ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-20 05:27:12 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
595 Commits 36 Branches 42 Tags 436 MiB
577061b5e3
Commit Graph

80 Commits

Author SHA1 Message Date
dependabot[bot]
564b10946f
🌱 Bump goreleaser/goreleaser-action from 2.6.1 to 2.7.0 (#762) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](ac067437f5...5a54d7e660)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-29 21:51:16 +00:00
Azeem Shaikh
851646d4db
Disable e2e tests temporarily (#785) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 19:39:39 +00:00
laurentsimon
492d9cd29b
disable license check (#784) 2021-07-29 19:30:26 +00:00
dependabot[bot]
428a4d659c
🌱 Bump actions/stale from 3.0.19 to 4 (#695) 
Bumps [actions/stale](https://github.com/actions/stale) from 3.0.19 to 4.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](98ed4cb500...cdf15f641a)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-16 17:30:01 +00:00
naveen
a55d542e0d 🌱 Remove gitcache docker 
Remove the gitcache docker image
 2021-07-14 12:31:15 -05:00
naveen
219404e0b7 🌱 Removing gitcache 
Removing gitcache
 2021-07-13 01:03:21 -05:00
dependabot[bot]
18c3178a84
🌱 Bump codecov/codecov-action from 1.5.0 to 1.5.2 (#558) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](a1ed4b322b...29386c70ef)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-28 22:19:47 -07:00
naveen
6aefe1b6ac 🌱 Fix broken e2e tests 
* Changed the path for the frozen deps to look for within the
.github/worworkflows path

* Included license check to tools.go

* Removed the hard reference to ginkgo within the integration.yml

* The above fixes will fix the broken tests for scorecard.

Repo: github.com/ossf/scorecard
Frozen-Deps: Fail 10
go modules found: go.mod
!! frozen-deps/fetch-execute - .github/workflows/integration.yml is fetching an non-pinned dependency 'go get github.com/onsi/ginkgo/ginkgo@v1.14.2'
!! frozen-deps/fetch-execute - .github/workflows/main.yml is fetching an non-pinned dependency 'go install github.com/google/addlicense@latest'
 2021-06-28 15:28:10 -05:00
Naveen
d998d56112
🌱 Fixes GitHub workflow failures (#593) 
The validate and the e2e are failing because of the bug in golang
https://github.com/golang/go/issues/44129

This fix is a temporary workaround.
 2021-06-20 15:48:21 -04:00
naveen
e7ea1a2b88 🌱 Fixes the broken PR Verifier 
Reverted to the original permission.
 2021-06-10 12:31:21 -04:00
naveen
28b1db9267 🌱 Fixes write permissions for ok-to-test 
Allowed write permissions to action for commenting on the status of the
PR.
 2021-06-07 12:49:11 -04:00
dependabot[bot]
b04df4e256 🌱 Bump goreleaser/goreleaser-action from 2.6.0 to 2.6.1 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](70eb4e573c...ac067437f5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-31 09:14:30 -04:00
dependabot[bot]
df44a898cf 🌱 Bump goreleaser/goreleaser-action from 2.5.0 to 2.6.0 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](5e15885530...70eb4e573c)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-27 15:55:27 -04:00
dependabot[bot]
947a075c7c
🌱 Bump github/codeql-action (#482) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from cb5810848de15b695cd9ef3b559dd178c43c7df3 to 1.0.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](cb5810848d...bc2cbe3983)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-26 16:10:12 +00:00
dependabot[bot]
90e1aeb7ec
🌱 Bump actions/stale from 3.0.18 to 3.0.19 (#470) 
Bumps [actions/stale](https://github.com/actions/stale) from 3.0.18 to 3.0.19.
- [Release notes](https://github.com/actions/stale/releases)
- [Commits](3b3c3f03cd...98ed4cb500)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-18 10:47:18 -04:00
laurentsimon
6367cc44f6
pin scorecard workflow depepdencies by hash (#456) 2021-05-14 16:59:05 -07:00
dependabot[bot]
53262f0368 🌱 Bump codecov/codecov-action from 1 to 1.5.0 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 1.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v1.5.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-12 10:38:27 -05:00
dependabot[bot]
33c1e903a4 🌱 Bump actions/checkout from 2 to 2.3.4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-12 10:26:18 -05:00
dependabot[bot]
dd6c652db6 🌱 Bump actions/stale from 3 to 3.0.18 
Bumps [actions/stale](https://github.com/actions/stale) from 3 to 3.0.18.
- [Release notes](https://github.com/actions/stale/releases)
- [Commits](https://github.com/actions/stale/compare/v3...v3.0.18)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-12 09:34:55 -05:00
dependabot[bot]
775a36a393 🌱 Bump peter-evans/create-or-update-comment from 1 to 1.4.5 
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 1 to 1.4.5.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v1...v1.4.5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-12 09:30:11 -05:00
dependabot[bot]
35b62a9905
🌱 Bump peter-evans/find-comment from 1 to 1.2.0 (#439) 
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment) from 1 to 1.2.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases)
- [Commits](https://github.com/peter-evans/find-comment/compare/v1...v1.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-12 13:29:05 +00:00
dependabot[bot]
9478fe3147
🌱 Bump goreleaser/goreleaser-action from 2 to 2.5.0 (#441) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2 to 2.5.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Changelog](https://github.com/goreleaser/goreleaser-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v2...v2.5.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-12 09:24:03 -04:00
Naveen
14dfc45fae
🌱 Move the docker containers to gcr.io (#419) 
* Included a build on push to master on gcr.io
  * Updated the README with the gcr.io
  * Removed the docker.yaml build push
 2021-05-11 14:11:06 +00:00
dependabot[bot]
c1ef0900f2
🌱 Bump google-github-actions/setup-gcloud from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1 (#425) 
* 🌱 Bump google-github-actions/setup-gcloud

