Naveen
af24ed4d7f
🌱 Included codeql check for GitHub Actions ( #988 )
...
Included codeql check for GitHub actions https://github.com/ossf/scorecard/issues/987
2021-09-09 23:02:11 +00:00
Naveen
a3d63bf324
🌱 Updated actions permission for codeql ( #964 )
...
* Updated the actions permissions for codeql from write to specific
settings. https://github.com/ossf/scorecard/issues/942
2021-09-07 08:52:14 -07:00
dependabot[bot]
942c4cfc25
🌱 Bump crazy-max/ghaction-import-gpg from 3.2.0 to 4 ( #971 )
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 3.2.0 to 4.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](1c6a9e9d35...8c43807e82
2021-09-07 15:24:51 +00:00
Chris McGehee
29b7bd3885
Parsing GitHub Workflows should only happen on yaml files
2021-09-06 10:51:33 -05:00
dependabot[bot]
f55b86d662
🌱 Bump peter-evans/slash-command-dispatch from 2.2.1 to 2.3.0 ( #955 )
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](fc430081ad...40877f718d
2021-09-03 16:39:23 +00:00
flying-cow
1434977ac0
:sparkling: Upgraded to go 1.17
2021-09-01 18:31:44 -04:00
naveen
50fd921680
🌱 Fix the dependabot settings
2021-08-26 14:29:12 -05:00
dependabot[bot]
f2afdba107
🌱 Bump actions/setup-go from 2.1.3 to 2.1.4
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](37335c7bb2...331ce1d993
2021-08-26 10:56:13 -05:00
Azeem Shaikh
b89808ff8c
Pin protoc by SHA ( #909 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 15:54:10 +00:00
Azeem Shaikh
cc30d54db2
Use arduino/setup-protoc for installing Protoc ( #903 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 09:31:04 -04:00
dependabot[bot]
7bc2e00589
🌱 Bump peter-evans/find-comment from 1.2.0 to 1.3.0 ( #893 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](309ce798ba...d2dae40ed1
2021-08-24 22:20:22 +00:00
laurentsimon
276155d1eb
✨ SARIF 4: Add support to output SARIF format ( #866 )
...
* draft1
* draft2
* draft
* draft 3
* typos
* unit tests
* fixes
* fixes
* related locs
* fixes
* version
* fixes
* linter/fix
* fixes
* linter
* gofmt -s
2021-08-23 21:31:33 +00:00
dependabot[bot]
42700ee940
🌱 Bump actions/github-script from 4.0.2 to 4.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 4.0.2 to 4.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](a3e7071a34...f891eff651
2021-08-20 11:05:08 -05:00
Azeem Shaikh
6cc41359a9
Remove false log statement ( #835 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-11 04:09:13 +00:00
dependabot[bot]
a2e34ede98
🌱 Bump crazy-max/ghaction-import-gpg from 3.1.0 to 3.2.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](b0793c0060...1c6a9e9d35
2021-08-10 10:03:06 -05:00
naveen
ef9880c7b3
🌱 Implemented ignore for license check
...
The license check was updated with the ignore files.
Fixed the issue https://github.com/ossf/scorecard/issues/767
2021-08-09 16:09:01 -05:00
Appu
8534836923
Also add version info to goreleaser ( #822 )
...
- shared configuration generation in ./scripts/version-ldflags
Signed-off-by: Appu Goundan <appu@google.com>
2021-08-09 18:22:30 +00:00
Naveen
91d3d82348
🌱 Fix the protobuf GitHub runner issue ( #801 )
...
Fixes the protobuf GitHub runner issue by cloning the repository and
installing it locally.
Source https://lukasjoswiak.com/github-actions-protobuf/
2021-08-02 23:52:57 +00:00
dependabot[bot]
a66b53ebe4
🌱 Bump peter-evans/slash-command-dispatch from 2.1.3 to 2.2.1 ( #735 )
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.1.3 to 2.2.1.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](72ab5a2e41...fc430081ad
2021-07-31 11:12:20 +00:00
dependabot[bot]
564b10946f
🌱 Bump goreleaser/goreleaser-action from 2.6.1 to 2.7.0 ( #762 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](ac067437f5...5a54d7e660
2021-07-29 21:51:16 +00:00
Azeem Shaikh
851646d4db
Disable e2e tests temporarily ( #785 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 19:39:39 +00:00
laurentsimon
492d9cd29b
disable license check ( #784 )
2021-07-29 19:30:26 +00:00
dependabot[bot]
428a4d659c
🌱 Bump actions/stale from 3.0.19 to 4 ( #695 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 3.0.19 to 4.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](98ed4cb500...cdf15f641a
2021-07-16 17:30:01 +00:00
naveen
a55d542e0d
🌱 Remove gitcache docker
...
Remove the gitcache docker image
2021-07-14 12:31:15 -05:00
naveen
219404e0b7
🌱 Removing gitcache
...
Removing gitcache
2021-07-13 01:03:21 -05:00
dependabot[bot]
18c3178a84
🌱 Bump codecov/codecov-action from 1.5.0 to 1.5.2 ( #558 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](a1ed4b322b...29386c70ef
2021-06-28 22:19:47 -07:00
naveen
6aefe1b6ac
🌱 Fix broken e2e tests
...
* Changed the path for the frozen deps to look for within the
.github/worworkflows path
* Included license check to tools.go
* Removed the hard reference to ginkgo within the integration.yml
* The above fixes will fix the broken tests for scorecard.
