laurentsimon
3b7c46f779
✨ SLSA provenance/build ( #1702 )
...
* SLSA build
* missing files
* updates
* updates
* updates
* indent fix
* update
* update
* updates
* updates
* updates
* updates
2022-06-08 09:54:09 -07:00
laurentsimon
4bd3391a36
✨ Raw results for Pinned-Dependencies ( #1932 )
...
* backup
* update
* update
* draft
* updates
* updates
* updates
* updates
* fix
* linter
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* linter
* comments
* linter
* linter
* tests
* updates
* updates
* tests
2022-06-06 14:31:22 -07:00
laurentsimon
23523f6d09
Update publishimage.yml ( #1977 )
2022-06-01 16:42:23 -07:00
Naveen
0eeb0c20cd
🌱 Signing scorecard images using cosign ( #1970 )
...
* --wip-- [skip ci]
* 🌱 Signing scorecard images using cosign
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-31 16:42:32 +00:00
dependabot[bot]
4a88dac00f
🌱 Bump actions/cache from 3.0.2 to 3.0.3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](48af2dc4a9...30f413bfed
2022-05-31 16:14:24 +00:00
dependabot[bot]
1471c807da
🌱 Bump crazy-max/ghaction-import-gpg from 4.4.0 to 5
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.4.0 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](e00cb83a68...34ea557550
2022-05-27 16:31:07 +00:00
dependabot[bot]
a997c0abe1
🌱 Bump actions/setup-go from 3.1.0 to 3.2.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fcdc43634a...b22fbbc292
2022-05-27 16:08:17 +00:00
dependabot[bot]
b491e47611
🌱 Bump ossf/scorecard-action from 1.0.4 to 1.1.0 ( #1963 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...5c8bc69dc8
2022-05-26 18:26:59 +00:00
dependabot[bot]
d5e755cb08
🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](39e692fa32...a9c83d3af6
2022-05-24 13:54:08 +00:00
dependabot[bot]
108f88d056
🌱 Bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #1941 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6673cd052c...3cea537223
2022-05-23 06:41:30 -05:00
dependabot[bot]
fc7157e38a
🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 ( #1923 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](3f943b86c9...39e692fa32
2022-05-18 07:10:22 -05:00
dependabot[bot]
6406cfd4e3
🌱 Bump actions/setup-go from 3.0.0 to 3.1.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634a
2022-05-16 16:52:04 +00:00
dependabot[bot]
e97bf30ef6
🌱 Bump step-security/harden-runner from 1.4.2 to 1.4.3
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](34cbc43f0b...248ae51c2e
2022-05-02 08:45:02 -05:00
dependabot[bot]
5d8a277d76
🌱 Bump crazy-max/ghaction-import-gpg from 4.3.0 to 4.4.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](4d58d49bfe...e00cb83a68
2022-04-25 10:28:45 -05:00
dependabot[bot]
dbaba8a536
🌱 Bump step-security/harden-runner from 1.4.1 to 1.4.2
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/v1.4.1...34cbc43f0b10c9dda284e663cf43c2ebaf83e956 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 09:29:45 -05:00
dependabot[bot]
ee1086efd7
🌱 Bump codecov/codecov-action from 3.0.0 to 3.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814
2022-04-22 07:25:53 -05:00
dependabot[bot]
64bf903f36
🌱 Bump actions/checkout from 3.0.1 to 3.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](dcd71f6466...2541b1294d
2022-04-22 07:02:44 -05:00
naveensrinivasan
6ed6c9b70e
🌱 Publish images with ko
...
- Publish images with ko
https://github.com/ossf/scorecard/issues/744
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-18 10:40:05 -05:00
dependabot[bot]
6c59ff9bfe
🌱 Bump actions/checkout from 3.0.0 to 3.0.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a12a3943b4...dcd71f6466
2022-04-15 05:34:31 -05:00
laurentsimon
6a48f174ce
fix
2022-04-12 10:54:38 -05:00
laurentsimon
2873c0d58d
e2e for GITHUB_TOKEN
2022-04-12 10:54:38 -05:00
dependabot[bot]
fb0c0e1527
🌱 Bump actions/cache from 3.0.1 to 3.0.2
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](136d96b4ae...48af2dc4a9
2022-04-11 07:36:08 -05:00
naveensrinivasan
f9c2f9d79f
🌱 Dependency review action
...
Included the https://github.com/actions/dependency-review-action
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-09 14:09:42 -05:00
dependabot[bot]
4df16f3350
🌱 Bump codecov/codecov-action from 2.1.0 to 3
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
2022-04-07 14:55:05 +00:00
naveensrinivasan
761bb4e4b3
🌱 Fixes the golang version
...
Hopefully this fixes the make linter failures
https://github.com/ossf/scorecard/runs/5834278035?check_suite_focus=true
I noticed while trying to debug , which was using go 1.18 in the
workflow log.
