Carlos A Becker
5bcd56bcbd
chore(ci): prevent gpl deps
...
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-07-06 09:50:26 -03:00
dependabot[bot]
7bb16e271a
chore(deps): bump sigstore/cosign-installer from 2.4.0 to 2.4.1 ( #3220 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.4.0...v2.4.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-04 10:37:54 -03:00
dependabot[bot]
a535b87b4a
chore(deps): bump github/codeql-action from 2.1.14 to 2.1.15 ( #3214 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](41a4ada31b...3f62b754e2
2022-06-29 10:11:14 -03:00
Carlos A Becker
5aed49bd0a
chore(ci): do not run gitleaks on prs
...
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-06-27 08:55:38 -03:00
Carlos Alexandro Becker
d58a3e72c3
chore(ci): improve tparse output ( #3193 )
...
* chore(ci): improve tparse output
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* chore(ci): improve tparse output
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-06-24 09:33:34 -03:00
dependabot[bot]
e16a15929e
chore(deps): bump github/codeql-action from 2.1.13 to 2.1.14 ( #3186 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.13 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d00e8c09a3...41a4ada31b
2022-06-23 08:49:48 -03:00
dependabot[bot]
f1c611b21b
chore(deps): bump github/codeql-action from 2.1.12 to 2.1.13 ( #3179 )
2022-06-22 08:47:02 -03:00
Carlos Alexandro Becker
c51b0f9847
fix(ci): gitleaks license ( #3177 )
...
* fix(ci): gitleaks license
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: gitleaks config path
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-06-22 00:08:51 -03:00
dependabot[bot]
891e50e6a4
chore(deps): bump actions/dependency-review-action from 1 to 2 ( #3164 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-16 08:55:20 -03:00
Carlos A Becker
d80f11b98e
chore(ci): update sbom and cosign actions
...
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-06-13 14:28:08 -03:00
Carlos Alexandro Becker
500190f36a
chore(ci): tparse ( #3131 )
...
* chore(ci): tparse
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: always set json
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: nocolor
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: do not need tparse locally
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: build
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-06-11 23:25:04 -03:00
dependabot[bot]
ab43561b9c
chore(deps): bump github/codeql-action from 2.1.11 to 2.1.12 ( #3141 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a3a6c128d7...27ea8f8fe5
2022-06-02 08:28:59 -03:00
dependabot[bot]
b869ea44b7
chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 ( #3133 )
...
* chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fcdc43634a...b22fbbc292
2022-05-27 13:26:29 -03:00
dependabot[bot]
6c38b37b11
chore(deps): bump github/codeql-action from 2.1.10 to 2.1.11 ( #3113 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.10 to 2.1.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2f58583a1b...a3a6c128d7
2022-05-18 09:21:43 -03:00
Carlos A Becker
857602a2aa
chore(ci): gitleaks ignore testdata
...
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-05-17 22:10:22 -03:00
Carlos A Becker
0836149357
chore(ci): gitleaks
...
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2022-05-17 22:00:25 -03:00
Naveen
6289aee804
feat(ci): run dependency review action on prs ( #3109 )
...
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-14 19:48:43 -03:00
dependabot[bot]
82f5785fd7
chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 ( #3108 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634a
2022-05-13 09:47:56 -03:00
dependabot[bot]
cc0ba360b3
chore(deps): bump github/codeql-action ( #3105 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.10. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](75b4f1c466...2f58583a1b
2022-05-12 10:30:12 -03:00
dependabot[bot]
1907ffe6a2
chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 ( #3094 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](b517f99ae2...537aa1903e
2022-05-11 09:50:07 -03:00
dependabot[bot]
5a027de820
chore(deps): bump github/codeql-action from 2.1.9 to 2.1.10 ( #3095 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...75b4f1c466
2022-05-11 09:49:53 -03:00
Carlos A Becker
ad13ba6c8a
fix(ci): improve auto commit msg
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-05-10 13:10:12 -03:00
dependabot[bot]
70975ed684
chore(deps): bump docker/setup-qemu-action from 1.2.0 to 2 ( #3084 )
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 1.2.0 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](27d0a4f181...8b122486ce
2022-05-06 15:58:34 -03:00
dependabot[bot]
66d264bdd1
chore(deps): bump docker/login-action from 1.14.1 to 2 ( #3082 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.14.1 to 2.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](dd4fa0671b...49ed152c8e
2022-05-06 15:56:44 -03:00
dependabot[bot]
313718a8e5
chore(deps): bump docker/setup-buildx-action from 1.7.0 to 2 ( #3083 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 1.7.0 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](f211e3e9de...dc7b9719a9
2022-05-06 14:37:18 -03:00
dependabot[bot]
546325d912
chore(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 ( #3071 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](94ab11c41e...f211e3e9de
2022-04-28 10:23:24 -03:00
dependabot[bot]
35a7ebf680
chore(deps): bump github/codeql-action from 2.1.8 to 2.1.9 ( #3070 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991
2022-04-28 10:23:13 -03:00
dependabot[bot]
41f7c3ade5
chore(deps): bump codecov/codecov-action from 3.0.0 to 3.1.0 ( #3059 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814
2022-04-22 09:36:20 -03:00
dependabot[bot]
8dc34370d3
chore(deps): bump anchore/sbom-action from 0.10.0 to 0.11.0 ( #3050 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](407a3ec314...bb716408e7
2022-04-18 10:22:05 -03:00
Carlos Alexandro Becker
bdef306b79
fix(ci): dont use krew fork ( #3040 )
...
