actions/stale/releases )
- [Commits](3b3c3f03cd...98ed4cb500
)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-18 10:47:18 -04:00
laurentsimon
6367cc44f6
pin scorecard workflow depepdencies by hash ( #456 )
2021-05-14 16:59:05 -07:00
dependabot[bot]
53262f0368
🌱 Bump codecov/codecov-action from 1 to 1.5.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1 to 1.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v1.5.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 10:38:27 -05:00
dependabot[bot]
33c1e903a4
🌱 Bump actions/checkout from 2 to 2.3.4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 10:26:18 -05:00
dependabot[bot]
dd6c652db6
🌱 Bump actions/stale from 3 to 3.0.18
...
Bumps [actions/stale](https://github.com/actions/stale ) from 3 to 3.0.18.
- [Release notes](https://github.com/actions/stale/releases )
- [Commits](https://github.com/actions/stale/compare/v3...v3.0.18 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 09:34:55 -05:00
dependabot[bot]
775a36a393
🌱 Bump peter-evans/create-or-update-comment from 1 to 1.4.5
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 1 to 1.4.5.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v1...v1.4.5 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 09:30:11 -05:00
dependabot[bot]
35b62a9905
🌱 Bump peter-evans/find-comment from 1 to 1.2.0 ( #439 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1 to 1.2.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](https://github.com/peter-evans/find-comment/compare/v1...v1.2.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-12 13:29:05 +00:00
dependabot[bot]
9478fe3147
🌱 Bump goreleaser/goreleaser-action from 2 to 2.5.0 ( #441 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2 to 2.5.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Changelog](https://github.com/goreleaser/goreleaser-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v2...v2.5.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-12 09:24:03 -04:00
Naveen
14dfc45fae
🌱 Move the docker containers to gcr.io ( #419 )
...
* Included a build on push to master on gcr.io
* Updated the README with the gcr.io
* Removed the docker.yaml build push
2021-05-11 14:11:06 +00:00
dependabot[bot]
c1ef0900f2
🌱 Bump google-github-actions/setup-gcloud from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1 ( #425 )
...
* 🌱 Bump google-github-actions/setup-gcloud
Bumps [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud ) from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/google-github-actions/setup-gcloud/releases )
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/master/CHANGELOG.md )
- [Commits](94337306dd...daadedc81d
)
Signed-off-by: dependabot[bot] <support@github.com>
* Update integration.yml
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
2021-05-10 08:20:31 -07:00
naveen
a4768922a9
🌱 Removed the trivy scan
...
* Removed container using trivy as it is in gcr.io
2021-05-08 17:47:49 -05:00
laurentsimon
82d6c171bc
🐛 Pin workflow dependencies ( #417 )
...
* pin workflow dependencies
* comments
Co-authored-by: Abhishek Arya <inferno@chromium.org>
2021-05-07 18:35:57 -07:00
naveen
cd7231dd75
🌱 Cleanup dependabot config
2021-04-29 17:10:24 -05:00
naveen
a64426e369
🌱 Remove synk
...
Removing synk as per our discussion.
2021-04-29 12:32:21 -05:00
naveen
da2e7029c7
🌱 Update golangci version to 1.39
...
* Upgrade the golangci version to 1.39
* Changed the checkout depth
https://github.com/golangci/golangci-lint/issues/1088#issuecomment-801540792
2021-04-29 08:24:41 -05:00
naveen
872e9139d8
🐛 docker build for gitcache
...
* Fixed docker build for git cache
2021-04-26 10:01:50 -05:00
dependabot[bot]
bdf86e00c8
🌱 Bump actions/github-script from v3 to v4.0.2
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from v3 to v4.0.2.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v3...a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-26 08:30:49 -05:00
naveen
3d24435ba8
🌱 Fixing the docker build issue
2021-04-23 15:17:42 -04:00
Naveen
760e01fbb8
Revert " 🌱 Bump actions/github-script from v3 to v4.0.1"
...
