Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/main' into gitlab_tests
Browse files Browse the repository at this point in the history
Signed-off-by: Raghav Kaul <[email protected]>
  • Loading branch information
raghavkaul committed Feb 13, 2023
2 parents ed82cf0 + 93900ac commit 539b412
Show file tree
Hide file tree
Showing 521 changed files with 6,206 additions and 3,677 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2021 Security Scorecard Authors
# Copyright 2021 OpenSSF Scorecard Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -52,17 +52,17 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1
uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout repository
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.3.4
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL

uses: github/codeql-action/init@678fc3afe258fb2e0cdc165ccf77b85719de7b3c # v1
uses: github/codeql-action/init@8775e868027fa230df8586bdf502bbd9b618a477 # v1
with:
languages: ${{ matrix.language }}
queries: +security-extended
Expand All @@ -74,7 +74,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@678fc3afe258fb2e0cdc165ccf77b85719de7b3c # v1
uses: github/codeql-action/autobuild@8775e868027fa230df8586bdf502bbd9b618a477 # v1

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -88,4 +88,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@678fc3afe258fb2e0cdc165ccf77b85719de7b3c # v1
uses: github/codeql-action/analyze@8775e868027fa230df8586bdf502bbd9b618a477 # v1
6 changes: 3 additions & 3 deletions .github/workflows/depsreview.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2021 Security Scorecard Authors
# Copyright 2021 OpenSSF Scorecard Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -22,6 +22,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: 'Dependency Review'
uses: actions/dependency-review-action@11310527b429536e263dc6cc47873e608189ba21
uses: actions/dependency-review-action@c090f4e553673e6e505ea70d6a95362ee12adb94
110 changes: 73 additions & 37 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2021 Security Scorecard Authors
# Copyright 2021 OpenSSF Scorecard Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -18,30 +18,48 @@ permissions:
name: docker-build

on:
push:
branches:
- main
paths-ignore:
- "*.md"
pull_request:
branches:
- main
paths-ignore:
- "*.md"

env:
PROTOC_VERSION: 3.17.3
GO_VERSION: 1.17
GO_VERSION: 1.19

jobs:
docs_only_check:
name: Check for docs-only change
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
docs_only: ${{ steps.docs_only_check.outputs.docs_only }}
steps:
- name: Check out code
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c #v3.3.0
with:
fetch-depth: 2
- id: files
name: Get changed files
uses: tj-actions/changed-files@db3ea27a0cf07135175be5efe7aaf84df6e0e6f0 #v35.5.0
with:
files_ignore: '**.md'
- id: docs_only_check
if: steps.files.outputs.any_changed != 'true'
name: Check for docs-only changes
run: echo "docs_only=true" >> $GITHUB_OUTPUT

scorecard:
name: scorecard-docker
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- docs_only_check
if: (needs.docs_only_check.outputs.docs_only != 'true')
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1
uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

Expand All @@ -52,7 +70,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 #v3.0.11
uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 #v3.2.3
with:
# In order:
# * Module download cache
Expand All @@ -68,11 +86,11 @@ jobs:
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.3.4
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
Expand All @@ -84,9 +102,12 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- docs_only_check
if: (needs.docs_only_check.outputs.docs_only != 'true')
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1
uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

Expand All @@ -97,7 +118,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 #v3.0.11
uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 #v3.2.3
with:
# In order:
# * Module download cache
Expand All @@ -113,11 +134,11 @@ jobs:
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.3.4
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
Expand All @@ -129,9 +150,12 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- docs_only_check
if: (needs.docs_only_check.outputs.docs_only != 'true')
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1
uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

Expand All @@ -142,7 +166,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 #v3.0.11
uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 #v3.2.3
with:
# In order:
# * Module download cache
Expand All @@ -158,11 +182,11 @@ jobs:
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.3.4
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
Expand All @@ -174,9 +198,12 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- docs_only_check
if: (needs.docs_only_check.outputs.docs_only != 'true')
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1
uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

Expand All @@ -187,7 +214,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 #v3.0.11
uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 #v3.2.3
with:
# In order:
# * Module download cache
Expand All @@ -203,11 +230,11 @@ jobs:
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.3.4
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
Expand All @@ -219,9 +246,12 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- docs_only_check
if: (needs.docs_only_check.outputs.docs_only != 'true')
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1
uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

Expand All @@ -232,7 +262,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 #v3.0.11
uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 #v3.2.3
with:
# In order:
# * Module download cache
Expand All @@ -248,11 +278,11 @@ jobs:
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.3.4
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
Expand All @@ -264,9 +294,12 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- docs_only_check
if: (needs.docs_only_check.outputs.docs_only != 'true')
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1
uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

Expand All @@ -277,7 +310,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 #v3.0.11
uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 #v3.2.3
with:
# In order:
# * Module download cache
Expand All @@ -293,11 +326,11 @@ jobs:
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.3.4
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
Expand All @@ -309,9 +342,12 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- docs_only_check
if: (needs.docs_only_check.outputs.docs_only != 'true')
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1
uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

Expand All @@ -322,7 +358,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 #v3.0.11
uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 #v3.2.3
with:
# In order:
# * Module download cache
Expand All @@ -338,11 +374,11 @@ jobs:
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.3.4
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
Expand Down
Loading

0 comments on commit 539b412

Please sign in to comment.