Bumps [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/google-github-actions/setup-gcloud/releases)
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/master/CHANGELOG.md)
- [Commits](94337306dd...daadedc81d)

Signed-off-by: dependabot[bot] <support@github.com>

* Update integration.yml

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-05-10 08:20:31 -07:00
naveen
a4768922a9 🌱 Removed the trivy scan 
* Removed container  using trivy as it is in gcr.io
 2021-05-08 17:47:49 -05:00
laurentsimon
82d6c171bc
🐛 Pin workflow dependencies (#417) 
* pin workflow dependencies

* comments

Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-05-07 18:35:57 -07:00
naveen
cd7231dd75 🌱 Cleanup dependabot config 2021-04-29 17:10:24 -05:00
naveen
a64426e369 🌱 Remove synk 
Removing synk as per our discussion.
 2021-04-29 12:32:21 -05:00
naveen
da2e7029c7 🌱 Update golangci version to 1.39 
* Upgrade the golangci version to 1.39
* Changed the checkout depth
  https://github.com/golangci/golangci-lint/issues/1088#issuecomment-801540792
 2021-04-29 08:24:41 -05:00
naveen
872e9139d8 🐛 docker build for gitcache 
* Fixed docker build for git cache
 2021-04-26 10:01:50 -05:00
dependabot[bot]
bdf86e00c8 🌱 Bump actions/github-script from v3 to v4.0.2 
Bumps [actions/github-script](https://github.com/actions/github-script) from v3 to v4.0.2.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3...a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-26 08:30:49 -05:00
naveen
3d24435ba8 🌱 Fixing the docker build issue 2021-04-23 15:17:42 -04:00
Naveen
760e01fbb8 Revert "🌱 Bump actions/github-script from v3 to v4.0.1" 
This reverts commit 3ad35e3661.
 2021-04-23 11:53:17 -04:00
dependabot[bot]
3ad35e3661 🌱 Bump actions/github-script from v3 to v4.0.1 
Bumps [actions/github-script](https://github.com/actions/github-script) from v3 to v4.0.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3...85e88a66eaa831097093a3d278536947f2984d20)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-22 08:37:01 -04:00
naveen
c2236f68f8 🌱 Updated commit message for dependabot 
* Updated commit message to have 🌱 prefix in dependabot PR.
 2021-04-08 14:13:44 -05:00
nathannaveen
f5185e4bd6 🌱 included copyright headers. 2021-04-01 21:36:10 -05:00
Naveen
3e4432ceea Update PULL_REQUEST_TEMPLATE.md 2021-03-24 17:11:02 -04:00
naveen
775a83a2f7 🌱 update dependabot for cron and scripts 
The cron and scripts are based on go.mod. The dependabot settings are
updated to watch those folders.
 2021-03-22 11:50:01 -04:00
naveen
8427362772 🌱 verifier to generate release notes 
The verifier helps release notes generation.
https://github.com/kubernetes-sigs/kubebuilder-release-tools

https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/verify/main.go
 2021-03-18 12:19:06 -04:00
naveen
88de2df279 Feat-Use synk to check cron-job security settings 
Use synk to check for cron-job yaml for secuity misconfiguration.
 2021-03-12 21:03:29 -05:00
naveen
3489c83404 Feat - Include synk check for k8s yaml 
Synk has set of rules to validate the k8s yaml for insecure
configuration.

This action will validate the k8s yaml for insecure configuration.
 2021-03-12 20:56:00 -05:00
naveen
248fda288e Fix - docker builds for scorecard cron 
Fixed the docker build for scorecard cron and as well as updated the
integration to test for the docker builds.
 2021-03-05 13:14:33 -05:00
naveen
abb06c9dbc feat- Reorganize the code structure 
Reorganize the code structure for testing and maintenance.

Feat - Included http endpoint
 2021-03-04 19:08:47 -05:00
Naveen
c5528dba94
Update issue templates (#235) 2021-03-04 03:30:32 +00:00
Naveen
3e979657bf
Implemented docker for gitcache (#231) 
* Implemented caching the git folder instead of just a branch.
Implemented logging.
Refactored code.

* Feat - Implemented docker for gitcache
 2021-03-04 03:22:17 +00:00
Naveen
b4c2e4fd13
feat - migrate to go 1.16 (#233) 
Upgrade to go version 1.16
 2021-03-03 18:56:29 +00:00
Naveen
f0ff62d9eb
Feat - Included dependabot for gitcache (#232) 2021-03-02 16:51:04 -08:00
naveen
7b192a0243 feat - Included tests for disk cache 
Included tests for disk cache.
Cleaned up tests.
 2021-02-26 15:46:21 -05:00
naveen
6f2a0f43f4 Fix - Output path for the test runs 2021-02-25 15:59:39 -05:00
naveen
a7174d8ad7 Feature - Include e2e tests for docker 
Included e2e tests for docker.
Included .Dockerignore to ignore files.
Included Docker build in the Makefile.
 2021-02-25 11:02:45 -05:00