Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.8 to 3.26.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="461ef6c76d"><code>461ef6c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2503">#2503</a>
from github/update-v3.26.9-f861efb2b</li>
<li><a
href="00b1146c45"><code>00b1146</code></a>
Update changelog for v3.26.9</li>
<li><a
href="f861efb2b3"><code>f861efb</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2498">#2498</a>
from github/dependabot/npm_and_yarn/npm-9874b37b58</li>
<li><a
href="426821d803"><code>426821d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2485">#2485</a>
from github/dependabot/github_actions/actions-a88a8c...</li>
<li><a
href="07e8133971"><code>07e8133</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2501">#2501</a>
from github/henrymercer/missing-autobuild-config-error</li>
<li><a
href="e0a151e64e"><code>e0a151e</code></a>
Fix inconsistency in autobuild error tracking</li>
<li><a
href="6b0ce4e274"><code>6b0ce4e</code></a>
revert eslint-plugin-import to 2.29.1</li>
<li><a
href="07fd497921"><code>07fd497</code></a>
Merge branch 'main' into
dependabot/github_actions/actions-a88a8c5a24</li>
<li><a
href="2cddcb1990"><code>2cddcb1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2499">#2499</a>
from github/aeisenberg/no-upload-sarif</li>
<li><a
href="6225a95822"><code>6225a95</code></a>
Don't upload during cancelled jobs</li>
<li>Additional commits viewable in <a
href="294a9d9291...461ef6c76d">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[go.uber.org/automaxprocs](https://github.com/uber-go/automaxprocs) from
1.5.3 to 1.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uber-go/automaxprocs/releases">go.uber.org/automaxprocs's
releases</a>.</em></p>
<blockquote>
<h2>v1.6.0</h2>
<ul>
<li>Add RoundQuotaFunc option that allows configuration of rounding
behavior for floating point CPU quota.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/uber-go/automaxprocs/blob/master/CHANGELOG.md">go.uber.org/automaxprocs's
changelog</a>.</em></p>
<blockquote>
<h2>v1.6.0 (2024-07-24)</h2>
<ul>
<li>Add RoundQuotaFunc option that allows configuration of rounding
behavior for floating point CPU quota.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1ea14c35ce"><code>1ea14c3</code></a>
Release v1.6.0 (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/90">#90</a>)</li>
<li><a
href="144f5c188c"><code>144f5c1</code></a>
Remove glide.yaml (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/89">#89</a>)</li>
<li><a
href="8553d3bb21"><code>8553d3b</code></a>
Add option to round up CPU quota (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/79">#79</a>)</li>
<li><a
href="c9adbb9be7"><code>c9adbb9</code></a>
Use Go 1.21 (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/82">#82</a>)</li>
<li>See full diff in <a
href="https://github.com/uber-go/automaxprocs/compare/v1.5.3...v1.6.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The presence of an artifact field in the `signature` or `certificate`
template field caused a silent failure in the template when re-applied
after the external signing process was called.
This was due to the artifact being presence in the template context
before the signing process, but not after. An error here was also
ignored.
The fix supplies the artifact to the template context, and also allows a
template failure to
fail the overall process.
As far as I can tell, this change aligns behaviour to match existing
documentation.
Fixes#5147
## Description
Corrected some spelling errors in the `www/docs/install.md` and
`www/docs/blog/posts/2024-09-12-v2.3.md` .
