Naveen
44ad5f53ad
⚠️ Removing the error field from result ( #1853 )
...
- Removing the error field from result
- https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-22 23:22:43 +00:00
laurentsimon
1f3861b4cc
Update env variables in cron ( #1858 )
2022-04-22 20:21:08 +00:00
dependabot[bot]
ee1086efd7
🌱 Bump codecov/codecov-action from 3.0.0 to 3.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-22 07:25:53 -05:00
dependabot[bot]
64bf903f36
🌱 Bump actions/checkout from 3.0.1 to 3.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](dcd71f6466...2541b1294d
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-22 07:02:44 -05:00
laurentsimon
4622952c85
✨ Raw results for dangerous workflow ( #1849 )
...
* draft
* update
* update
* updates
* comments
* comments
* comments
2022-04-21 22:02:18 +00:00
dependabot[bot]
72e248694d
🌱 Bump contrib.go.opencensus.io/exporter/stackdriver
...
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver ) from 0.13.11 to 0.13.12.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases )
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.11...v0.13.12 )
---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-20 09:01:35 -05:00
naveensrinivasan
6ed6c9b70e
🌱 Publish images with ko
...
- Publish images with ko
https://github.com/ossf/scorecard/issues/744
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-18 10:40:05 -05:00
laurentsimon
f99e1a1552
✨ Schema for BQ table for raw results ( #1762 )
...
* Fix schemas
* updates
* updates
* Schema for BQ table of raw result
* update
* updates
* create utility function only
* update
* updates
* updates
* manifest
2022-04-15 16:35:01 +00:00
dependabot[bot]
9532e55ee9
🌱 Bump github.com/rhysd/actionlint from 1.6.11 to 1.6.12
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.11 to 1.6.12.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.11...v1.6.12 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-15 09:13:27 -05:00
dependabot[bot]
6c59ff9bfe
🌱 Bump actions/checkout from 3.0.0 to 3.0.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a12a3943b4...dcd71f6466
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-15 05:34:31 -05:00
dependabot[bot]
ebf0d10c33
🌱 Bump cloud.google.com/go/bigquery from 1.30.2 to 1.31.0
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.30.2 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.30.2...spanner/v1.31.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 09:00:34 -05:00
laurentsimon
4d1c531690
✨ Raw results for license ( #1790 )
...
* Raw results for license
* tests
* tests
* e2e fix
* comment
* fix
* linter
2022-04-13 18:20:05 -07:00
laurentsimon
c0e41f3a54
Update branches_e2e_test.go ( #1838 )
2022-04-13 16:45:07 -07:00
laurentsimon
410a145db2
fix ( #1837 )
2022-04-13 16:00:19 -07:00
Caleb Brown
b00b31646a
Split NewLogger into two so we can use a custom logrus instance.
2022-04-13 11:31:06 -05:00
laurentsimon
91202855fd
Fix e2e branch ( #1835 )
2022-04-13 09:16:38 -07:00
laurentsimon
eedd16d5be
linter
2022-04-12 10:54:38 -05:00
laurentsimon
6a48f174ce
fix
2022-04-12 10:54:38 -05:00
laurentsimon
4b2c677185
fix
2022-04-12 10:54:38 -05:00
laurentsimon
2873c0d58d
e2e for GITHUB_TOKEN
2022-04-12 10:54:38 -05:00
dependabot[bot]
a46313ca8a
🌱 Bump cloud.google.com/go/pubsub from 1.19.0 to 1.20.0
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.19.0...pubsub/v1.20.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-12 08:50:47 -05:00
dependabot[bot]
fb0c0e1527
🌱 Bump actions/cache from 3.0.1 to 3.0.2
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](136d96b4ae...48af2dc4a9
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-11 07:36:08 -05:00
naveensrinivasan
f9c2f9d79f
🌱 Dependency review action
...
Included the https://github.com/actions/dependency-review-action
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-09 14:09:42 -05:00
Azeem Shaikh
333618d0d2
Security-Policy
should not run on --local
(#1825 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-04-07 14:12:22 -05:00
dependabot[bot]
4df16f3350
🌱 Bump codecov/codecov-action from 2.1.0 to 3
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 14:55:05 +00:00
dependabot[bot]
b6575a2731
🌱 Bump github.com/rhysd/actionlint from 1.6.10 to 1.6.11
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.10 to 1.6.11.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.10...v1.6.11 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 14:38:43 +00:00
dependabot[bot]
8bc0fe5e83
🌱 Bump contrib.go.opencensus.io/exporter/stackdriver
...
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver ) from 0.13.10 to 0.13.11.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases )
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.10...v0.13.11 )
---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 13:45:47 +00:00
Azeem Shaikh
a1e908b6f0
Support Security-Policy
with --local
( #1822 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-04-06 18:39:19 -07:00
noamd
5860896619
detect workflow_run as a dangerous trigger
2022-04-06 07:22:54 -05:00
dependabot[bot]
606f28ad25
🌱 Bump sigs.k8s.io/release-utils from 0.5.0 to 0.6.0
...
Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/kubernetes-sigs/release-utils/releases )
- [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/release-utils
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-05 21:36:00 +00:00
naveensrinivasan
81133363f0
🌱 e2e for pinned_dependencies for localrepoclient
...
- e2e for pinned_dependencies for localrepoclient
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-05 16:15:17 -05:00
naveensrinivasan
b6b5592629
🌱 e2e for dangerous_workflow local repo
...
- e2e for dangerous_workflow for localrepoclient.
2022-04-05 15:21:52 -05:00
naveensrinivasan
761bb4e4b3
🌱 Fixes the golang version
...
Hopefully this fixes the make linter failures
https://github.com/ossf/scorecard/runs/5834278035?check_suite_focus=true
I noticed while trying to debug , which was using go 1.18 in the
workflow log.
Which made me decide to pin it to specific version of go 1.17.7
```
go env -w GOFLAGS=-mod=mod
make check-linter
shell: /usr/bin/bash -e {0}
env:
PROTOC_VERSION: 3.17.3
GOROOT: /opt/hostedtoolcache/go/1.18.0/x64
```
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-05 14:45:31 -05:00
dependabot[bot]
b42a175784
🌱 Bump gocloud.dev from 0.24.0 to 0.25.0
...
Bumps [gocloud.dev](https://github.com/google/go-cloud ) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/google/go-cloud/releases )
- [Commits](https://github.com/google/go-cloud/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: gocloud.dev
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-04 09:51:38 -05:00
naveensrinivasan
648b6634e6
🌱 Experimental option for codeql
...
- Included the experimental option for Codeql
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
2022-04-01 19:15:44 -05:00
laurentsimon
27dbf9c7e5
✨ Raw results for Signed-Release check ( #1789 )
...
* Raw results for Signed-Releases
* updates
* linter
2022-04-01 23:13:58 +00:00
naveensrinivasan
e8c633a41b
🌱 e2e tests for security policy localrepo
...
- Included e2e tests for security policy for localrepo client
https://github.com/ossf/scorecard/issues/1353
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-31 16:20:16 -05:00
naveensrinivasan
e5f5deb64e
🌱 e2e tests for local repoclient for permissions
...
- Included e2e tests for local repoclient for permissions.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-31 14:52:16 -05:00
naveensrinivasan
ab9769a4da
🌱 Fix protoc build failures
...
- Fix protoc build failures by retries
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-31 14:33:45 -05:00
dependabot[bot]
99ecdea2dd
🌱 Bump actions/cache from 3.0.0 to 3.0.1
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](4b0cf6cc46...136d96b4ae
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-31 17:37:21 +00:00
Carlos Tadeu Panato Junior
7dcb3cb3e2
✨ checks: add GitHub Webhook check ( #1675 )
...
* checks: add GitHub Webhook check
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* update per feedback
Signed-off-by: cpanato <ctadeu@gmail.com>
* add evaluation code
Signed-off-by: cpanato <ctadeu@gmail.com>
* add feature gate check
Signed-off-by: cpanato <ctadeu@gmail.com>
* fix lint
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 07:29:59 -07:00
cpanato
93889a8e70
install missing tool in add-projects job
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
cpanato
f1268bfaee
cleanup protoc version
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
dependabot[bot]
d10ac0dbb0
🌱 Bump cloud.google.com/go/bigquery from 1.30.1 to 1.30.2
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.30.1 to 1.30.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.30.1...bigquery/v1.30.2 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-31 05:02:41 -05:00
Carlos Tadeu Panato Junior
92027ed41b
small cleanup on the workflow jobs and remove the master branch reference ( #1800 )
...
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-03-30 16:11:30 +00:00
dependabot[bot]
389078c5d8
🌱 Bump cloud.google.com/go/bigquery from 1.30.0 to 1.30.1
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.30.0 to 1.30.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.30.0...spanner/v1.30.1 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-30 08:35:38 -05:00
dependabot[bot]
49564838f9
🌱 Bump github.com/onsi/gomega from 1.18.1 to 1.19.0
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.18.1 to 1.19.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.18.1...v1.19.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-29 22:15:55 +00:00
dependabot[bot]
c428e3181e
🌱 Bump distroless/base in /cron/worker
...
Bumps distroless/base from `792dfe7` to `764b74b`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-29 21:28:57 +00:00
Azeem Shaikh
6a078c68c2
Use GITHUB_TOKEN
for downloading protoc ( #1797 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-03-29 13:55:45 -07:00
dependabot[bot]
ce06ac1a7e
🌱 Bump distroless/base in /cron/webhook ( #1794 )
...
Bumps distroless/base from `792dfe7` to `764b74b`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-03-29 19:51:22 +00:00