From 9efd21db316af9151311cf0538b01f5de86e203b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Dec 2022 06:54:39 -0800 Subject: [PATCH 01/15] :seedling: Bump ossf/scorecard-action from 2.0.6 to 2.1.1 (#2553) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/99c53751e09b9529366343771cc321ec74e9bd3d...15c10fcf1cf912bd22260bfec67569a359ab87da) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 2d64e8b35f0..403bab279e1 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - name: "Run analysis" - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6 + uses: ossf/scorecard-action@15c10fcf1cf912bd22260bfec67569a359ab87da # v2.1.1 with: results_file: results.sarif results_format: sarif From 376f465c111c39c6a5ad7408e8896cd790cb5219 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Dec 2022 12:02:54 -0800 Subject: [PATCH 02/15] :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#2551) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/11310527b429536e263dc6cc47873e608189ba21...0ff3da6f81b812d4ec3cf37a04e2308c7a723730) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depsreview.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 1958a9cb13c..70eb1a5d0c6 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -24,4 +24,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - name: 'Dependency Review' - uses: actions/dependency-review-action@11310527b429536e263dc6cc47873e608189ba21 + uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 From 7e64b3654e01f4e65059ee92fadfb357486b9fab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Dec 2022 22:50:11 -0800 Subject: [PATCH 03/15] :seedling: Bump golang.org/x/tools from 0.3.0 to 0.4.0 (#2525) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 2b28258523b..d26b898d1d3 100644 --- a/go.mod +++ b/go.mod @@ -34,8 +34,8 @@ require ( github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f go.opencensus.io v0.24.0 gocloud.dev v0.26.0 - golang.org/x/text v0.4.0 - golang.org/x/tools v0.3.0 + golang.org/x/text v0.5.0 + golang.org/x/tools v0.4.0 google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 google.golang.org/protobuf v1.28.1 gopkg.in/yaml.v2 v2.4.0 @@ -81,7 +81,7 @@ require ( github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb // indirect github.com/spdx/tools-golang v0.3.0 // indirect golang.org/x/mod v0.7.0 // indirect - golang.org/x/term v0.2.0 // indirect + golang.org/x/term v0.3.0 // indirect golang.org/x/time v0.1.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect k8s.io/api v0.18.8 // indirect @@ -150,10 +150,10 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect golang.org/x/crypto v0.1.0 // indirect golang.org/x/exp v0.0.0-20221031165847-c99f073a8326 - golang.org/x/net v0.2.0 // indirect + golang.org/x/net v0.3.0 // indirect golang.org/x/oauth2 v0.1.0 // indirect golang.org/x/sync v0.1.0 // indirect - golang.org/x/sys v0.2.0 // indirect + golang.org/x/sys v0.3.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.103.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 93f58c87cf8..8c25258a005 100644 --- a/go.sum +++ b/go.sum @@ -1082,8 +1082,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220401154927-543a649e0bdd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.3.0 h1:VWL6FNY2bEEmsGVKabSlHu5Irp34xmMRoqb/9lF9lxk= +golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1212,14 +1212,14 @@ golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1230,8 +1230,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1311,8 +1311,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.3.0 h1:SrNbZl6ECOS1qFzgTdQfWXZM9XBkiA6tkFrH9YSTPHM= -golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= +golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From c6d76807b76b7b72659525e103d6b1284c7b01b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 08:31:50 -0800 Subject: [PATCH 04/15] :seedling: Bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 (#2563) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.76.0 to 0.77.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.76.0...v0.77.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d26b898d1d3..7f71d1698ea 100644 --- a/go.mod +++ b/go.mod @@ -144,7 +144,7 @@ require ( github.com/sergi/go-diff v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/vbatts/tar-split v0.11.2 // indirect - github.com/xanzy/go-gitlab v0.76.0 + github.com/xanzy/go-gitlab v0.77.0 github.com/xanzy/ssh-agent v0.3.