This reverts commit 3ad35e3661
.
2021-04-23 11:53:17 -04:00
dependabot[bot]
3ad35e3661
🌱 Bump actions/github-script from v3 to v4.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from v3 to v4.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v3...85e88a66eaa831097093a3d278536947f2984d20 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-22 08:37:01 -04:00
naveen
c2236f68f8
🌱 Updated commit message for dependabot
...
* Updated commit message to have 🌱 prefix in dependabot PR.
2021-04-08 14:13:44 -05:00
nathannaveen
f5185e4bd6
🌱 included copyright headers.
2021-04-01 21:36:10 -05:00
Naveen
3e4432ceea
Update PULL_REQUEST_TEMPLATE.md
2021-03-24 17:11:02 -04:00
naveen
775a83a2f7
🌱 update dependabot for cron and scripts
...
The cron and scripts are based on go.mod. The dependabot settings are
updated to watch those folders.
2021-03-22 11:50:01 -04:00
naveen
8427362772
🌱 verifier to generate release notes
...
The verifier helps release notes generation.
https://github.com/kubernetes-sigs/kubebuilder-release-tools
https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/verify/main.go
2021-03-18 12:19:06 -04:00
naveen
88de2df279
Feat-Use synk to check cron-job security settings
...
Use synk to check for cron-job yaml for secuity misconfiguration.
2021-03-12 21:03:29 -05:00
naveen
3489c83404
Feat - Include synk check for k8s yaml
...
Synk has set of rules to validate the k8s yaml for insecure
configuration.
This action will validate the k8s yaml for insecure configuration.
2021-03-12 20:56:00 -05:00
naveen
248fda288e
Fix - docker builds for scorecard cron
...
Fixed the docker build for scorecard cron and as well as updated the
integration to test for the docker builds.
2021-03-05 13:14:33 -05:00
naveen
abb06c9dbc
feat- Reorganize the code structure
...
Reorganize the code structure for testing and maintenance.
Feat - Included http endpoint
2021-03-04 19:08:47 -05:00
Naveen
c5528dba94
Update issue templates ( #235 )
2021-03-04 03:30:32 +00:00
Naveen
3e979657bf
Implemented docker for gitcache ( #231 )
...
* Implemented caching the git folder instead of just a branch.
Implemented logging.
Refactored code.
* Feat - Implemented docker for gitcache
2021-03-04 03:22:17 +00:00
Naveen
b4c2e4fd13
feat - migrate to go 1.16 ( #233 )
...
Upgrade to go version 1.16
2021-03-03 18:56:29 +00:00
Naveen
f0ff62d9eb
Feat - Included dependabot for gitcache ( #232 )
2021-03-02 16:51:04 -08:00
naveen
7b192a0243
feat - Included tests for disk cache
...
Included tests for disk cache.
Cleaned up tests.
2021-02-26 15:46:21 -05:00
naveen
6f2a0f43f4
Fix - Output path for the test runs
2021-02-25 15:59:39 -05:00
naveen
a7174d8ad7
Feature - Include e2e tests for docker
...
Included e2e tests for docker.
Included .Dockerignore to ignore files.
Included Docker build in the Makefile.
2021-02-25 11:02:45 -05:00
naveen
cab29a2747
Feat- Use cloud buckets for caching
...
Use cloud buckets for httpcache.
The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
2021-02-24 11:17:50 -05:00
Naveen
79170187a2
Feat- Included dependabot for docker ( #213 )
2021-02-23 07:34:12 -08:00
Naveen
e0a02567fb
Fix - Cleanup the makefile targets ( #207 )
2021-02-21 23:35:39 +00:00
naveen
5018c5012c
Fix - GitHub bot message URL for ok-to-test
...