Which made me decide to pin it to specific version of go 1.17.7
```
go env -w GOFLAGS=-mod=mod
make check-linter
shell: /usr/bin/bash -e {0}
env:
PROTOC_VERSION: 3.17.3
GOROOT: /opt/hostedtoolcache/go/1.18.0/x64
```
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-05 14:45:31 -05:00
naveensrinivasan
648b6634e6
🌱 Experimental option for codeql
...
- Included the experimental option for Codeql
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
2022-04-01 19:15:44 -05:00
naveensrinivasan
ab9769a4da
🌱 Fix protoc build failures
...
- Fix protoc build failures by retries
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-31 14:33:45 -05:00
dependabot[bot]
99ecdea2dd
🌱 Bump actions/cache from 3.0.0 to 3.0.1
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](4b0cf6cc46...136d96b4ae
2022-03-31 17:37:21 +00:00
cpanato
93889a8e70
install missing tool in add-projects job
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
cpanato
f1268bfaee
cleanup protoc version
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
Carlos Tadeu Panato Junior
92027ed41b
small cleanup on the workflow jobs and remove the master branch reference ( #1800 )
...
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-03-30 16:11:30 +00:00
Azeem Shaikh
6a078c68c2
Use GITHUB_TOKEN for downloading protoc ( #1797 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-03-29 13:55:45 -07:00
Guillaume Ross
682e6ea176
Explicit permissions for github actions
...
To improve OSSF Scorecard score on Scorecard repo
2022-03-29 10:29:08 -05:00
dependabot[bot]
10bd777ddf
🌱 Bump peter-evans/find-comment from 1.3.0 to 2
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1.3.0 to 2.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](d2dae40ed1...1769778a0c
2022-03-23 01:08:04 +00:00
dependabot[bot]
aecff0bc1b
🌱 Bump peter-evans/create-or-update-comment from 1.4.5 to 2
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 1.4.5 to 2.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](a35cf36e53...c9fcb64660
2022-03-22 23:36:02 +00:00
dependabot[bot]
c671bac37d
🌱 Bump peter-evans/slash-command-dispatch from 2.3.0 to 3
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.3.0 to 3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](40877f718d...2afb49dbaa
2022-03-22 22:59:08 +00:00
dependabot[bot]
28635662b8
🌱 Bump actions/upload-artifact from 2.3.1 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052c
2022-03-22 22:11:20 +00:00
dependabot[bot]
a69fda734d
🌱 Bump actions/cache from 2.1.7 to 3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases )
- [Commits](937d244753...4b0cf6cc46
2022-03-22 10:48:03 -05:00
Naveen
1c61acd325
Update main.yml
2022-03-21 09:00:27 -05:00
Naveen
8fd286d225
Update stale.yml
2022-03-21 09:00:27 -05:00
naveensrinivasan
76d3e10536
🌱 Restrict egress on github actions
...
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-21 09:00:27 -05:00
dependabot[bot]
64893b84a9
🌱 Bump step-security/harden-runner from 1.4.0 to 1.4.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](bdb12b622a...9b0655f430
2022-03-21 04:44:28 -05:00
Naveen
c8acf3645f
🌱 .github: Audit CodeQL egress with harden-runner ( #1728 )
2022-03-15 16:14:03 +00:00
dependabot[bot]
c8af71cf35
🌱 Bump crazy-max/ghaction-import-gpg from 4.2.0 to 4.3.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](b7c9a01276...4d58d49bfe
2022-03-15 05:11:38 -05:00
laurentsimon
3818dbe839
Update CODEOWNERS ( #1701 )
...
@inferno-chromium asked to be removed because he's not actively reviewing PRs anymore and his inbox is being bombarded :-)
cc @inferno-chromium
2022-03-02 16:21:38 +00:00
dependabot[bot]
189cdc5b9b
🌱 Bump actions/stale from 4.1.0 to 5
...
Bumps [actions/stale](https://github.com/actions/stale ) from 4.1.0 to 5.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](7fb802b307...3cc1237663
2022-03-02 09:03:04 -06:00
dependabot[bot]
23819152f8
🌱 Bump crazy-max/ghaction-import-gpg from 4.1.0 to 4.2.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](cb4264d331...b7c9a01276
2022-03-02 08:10:27 -06:00
dependabot[bot]
13b9cc5212
🌱 Bump actions/checkout from 2.4.0 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ec3a7ce113...a12a3943b4
2022-03-02 07:29:16 -06:00
dependabot[bot]
837729418a
🌱 Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](c127c9be61...b953231f81
2022-03-01 06:42:36 -06:00
dependabot[bot]
dd9ae7df99
🌱 Bump actions/setup-go from 2.2.0 to 3
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](bfdd3570ce...f6164bd8c8
2022-03-01 06:33:03 -06:00
