dependabot[bot]
54d4ca17ed
Bump github/codeql-action from 2 to 3 ( #5013 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 18:19:50 +00:00
dependabot[bot]
384e8ff567
Bump actions/checkout from 3 to 4 ( #4622 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 23:17:22 +00:00
Brett Logan
3864de706d
Update job image
...
Signed-off-by: Brett Logan <lindluni@github.com>
2023-04-10 14:51:50 -04:00
Brett Logan
ae3c77f45b
Enable merge queue
...
Signed-off-by: Brett Logan <lindluni@github.com>
2023-02-09 01:48:06 -05:00
Marco Ferrari
23e8ced872
Fix issues in the build workflow ( #3357 )
...
* Fix issues in the build workflow
* Don't build the image when running trivy
* Move the alpine glibc package key in the repo
* Move the alpine glibc package key in the repo
* Update labels
* Pull and tag
2022-09-27 14:30:54 +00:00
dependabot[bot]
e2efd920f2
Bump github/codeql-action from 1 to 2 ( #2829 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-02 09:56:21 -05:00
nathannaveen
4471e9f322
Set permissions for GitHub actions ( #2752 )
...
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
2022-04-11 14:52:49 -05:00
dependabot[bot]
5d5ae35998
Bump actions/checkout from 2.4.0 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-07 12:53:35 -05:00
Brett Logan
6e6d1348a6
Add Actions names
2022-02-21 10:17:34 -05:00
Masaya Suzuki
60ccdfca87
Add CI timeout ( #2127 )
2021-11-15 10:25:36 -06:00
dependabot[bot]
8bdd5deb1f
Bump actions/checkout from 2.3.4 to 2.4.0 ( #2096 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.3.4 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.4.0 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-10 11:53:31 -06:00
Zack Koppert
42ac0c1f0f
switch to main branch ( #2010 )
...
* switch to main branch
* switch from master to main
* switch default branch to main
* switch to main branch
* switch to main branch
* switch to main branch
* switch to main branch
* switch to main branch
* switch to main branch
* switch to main branch
* switch to main branch
* switch to main branch
* switch to main branch
* make comment reflect code
* switch to main branch
2021-10-01 12:57:26 -07:00
Lukas Gravley
ab24b82199
Adding actionlint ( #1775 )
...
* Adding action lint
* adding tests
* adding tests
* Update Dockerfile
Co-authored-by: Masaya Suzuki <15100604+massongit@users.noreply.github.com>
* cleanup name
* fix test
* typo
* fix file name
* fix our own errors
* more cleanup
* angry
* make it happy
* stop double jobs
Co-authored-by: Masaya Suzuki <15100604+massongit@users.noreply.github.com>
2021-07-19 09:28:49 -05:00
Zack Koppert
786e7056de
Reinstate Trivy with no blocks for vulnerabilities found ( #1455 )
...
* enable trivy
* enable docker build
* Add audit fix to patch vulns
* exit success on vulnerabilities found
2021-04-17 14:50:23 -07:00
Zack Koppert
768ab9ac38
Update trivy.yml
2021-04-05 17:00:29 -07:00
Teppei Fukuda
d1c8432796
chore(ci/trivy): replace script with action ( #1355 )
...
* chore: replace script with action
* delete trivy script
* more
Co-authored-by: Admiral Awkbar <admiralawkbar@github.com>
2021-03-11 09:15:07 -06:00
Zack Koppert
35e2d160a4
Add trivy scans for container security ( #1209 )
...
* Create trivy.yml
* Add descriptive names
* Add fs mode to catch package.lock issues
* use script to get around timeout
* use script to get around timeout
* set it
* set it
* update deps
* Align with comment style
* fix headeer
* npm audit fix to patch vulnerabilities
Signed-off-by: Zack Koppert <zkoppert@github.com>
Co-authored-by: Lukas Gravley <admiralawkbar@github.com>
2021-02-17 16:03:30 -06:00