Fixed the incorrect URL to the ok-to-test bot message
2021-02-19 14:04:24 -05:00
dependabot[bot]
030ab1dbc5
Bump peter-evans/slash-command-dispatch from v1 to v2.1.3
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from v1 to v2.1.3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](https://github.com/peter-evans/slash-command-dispatch/compare/v1...72ab5a2e417e454aa8e89c43b28e36fe331e00a5 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-19 08:28:45 -05:00
naveen
1e93904a66
Fix - Remove the app reference for the slash token
2021-02-18 16:14:12 -05:00
naveen
9b4b8be7e0
Feature - ok-to-test in github action
2021-02-18 15:45:55 -05:00
naveen
f906f3f568
Feature - sign releases
2021-02-17 17:53:41 -05:00
naveen
ef4c8d0758
Fix - refactor the lint in the actions
2021-02-16 15:59:50 -05:00
naveen
51f017b206
Fix - ignore empty github token
2021-02-16 14:35:22 -05:00
naveen
db7bfcf342
Fix - golanglint-ci report only new issues
2021-02-16 14:23:03 -05:00
naveen
ce8e1e79ea
Feature - Include additional linters for golangci
...
Included additional linters for golangci. The new linters would be
reported existing issues.
2021-02-16 14:06:59 -05:00
dependabot[bot]
64660915d6
Bump golangci/golangci-lint-action from v2 to v2.4.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from v2 to v2.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...544d2efb307b3f205f34886f2787046abe7fb26e )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-15 08:48:59 -05:00
naveen
af2132e927
Fix- e2e tests to include the executable
...
Included e2e tests for the executable with JSON
2021-02-14 11:46:17 -05:00
naveen
cb7ee064b9
Feature - container scanning for scorecard
2021-02-12 17:01:58 -05:00
naveen
0b85e7e2e8
Fix - docker latest image
2021-02-11 16:32:07 -05:00
naveen
6dd3698be8
Fix - Fixes the e2e tests for PR's
2021-02-10 16:07:03 -05:00
naveen
7e158f80e5
Docker releases to GitHub Docker registry
...
This will release docker container to GitHub docker registry.
2021-02-09 10:54:01 -05:00
naveen
7ab314db7d
Fix - dependabot githubactions location
2021-02-06 14:22:06 -05:00
naveen
bcf8d0df92
Fix - dependabot yaml error
2021-02-06 12:49:11 -05:00
naveen
4ad4a4204b
Feature - enabled dependabot for githubactions
2021-02-06 12:33:46 -05:00
naveen
2a1463b315
Feature - Report codecoverage to codecov.io
2021-01-26 17:49:11 -05:00
naveen
c4c99cd676
feature - Included the e2e into the PR workflows
...
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.
Update the contributing doc with scopes of the personal access token.
Updated the workflow to include the e2e tests.
2021-01-13 13:04:22 -05:00
naveen
91bfea5c2f
feat - Close stale issues
...
Close stale issues.
2021-01-12 18:19:10 -05:00
Naveen
1700c3a348
feature - Pull request template ( #127 )
...
A standard pull request template
2021-01-08 11:36:05 -08:00
Naveen
9d4e5c0731
feature - CODEOWNERS for github branch protection feature ( #123 )
...
Included the codeowners for enabling branch protection "Require review from Code Owners"
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-01-05 12:53:35 -08:00
Naveen
b216a1e494
Feat - implemented goreleaser for releases ( #117 )
...
Implemented goreleaser for releasing the code to github.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-01-04 07:36:56 -06:00
Naveen
3df1191f7f
Create Dependabot config file ( #116 )
...
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2021-01-01 14:32:06 -06:00
naveen
a56f707350
Feat - Implemented Makefile and actions for PR
...
Implemented Makefile and actions for PR and push to validate fmt, go mod
tidy , go build and go test
2020-12-22 16:51:24 -05:00
Naveen
6549eccacc
Create codeql-analysis.yml ( #101 )
2020-12-22 07:27:02 -06:00