Repo: github.com/ossf/scorecard
Frozen-Deps: Fail 10
go modules found: go.mod
!! frozen-deps/fetch-execute - .github/workflows/integration.yml is fetching an non-pinned dependency 'go get github.com/onsi/ginkgo/ginkgo@v1.14.2'
!! frozen-deps/fetch-execute - .github/workflows/main.yml is fetching an non-pinned dependency 'go install github.com/google/addlicense@latest'
2021-06-28 15:28:10 -05:00
Naveen
d998d56112
🌱 Fixes GitHub workflow failures ( #593 )
...
The validate and the e2e are failing because of the bug in golang
https://github.com/golang/go/issues/44129
This fix is a temporary workaround.
2021-06-20 15:48:21 -04:00
naveen
e7ea1a2b88
🌱 Fixes the broken PR Verifier
...
Reverted to the original permission.
2021-06-10 12:31:21 -04:00
naveen
28b1db9267
🌱 Fixes write permissions for ok-to-test
...
Allowed write permissions to action for commenting on the status of the
PR.
2021-06-07 12:49:11 -04:00
dependabot[bot]
b04df4e256
🌱 Bump goreleaser/goreleaser-action from 2.6.0 to 2.6.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](70eb4e573c...ac067437f5
2021-05-31 09:14:30 -04:00
dependabot[bot]
df44a898cf
🌱 Bump goreleaser/goreleaser-action from 2.5.0 to 2.6.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5e15885530...70eb4e573c
2021-05-27 15:55:27 -04:00
dependabot[bot]
947a075c7c
🌱 Bump github/codeql-action ( #482 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from cb5810848de15b695cd9ef3b559dd178c43c7df3 to 1.0.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cb5810848d...bc2cbe3983
2021-05-26 16:10:12 +00:00
dependabot[bot]
90e1aeb7ec
🌱 Bump actions/stale from 3.0.18 to 3.0.19 ( #470 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 3.0.18 to 3.0.19.
- [Release notes](https://github.com/actions/stale/releases )
- [Commits](3b3c3f03cd...98ed4cb500
2021-05-18 10:47:18 -04:00
laurentsimon
6367cc44f6
pin scorecard workflow depepdencies by hash ( #456 )
2021-05-14 16:59:05 -07:00
dependabot[bot]
53262f0368
🌱 Bump codecov/codecov-action from 1 to 1.5.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1 to 1.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v1.5.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 10:38:27 -05:00
dependabot[bot]
33c1e903a4
🌱 Bump actions/checkout from 2 to 2.3.4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 10:26:18 -05:00
dependabot[bot]
dd6c652db6
🌱 Bump actions/stale from 3 to 3.0.18
...
Bumps [actions/stale](https://github.com/actions/stale ) from 3 to 3.0.18.
- [Release notes](https://github.com/actions/stale/releases )
- [Commits](https://github.com/actions/stale/compare/v3...v3.0.18 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 09:34:55 -05:00
dependabot[bot]
775a36a393
🌱 Bump peter-evans/create-or-update-comment from 1 to 1.4.5
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 1 to 1.4.5.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v1...v1.4.5 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 09:30:11 -05:00
dependabot[bot]
35b62a9905
🌱 Bump peter-evans/find-comment from 1 to 1.2.0 ( #439 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1 to 1.2.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](https://github.com/peter-evans/find-comment/compare/v1...v1.2.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-12 13:29:05 +00:00
dependabot[bot]
9478fe3147
🌱 Bump goreleaser/goreleaser-action from 2 to 2.5.0 ( #441 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2 to 2.5.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Changelog](https://github.com/goreleaser/goreleaser-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v2...v2.5.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-12 09:24:03 -04:00
Naveen
14dfc45fae
🌱 Move the docker containers to gcr.io ( #419 )
...
* Included a build on push to master on gcr.io
* Updated the README with the gcr.io
* Removed the docker.yaml build push
2021-05-11 14:11:06 +00:00
dependabot[bot]
c1ef0900f2
🌱 Bump google-github-actions/setup-gcloud from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1 ( #425 )
...
* 🌱 Bump google-github-actions/setup-gcloud
Bumps [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud ) from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/google-github-actions/setup-gcloud/releases )
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/master/CHANGELOG.md )
- [Commits](94337306dd...daadedc81d
2021-05-10 08:20:31 -07:00
naveen
a4768922a9
🌱 Removed the trivy scan
...
* Removed container using trivy as it is in gcr.io
2021-05-08 17:47:49 -05:00
laurentsimon
82d6c171bc
🐛 Pin workflow dependencies ( #417 )
...
* pin workflow dependencies
* comments
Co-authored-by: Abhishek Arya <inferno@chromium.org>
2021-05-07 18:35:57 -07:00
naveen
cd7231dd75
🌱 Cleanup dependabot config
2021-04-29 17:10:24 -05:00
naveen
a64426e369
🌱 Remove synk
...
Removing synk as per our discussion.
2021-04-29 12:32:21 -05:00
naveen
da2e7029c7
🌱 Update golangci version to 1.39
...
* Upgrade the golangci version to 1.39
* Changed the checkout depth
https://github.com/golangci/golangci-lint/issues/1088#issuecomment-801540792
2021-04-29 08:24:41 -05:00
naveen
872e9139d8
🐛 docker build for gitcache
...
* Fixed docker build for git cache
2021-04-26 10:01:50 -05:00
dependabot[bot]
bdf86e00c8
🌱 Bump actions/github-script from v3 to v4.0.2
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from v3 to v4.0.2.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v3...a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-26 08:30:49 -05:00