* fix(ci): use setup-krew action instead of go install
also switch back to main krew as my PR was recently released.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: use go install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: use go install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 23:00:29 -03:00
Carlos Alexandro Becker
0e149698af
fix(ci): misspell action ( #3041 )
...
the misspell action is failing, but we can run it through golangci-lint, so, just doing that now.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 22:39:59 -03:00
Naveen
38ea40c442
fix: set permissions for GitHub actions ( #3036 )
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-13 14:42:11 -03:00
dependabot[bot]
b0d00f2cff
chore(deps): bump stefanzweifel/git-auto-commit-action ( #3034 )
...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from 4.14.0 to 4.14.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](c4b132ec2c...49620cd3ed
2022-04-13 09:37:34 -03:00
dependabot[bot]
0edd69a47e
chore(deps): bump github/codeql-action from 2.1.7 to 2.1.8 ( #3029 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.7 to 2.1.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0182a2c78c...1ed1437484
2022-04-11 08:39:43 -03:00
dependabot[bot]
dd0de9db07
chore(deps): bump anchore/sbom-action from 0.9.0 to 0.10.0 ( #3026 )
...
* chore(deps): bump anchore/sbom-action from 0.9.0 to 0.10.0
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](f6c3d0fe42...407a3ec314
2022-04-08 12:18:20 -03:00
dependabot[bot]
07ebdfd05e
chore(deps): bump github/codeql-action from 2.1.6 to 2.1.7 ( #3021 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28eead2408...0182a2c78c
2022-04-06 09:41:08 -03:00
dependabot[bot]
796c4f209e
chore(deps): bump codecov/codecov-action from 2.1.0 to 3 ( #3022 )
...
* chore(deps): bump codecov/codecov-action from 2.1.0 to 3
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
2022-04-06 09:40:50 -03:00
dependabot[bot]
0402dd371a
chore(deps): bump anchore/sbom-action from 0.8.0 to 0.9.0 ( #3023 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](2ad7824629...f6c3d0fe42
2022-04-06 09:40:06 -03:00
dependabot[bot]
71eb7a541a
chore(deps): bump github/codeql-action from 1.1.5 to 2.1.6 ( #3013 )
...
* chore(deps): bump github/codeql-action from 1.1.5 to 2.1.6
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.5 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8834766498...28eead2408
2022-03-31 09:05:51 -03:00
dependabot[bot]
dd26ed4d79
chore(deps): bump arduino/setup-task from 1.0.0 to 1.0.1 ( #3008 )
...
Bumps [arduino/setup-task](https://github.com/arduino/setup-task ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/arduino/setup-task/releases )
- [Commits](accf38bba9...ca745e1891
2022-03-28 09:36:15 -03:00
dependabot[bot]
74f48c3a96
chore(deps): bump anchore/sbom-action from 0.7.0 to 0.8.0 ( #3001 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ce4a7cf05d...2ad7824629
2022-03-22 19:52:17 -03:00
dependabot[bot]
1c3bc7fe8d
chore(deps): bump stefanzweifel/git-auto-commit-action ( #2995 )
2022-03-22 09:14:35 -03:00
dependabot[bot]
617cd81746
chore(deps): bump actions/setup-go from 2.2.0 to 3 ( #2987 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](bfdd3570ce...f6164bd8c8
2022-03-17 08:47:57 -03:00
Carlos Alexandro Becker
0a66b3dc85
feat: deprecate buildpacks ( #2982 )
2022-03-17 07:55:17 -03:00
Carlos Alexandro Becker
077ce16174
feat: more go 1.18 ( #2984 )
...
* feat: more go 1.18
moved more workflows to go 1.18, switched some code to strings.Cut
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* revert unwanted change
2022-03-16 23:28:13 -03:00
Naveen
1be9ede767
fix(ci): pinned workflow by hash ( #2977 )
...
* Pinned workflow by hash
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
- Included permissions for some of the actions. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
* Fixed conflicts
2022-03-17 01:29:18 +00:00
Carlos Alexandro Becker
3c4e797150
feat: upgrade to go 1.18 ( #2978 )
...
* feat: upgrade to go 1.18
* chore: go mod tidy
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* test: fix
* fix: more updates
* test: fix test
2022-03-16 21:51:48 -03:00
dependabot[bot]
2d9acf65b5
chore(deps): bump sigstore/cosign-installer from 2.0.1 to 2.1.0 ( #2961 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.0.1...v2.1.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 09:18:18 -03:00
dependabot[bot]
b0b982f162
chore(deps): bump anchore/sbom-action from 0.6.0 to 0.7.0 ( #2960 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](https://github.com/anchore/sbom-action/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 09:16:00 -03:00
dependabot[bot]
6e08c72ba4
chore(deps): bump actions/checkout from 2 to 3 ( #2949 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-02 09:15:04 -03:00