Signed-off-by: Ruihua Wen <spiffyeight77@gmail.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.7 to 3.26.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="294a9d9291"><code>294a9d9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2490">#2490</a>
from github/update-v3.26.8-64431c66d</li>
<li><a
href="00b3604ce7"><code>00b3604</code></a>
Update changelog for v3.26.8</li>
<li><a
href="64431c66d0"><code>64431c6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2483">#2483</a>
from github/update-bundle/codeql-bundle-v2.19.0</li>
<li><a
href="e0e2d7557d"><code>e0e2d75</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.0</li>
<li><a
href="cb28816228"><code>cb28816</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2487">#2487</a>
from rvermeulen/rvermeulen/uri-errors-as-warnings</li>
<li><a
href="498c508900"><code>498c508</code></a>
Rebuild JavaScript files</li>
<li><a
href="a1a585f2ab"><code>a1a585f</code></a>
Merge branch 'main' into rvermeulen/uri-errors-as-warnings</li>
<li><a
href="34666c10b6"><code>34666c1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2488">#2488</a>
from github/henrymercer/debug-artifacts-better-logging</li>
<li><a
href="6e24973d7a"><code>6e24973</code></a>
Improve logging for combined SARIF debug artifact</li>
<li><a
href="d0a3cf2152"><code>d0a3cf2</code></a>
Improve logging for debug artifacts</li>
<li>Additional commits viewable in <a
href="8214744c54...294a9d9291">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[dagger/dagger-for-github](https://github.com/dagger/dagger-for-github)
from 6.8.0 to 6.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dagger/dagger-for-github/releases">dagger/dagger-for-github's
releases</a>.</em></p>
<blockquote>
<h2>v6.9.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump dagger version to v0.13.1 by <a
href="https://github.com/sipsma"><code>@sipsma</code></a> in <a
href="https://redirect.github.com/dagger/dagger-for-github/pull/147">dagger/dagger-for-github#147</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dagger/dagger-for-github/compare/v6...v6.9.0">https://github.com/dagger/dagger-for-github/compare/v6...v6.9.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b6bf6af9f4"><code>b6bf6af</code></a>
bump dagger version to v0.13.1 (<a
href="https://redirect.github.com/dagger/dagger-for-github/issues/147">#147</a>)</li>
<li>See full diff in <a
href="https://github.com/dagger/dagger-for-github/compare/v6.8.0...v6.9.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## What is this?
This daggerizes the lint, test, and build pipelines for Goreleaser.
## Why?
For context, the previous pass at this can be found here
https://github.com/goreleaser/goreleaser/pull/4186 . Since that time,
the DX for using Dagger has been considerably improved.
The benefit this brings to the Goreleaser project is that the test
pipeline can be run locally the same as it is run in CI without
requiring contributors to configure additional tools in their developer
environments. Additionally, by codifying the test and build execution
environments, you no longer need to be concerned with changing or
outdated Github Actions runner environments.
## How?
As a contributor, you can simply clone/fork Goreleaser and run:
`dagger functions` to see which commands are available.
To lint local code:
`dagger call --source . lint`
To run tests against local code:
`dagger call --source . test output`
To run tests against local code and get the coverage report:
`dagger call --source . test coverage-report -o ./coverage.txt`
To run tests on the main branch on Github:
`dagger call --source=https://github.com/goreleaser/goreleaser test
output`
To run tests against a PR branch on Github:
`dagger call
--source=https://github.com/goreleaser/goreleaser#pull/4958/head test
output`
To run tests against a PR branch using the dagger pipeline committed to
the main branch, without checking out goreleaser:
`dagger -m github.com/goreleaser/goreleaser call
--source=https://github.com/goreleaser/goreleaser#pull/4958/head test
output`
And so on 😃
## Also
In addition to the Dagger code, I've updated the build.yml workflow to
use the test pipeline and updated CONTRIBUTING.md with the command to
run tests with Dagger.
Note that I did not update the Taskfile.yml to avoid breaking anything
for contributors comfortable with their existing workflows.
Do you feel that this will benefit the Goreleaser project? Would you
like to see the Dagger functions doing more/less?
---------
Signed-off-by: kpenfound <kyle@dagger.io>
Signed-off-by: Lev Lazinskiy <lev@levlaz.org>
Signed-off-by: Lev Lazinskiy <lev@dagger.io>
Co-authored-by: Lev Lazinskiy <lev@levlaz.org>
Co-authored-by: Lev Lazinskiy <lev@dagger.io>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.6 to 3.26.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8214744c54"><code>8214744</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2478">#2478</a>
from github/update-v3.26.7-4a01ec798</li>
<li><a
href="a3b3e07cec"><code>a3b3e07</code></a>
Update changelog for v3.26.7</li>
<li><a
href="4a01ec7986"><code>4a01ec7</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2474">#2474</a>
from github/aeisenberg/always-upload-eslint-sarif</li>
<li><a
href="762dbaeeb7"><code>762dbae</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2471">#2471</a>
