* Forgive all job-level permissions
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Update tests
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace magic number
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Rename test
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Test that multiple job-level permissions are forgiven
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Drop unused permissionIsPresent
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Update documentation
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Modify score descriptions
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Document warning for job-level permissions
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* List job-level permissions that get WARNed
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add haskell-actions/hlint-scan as one of know GitHub actions which upload SARIF.
Signed-off-by: Yoo Chung <chungyc@google.com>
* Test security-events permissions with actions known to upload SARIF.
Signed-off-by: Yoo Chung <chungyc@google.com>
---------
Signed-off-by: Yoo Chung <chungyc@google.com>
* Removed job-level permissions check for actions and packages
Signed-off-by: Eddie Knight <knight@linux.com>
* Updated unit tests
Signed-off-by: Eddie Knight <knight@linux.com>
Signed-off-by: Eddie Knight <knight@linux.com>
mvn release:prepare makes changes to the repo to bump versions,
create a tag, and get things prepared for doing a release build
and thus needs contents: write permissions. This looks for workflow
steps that call `mvn release:prepare` and includes them in the set
that are a releasing workflow and thus which allow contents:write
* 🌱 Upgrade to go 1.18
- Upgrade to go 1.18
- Updated the deps to avoid critical CVE's
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated dockerfile.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the linter issues.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the CVE dependencies
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Rmoved the cache which is changing between 1.17 and 1.18
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Rmoved the cache which is changing between 1.17 and 1.18
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated ko to latest
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed linter issue.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed linter issue.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* fails tests
* update tests to reflect number of exepected debug msgs (one fewer per workflow)
* Replace strings.Cut usage with strings.Split since we dont use go1.18 yet
* fix number of debug messages in e2e tests. also a result of deduplication of messages in sarif allowlist
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0)
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* golangci-lint: Surface and fix as many lint warnings automatically
Signed-off-by: Stephen Augustus <foo@auggie.dev>
* generated: Run golangci-lint with `fix: true`
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
* Token-Permissions, distinguish contents/package
Allowing `contents: write` permission only for jobs that are releasing
jobs, not just packaging jobs.
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <zerjun@eta-hd.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>