Carlos A Becker
0836149357
chore(ci): gitleaks
...
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-05-17 22:00:25 -03:00
Naveen
6289aee804
feat(ci): run dependency review action on prs ( #3109 )
...
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-14 19:48:43 -03:00
dependabot[bot]
82f5785fd7
chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 ( #3108 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634a
2022-05-13 09:47:56 -03:00
dependabot[bot]
cc0ba360b3
chore(deps): bump github/codeql-action ( #3105 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.10. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](75b4f1c466...2f58583a1b
2022-05-12 10:30:12 -03:00
dependabot[bot]
1907ffe6a2
chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 ( #3094 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](b517f99ae2...537aa1903e
2022-05-11 09:50:07 -03:00
dependabot[bot]
5a027de820
chore(deps): bump github/codeql-action from 2.1.9 to 2.1.10 ( #3095 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...75b4f1c466
2022-05-11 09:49:53 -03:00
Carlos A Becker
ad13ba6c8a
fix(ci): improve auto commit msg
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-05-10 13:10:12 -03:00
dependabot[bot]
70975ed684
chore(deps): bump docker/setup-qemu-action from 1.2.0 to 2 ( #3084 )
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 1.2.0 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](27d0a4f181...8b122486ce
2022-05-06 15:58:34 -03:00
dependabot[bot]
66d264bdd1
chore(deps): bump docker/login-action from 1.14.1 to 2 ( #3082 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.14.1 to 2.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](dd4fa0671b...49ed152c8e
2022-05-06 15:56:44 -03:00
dependabot[bot]
313718a8e5
chore(deps): bump docker/setup-buildx-action from 1.7.0 to 2 ( #3083 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 1.7.0 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](f211e3e9de...dc7b9719a9
2022-05-06 14:37:18 -03:00
dependabot[bot]
546325d912
chore(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 ( #3071 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](94ab11c41e...f211e3e9de
2022-04-28 10:23:24 -03:00
dependabot[bot]
35a7ebf680
chore(deps): bump github/codeql-action from 2.1.8 to 2.1.9 ( #3070 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991
2022-04-28 10:23:13 -03:00
dependabot[bot]
41f7c3ade5
chore(deps): bump codecov/codecov-action from 3.0.0 to 3.1.0 ( #3059 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814
2022-04-22 09:36:20 -03:00
dependabot[bot]
8dc34370d3
chore(deps): bump anchore/sbom-action from 0.10.0 to 0.11.0 ( #3050 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](407a3ec314...bb716408e7
2022-04-18 10:22:05 -03:00
Carlos Alexandro Becker
bdef306b79
fix(ci): dont use krew fork ( #3040 )
...
* fix(ci): use setup-krew action instead of go install
also switch back to main krew as my PR was recently released.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: use go install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: use go install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 23:00:29 -03:00
Carlos Alexandro Becker
0e149698af
fix(ci): misspell action ( #3041 )
...
the misspell action is failing, but we can run it through golangci-lint, so, just doing that now.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 22:39:59 -03:00
Naveen
38ea40c442
fix: set permissions for GitHub actions ( #3036 )
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-13 14:42:11 -03:00
dependabot[bot]
b0d00f2cff
chore(deps): bump stefanzweifel/git-auto-commit-action ( #3034 )
...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from 4.14.0 to 4.14.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](c4b132ec2c...49620cd3ed
2022-04-13 09:37:34 -03:00
dependabot[bot]
0edd69a47e
chore(deps): bump github/codeql-action from 2.1.7 to 2.1.8 ( #3029 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.7 to 2.1.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0182a2c78c...1ed1437484
2022-04-11 08:39:43 -03:00
dependabot[bot]
dd0de9db07
chore(deps): bump anchore/sbom-action from 0.9.0 to 0.10.0 ( #3026 )
...
* chore(deps): bump anchore/sbom-action from 0.9.0 to 0.10.0
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](f6c3d0fe42...407a3ec314
2022-04-08 12:18:20 -03:00
dependabot[bot]
07ebdfd05e
chore(deps): bump github/codeql-action from 2.1.6 to 2.1.7 ( #3021 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28eead2408...0182a2c78c
2022-04-06 09:41:08 -03:00
dependabot[bot]
796c4f209e
chore(deps): bump codecov/codecov-action from 2.1.0 to 3 ( #3022 )
...
* chore(deps): bump codecov/codecov-action from 2.1.0 to 3
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
2022-04-06 09:40:50 -03:00
dependabot[bot]
0402dd371a
chore(deps): bump anchore/sbom-action from 0.8.0 to 0.9.0 ( #3023 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](2ad7824629...f6c3d0fe42
2022-04-06 09:40:06 -03:00
dependabot[bot]
71eb7a541a
chore(deps): bump github/codeql-action from 1.1.5 to 2.1.6 ( #3013 )
...
* chore(deps): bump github/codeql-action from 1.1.5 to 2.1.6
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.5 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8834766498...28eead2408
2022-03-31 09:05:51 -03:00
dependabot[bot]
dd26ed4d79
chore(deps): bump arduino/setup-task from 1.0.0 to 1.0.1 ( #3008 )
...