from github/update-bundle/codeql-bundle-v2.18.4</li>
<li><a
href="0d0f998f28"><code>0d0f998</code></a>
Always upload eslint.sarif</li>
<li><a
href="e817992b3d"><code>e817992</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2469">#2469</a>
from github/aeisenberg/upload-eslint-sarif</li>
<li><a
href="49021ad7f5"><code>49021ad</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2472">#2472</a>
from rvermeulen/rvermeulen/update-release-branch-authz</li>
<li><a
href="56b8418884"><code>56b8418</code></a>
Ignore suppressed alerts</li>
<li><a
href="f824adbf9b"><code>f824adb</code></a>
Merge branch 'main' into rvermeulen/update-release-branch-authz</li>
<li><a
href="8d9ed0b40e"><code>8d9ed0b</code></a>
Add changelog note</li>
<li>Additional commits viewable in <a
href="4dd16135b6...8214744c54">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[cachix/install-nix-action](https://github.com/cachix/install-nix-action)
from V27 to 28. This release includes the previously tagged commit.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's
releases</a>.</em></p>
<blockquote>
<h2>v28</h2>
<p>Nix 2.24.6 - <a
href="https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493">https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3715ab1a11"><code>3715ab1</code></a>
bump channel</li>
<li><a
href="1872f1ff9d"><code>1872f1f</code></a>
Nix: 2.22.1 -> 2.24.6</li>
<li><a
href="e268b7aa05"><code>e268b7a</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/213">#213</a>
from phaer/patch-1</li>
<li><a
href="5b8c65d4d7"><code>5b8c65d</code></a>
Update README: hardware accel is available now...</li>
<li><a
href="ba01fffc51"><code>ba01fff</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/210">#210</a>
from guoard/patch-1</li>
<li><a
href="474f0a77aa"><code>474f0a7</code></a>
docs(readme): update checkout action version</li>
<li><a
href="725982224c"><code>7259822</code></a>
readme: V27</li>
<li>See full diff in <a
href="https://github.com/cachix/install-nix-action/compare/V27...V28">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## What is this?
Just adding documentation for using cosign with GitHub's OIDC in CI.
## Why?
I spent 4 hours looking through goreleaser and GitHub's docs before I
finally discovered I was missing the `id-token: write` permission in my
workflow file.
This PR serves to just include the `id-token: write` scope in the `CI ->
(GH) actions` section of the docs to hopefully save other devs the
trouble 🤣
### Additional
I also considered adding this to docs for the other CI providers, but I
am not too familiar on the OIDC side of things; might be worth
considering for the team?
Cheers
---
Been using goreleaser for one of my [oss
projects](https://github.com/caffeine-addictt/waku) recently and it's
been great! Just wanted to contribute something back, keep up the great
work! :>
Signed-off-by: AlexNg <contact@ngjx.org>
I like to use the goreleaser for my private project and would like to
have the binary scaled down with the UPX in the GitLab build pipeline.
Therefore, it would be nice if the UPX tool is pre-installed in the
Docker container.
Signed-off-by: Andrej Giesbrecht <giesan@gmx.net>
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.24.0
to 0.25.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7398f36f57"><code>7398f36</code></a>
all: fix some symbols error in comment</li>
<li><a
href="f111c72426"><code>f111c72</code></a>
go/callgraph/rta: skip test on js platform</li>
<li><a
href="9f9b7e39b5"><code>9f9b7e3</code></a>
gopls/internal/settings: add missing deep cloning in Options.Clone</li>
<li><a
href="ce7eed4960"><code>ce7eed4</code></a>
doc/generate: minor cleanup</li>
<li><a
href="075ae7d276"><code>075ae7d</code></a>
go/callgraph/vta: add basic tests for range-over-func</li>
<li><a
href="2c7aaab748"><code>2c7aaab</code></a>
go/ssa: skip failing test</li>
<li><a
href="1b5663fbc8"><code>1b5663f</code></a>
go/callgraph/vta: perform minor cleanups</li>
<li><a
href="0a498831d1"><code>0a49883</code></a>
gopls/go.mod: update the go directive to 1.23.1</li>
<li><a
href="ad366a81ee"><code>ad366a8</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="4fb36d15cc"><code>4fb36d1</code></a>
go/callgraph/rta: add rta analysis test case for multiple go
packages</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.24.0...v0.25.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit fixes the automatic extension when building the wasip1_wasm
target.
Additionally, in future Go versions, support will be added for
generating c-shared WASM binaries.
https://github.com/golang/go/issues/65199
Therefore, this PR corrects the extension in the build process and
removes the .h file from the release when c-shared is enabled and the
target is WASM.
Bumps golang from 1.23.0-alpine to 1.23.1-alpine.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
this makes ko run on snapshot builds, too.
the image will be `goreleaser.ko.local:[your tags]`, not sure if we can
change this, seems like we can't.
also fixed a small doc error around it, as well as added a new test to
cover this.
closes#4683
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
make them more precise, as its currently only taking GOOS/GOARCH into
account, and we can do more.
closes#5112
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
