Bumps anchore/sbom-action from 0.11.0 to 0.12.0.
Release notes
Sourced from anchore/sbom-action's releases.
v0.12.0
Changes in v0.12.0
Update dependencies (#317) kzantow
Update Syft to v0.53.4 (#266) anchore-actions-token-generator
Expose upload-artifact and upload-release-assets inputs (#277) joshowen
Document the dependency-snapshot property (#297) kzantow
Commits
b5042e9 Update dependencies (#317)
ac5a533 Update Syft to v0.53.4 (#266)
0f0f981 Expose upload-artifact and upload-release-assets inputs (#277)
6fb484a Document the dependency-snapshot property (#297)
See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps actions/checkout from 3 to 3.0.2.
Release notes
Sourced from actions/checkout's releases.
v3.0.2
What's Changed
Add set-safe-directory input to allow customers to take control. by @TingluoHuang in actions/checkout#770
Prepare changelog for v3.0.2. by @TingluoHuang in actions/checkout#777
Full Changelog: actions/checkout@v3...v3.0.2
v3.0.1
Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
Bumped various npm package versions
Changelog
Sourced from actions/checkout's changelog.
Changelog
v3.0.2
Add input set-safe-directory
v3.0.1
Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
Bumped various npm package versions
v3.0.0
Update to node 16
v2.3.1
Fix default branch resolution for .wiki and when using SSH
v2.3.0
Fallback to the default branch
v2.2.0
Fetch all history for all tags and branches when fetch-depth=0
v2.1.1
Changes to support GHES (here and here)
v2.1.0
Group output
Changes to support GHES alpha release
Persist core.sshCommand for submodules
Add support ssh
Convert submodule SSH URL to HTTPS, when not using SSH
Add submodule support
Follow proxy settings
Fix ref for pr closed event when a pr is merged
Fix issue checking detached when git less than 2.22
v2.0.0
Do not pass cred on command line
Add input persist-credentials
Fallback to REST API to download repo
v2 (beta)
Improved fetch performance
... (truncated)
Commits
See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps actions/cache from 661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 to 3.0.7. This release includes the previously tagged commit.
Release notes
Sourced from actions/cache's releases.
v3.0.7
What's Changed
Fix for the download stuck problem has been added in actions/cache for users who were intermittently facing the issue. As part of this fix, new timeout has been introduced in the download step to stop the download if it doesn't complete within an hour and run the rest of the workflow without erroring out.
Changelog
Sourced from actions/cache's changelog.
Releases
3.0.0
Updated minimum runner version support from node 12 -> node 16
3.0.1
Added support for caching from GHES 3.5.
Fixed download issue for files > 2GB during restore.
3.0.2
Added support for dynamic cache size cap on GHES.
3.0.3
Fixed avoiding empty cache save when no files are available for caching. (issue)
3.0.4
Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)
3.0.5
Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)
3.0.6
Fixed#809 - zstd -d: no such file or directory error
Fixed#833 - cache doesn't work with github workspace directory
3.0.7
Fixed#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.
Commits
a7c34ad Merge pull request #894 from actions/kotewar/update-toolkit-version
83394c9 Updated cache version in license file
e839c25 Updated actions/cache version to 3.0.3
33a923d Added release information
a404368 Updated actions/cache version to 3.0.2
f427802 Merge pull request #887 from actions/pdotl-version-patch
9916fe1 Update cache version in licences
318935e Update README and RELEASES
85efbb5 Update cache npm module to latest
4387dbc Merge pull request #835 from shivamarora1/clojure-lein-example
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps actions/github-script from 7f4e771d2b3022fa3b8bac499d4a547619f3ab10 to 6.1.1. This release includes the previously tagged commit.
Release notes
Sourced from actions/github-script's releases.
v6.1.1
What's Changed
Bump shell-quote from 1.7.2 to 1.7.3 by @dependabot in actions/github-script#270
Bump @actions/core to 1.9.1 by @cory-miller in actions/github-script#280
Non-code changes
Create codeql-analysis.yml by @joshmgross in actions/github-script#267
Improve grammar by @kevgo in actions/github-script#269
New Contributors
@kevgo made their first contribution in actions/github-script#269
@cory-miller made their first contribution in actions/github-script#280
Full Changelog: actions/github-script@v6.1.0...v6.1.1
Commits
d50f485 Merge pull request #280 from cory-miller/main
1bdf7b2 Bump @actions/core to 1.9.1
46a476b Merge pull request #269 from kevgo/patch-1
b682e42 Merge pull request #270 from actions/dependabot/npm_and_yarn/shell-quote-1.7.3
0cc15d0 Bump shell-quote from 1.7.2 to 1.7.3
ebee604 Improve grammar
377d38f Merge pull request #267 from actions/joshmgross/add-codeql
174e812 Create codeql-analysis.yml
7a5c598 Merge pull request #263 from smaeda-ks/update-actions-core
cb1c1eb Classify http-client licenses
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Support mTLS with client certificate when configured.
* Fix the omitempty typo.
* Add check for missing cert as well.
* Added documentation for artifactory and upload, as well as how to run mkdocs locally
* set pip version to just 3.
* Added example to the full config.
* Remove the Pipfile and update documentation to mention the task.
* update language in doc about multiarch images.
Co-authored-by: Sheridan C Rawlins <scr@ouryahoo.com>
It seems that the error I get sometimes (#3257) is related to snap push
not being able to work concurrently.
I'm not a 100% sure though, so I'll try this and see how it goes.
If the error still happens, we can ignore the error or retry.
closes#3257