Bumps [arduino/setup-task](https://github.com/arduino/setup-task ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/arduino/setup-task/releases )
- [Commits](accf38bba9...ca745e1891
2022-03-28 09:36:15 -03:00
dependabot[bot]
74f48c3a96
chore(deps): bump anchore/sbom-action from 0.7.0 to 0.8.0 ( #3001 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ce4a7cf05d...2ad7824629
2022-03-22 19:52:17 -03:00
dependabot[bot]
1c3bc7fe8d
chore(deps): bump stefanzweifel/git-auto-commit-action ( #2995 )
2022-03-22 09:14:35 -03:00
dependabot[bot]
617cd81746
chore(deps): bump actions/setup-go from 2.2.0 to 3 ( #2987 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](bfdd3570ce...f6164bd8c8
2022-03-17 08:47:57 -03:00
Carlos Alexandro Becker
0a66b3dc85
feat: deprecate buildpacks ( #2982 )
2022-03-17 07:55:17 -03:00
Carlos Alexandro Becker
077ce16174
feat: more go 1.18 ( #2984 )
...
* feat: more go 1.18
moved more workflows to go 1.18, switched some code to strings.Cut
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* revert unwanted change
2022-03-16 23:28:13 -03:00
Naveen
1be9ede767
fix(ci): pinned workflow by hash ( #2977 )
...
* Pinned workflow by hash
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
- Included permissions for some of the actions. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
* Fixed conflicts
2022-03-17 01:29:18 +00:00
Carlos Alexandro Becker
3c4e797150
feat: upgrade to go 1.18 ( #2978 )
...
* feat: upgrade to go 1.18
* chore: go mod tidy
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* test: fix
* fix: more updates
* test: fix test
2022-03-16 21:51:48 -03:00
dependabot[bot]
2d9acf65b5
chore(deps): bump sigstore/cosign-installer from 2.0.1 to 2.1.0 ( #2961 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.0.1...v2.1.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 09:18:18 -03:00
dependabot[bot]
b0b982f162
chore(deps): bump anchore/sbom-action from 0.6.0 to 0.7.0 ( #2960 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](https://github.com/anchore/sbom-action/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 09:16:00 -03:00
dependabot[bot]
6e08c72ba4
chore(deps): bump actions/checkout from 2 to 3 ( #2949 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-02 09:15:04 -03:00
dependabot[bot]
395ee0ae5b
chore(deps): bump golangci/golangci-lint-action from 2 to 3 ( #2936 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 2 to 3.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-25 08:44:24 -03:00
dependabot[bot]
f75f6feeee
chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.0.1 ( #2928 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.0.0...v2.0.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-22 13:12:22 -03:00
dependabot[bot]
0b3106b9f0
chore(deps): bump actions/github-script from 5 to 6 ( #2907 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 5 to 6.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-14 08:45:48 -03:00
Carlos Alexandro Becker
9d49c50a70
docs: use the orgs code of conduct ( #2889 )
...
* chore: code of conduct links
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: use the orgs code of conduct
we dont need to keep a copy of it in every project, a single one should do.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-02-08 14:20:50 -03:00
Carlos A Becker
482cc6479c
chore: do not run schedule action on forks
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-02-05 10:11:38 -03:00
dependabot[bot]
f695286db9
chore(deps): bump sigstore/cosign-installer from 1.4.1 to 2.0.0 ( #2866 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 1.4.1 to 2.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v1.4.1...v2.0.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-01 11:12:54 -03:00
Carlos A Becker
9aa00c7f3f
chore(ci): pass down AUR_KEY
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-01-26 22:15:05 -03:00
Tom Payne
87151f8575
chore(ci): remove stale trigger paths ( #2836 )
...
.github/workflows/htmltest.yml no longer exists, and the www/* path
catches changes to www/htmltest.yml.
2022-01-17 08:45:30 -03:00
Carlos A Becker
3a04e75bd3
docs: uneeded prefix
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2021-12-23 17:32:10 -03:00
Carlos A Becker
bd10528ab7
docs: new feature template
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2021-12-23 17:31:42 -03:00
dependabot[bot]
18272c80e0
chore(deps): bump anchore/sbom-action from 0.5.0 to 0.6.0 ( #2772 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](https://github.com/anchore/sbom-action/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-17 10:34:00 -03:00
Carlos Alexandro Becker
7c8185047a
chore(ci): use download syft action ( #2767 )
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2021-12-16 21:04:52 -03:00
Carlos Alexandro Becker
505888f41b
feat: keyless signing ( #2716 )
...
* feat: keyless signing
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: perms
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: rm old pubkey
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: missing experimental flag
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: true keyless
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: improve install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: simplifying
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: improvements
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: improvements
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: trying to improve docs
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: config
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: package write
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2021-12-16 13:43:11 -03:00
Carlos A Becker
edc8edc1ca
chore(ci): update syft
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2021-12-15 23:34:46 -03:00
Alex Goodman
bfdec808ab
feat: add sbom generation pipe ( #2648 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2021-12-12 00:21:51 -03:00