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index 8c25258a005..11a7e627d46 100644 --- a/go.sum +++ b/go.sum @@ -902,8 +902,8 @@ github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlI github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= github.com/vdemeester/k8s-pkg-credentialprovider v1.18.1-0.20201019120933-f1d16962a4db/go.mod h1:grWy0bkr1XO6hqbaaCKaPXqkBVlMGHYG6PGykktwbJc= github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= -github.com/xanzy/go-gitlab v0.76.0 h1:mkmuB27RDVZY/iXR61pEUfIqJ15Iivfu1kc3KZtBICI= -github.com/xanzy/go-gitlab v0.76.0/go.mod h1:d/a0vswScO7Agg1CZNz15Ic6SSvBG9vfw8egL99t4kA= +github.com/xanzy/go-gitlab v0.77.0 h1:UrbGlxkWVCbkpa6Fk6cM8ARh+rLACWemkJnsawT7t98= +github.com/xanzy/go-gitlab v0.77.0/go.mod h1:d/a0vswScO7Agg1CZNz15Ic6SSvBG9vfw8egL99t4kA= github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= From 6bf19d5bdb81e2314e6a87f9212256467348ce92 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Tue, 27 Dec 2022 09:18:25 -0800 Subject: [PATCH 05/15] =?UTF-8?q?=F0=9F=8C=B1=20Switch=20from=20paths-igno?= =?UTF-8?q?re=20to=20changed-files=20action=20to=20skip=20required=20check?= =?UTF-8?q?s.=20(#2566)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Switch from paths-ignore to changed-files action. This allows doc only changes to pass CI, which are currently blocked waiting for these required checks which will never run due to the path filter. Signed-off-by: Spencer Schrock * Pin checkout action. Disable redundant docker build on push to main since cloud build handles the images. Signed-off-by: Spencer Schrock Signed-off-by: Spencer Schrock --- .github/workflows/docker.yml | 52 ++++++++++++++++++++++++++++++------ 1 file changed, 44 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fa8e187a317..a09f6a64292 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -18,27 +18,45 @@ permissions: name: docker-build on: - push: - branches: - - main - paths-ignore: - - "*.md" pull_request: branches: - main - paths-ignore: - - "*.md" env: PROTOC_VERSION: 3.17.3 - GO_VERSION: 1.17 + GO_VERSION: 1.19 jobs: + docs_only_check: + name: Check for docs-only change + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + docs_only: ${{ steps.docs_only_check.outputs.docs_only }} + steps: + - name: Check out code + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.2.0 + with: + fetch-depth: 2 + - id: files + name: Get changed files + uses: tj-actions/changed-files@0626c3f94002c0a9d7491dd7fed7055bbdff6f92 #v35.1.0 + with: + files_ignore: '**.md' + - id: docs_only_check + if: steps.files.outputs.any_changed != 'true' + name: Check for docs-only changes + run: echo "docs_only=true" >> $GITHUB_OUTPUT + scorecard: name: scorecard-docker runs-on: ubuntu-latest permissions: contents: read + needs: + - docs_only_check + if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 @@ -84,6 +102,9 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + needs: + - docs_only_check + if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 @@ -129,6 +150,9 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + needs: + - docs_only_check + if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 @@ -174,6 +198,9 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + needs: + - docs_only_check + if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 @@ -219,6 +246,9 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + needs: + - docs_only_check + if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 @@ -264,6 +294,9 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + needs: + - docs_only_check + if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 @@ -309,6 +342,9 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + needs: + - docs_only_check + if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 From 90cdd988091ba4167ccaf00885f20d3535e432cc Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Tue, 27 Dec 2022 11:31:00 -0800 Subject: [PATCH 06/15] Disable scorecard on PRs (#2571) Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> --- .github/workflows/scorecard-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 403bab279e1..00454144eec 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -7,8 +7,8 @@ on: schedule: # Weekly on Saturdays. - cron: '30 1 * * 6' - pull_request: - branches: [main] +# pull_request: +# branches: [main] permissions: read-all From 4d5cbb45861c8980087195509a44fa3e8b2e7726 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 27 Dec 2022 16:07:04 -0600 Subject: [PATCH 07/15] :bug: Fix Renovate bot typo (#2569) - Fix typo in renovatebot - Fixes https://github.com/ossf/scorecard/issues/2568 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/raw/dependency_update_tool.go | 2 +- e2e/dependency_update_tool_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/checks/raw/dependency_update_tool.go b/checks/raw/dependency_update_tool.go index 2f927269238..a43f83fc107 100644 --- a/checks/raw/dependency_update_tool.go +++ b/checks/raw/dependency_update_tool.go @@ -88,7 +88,7 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin case ".github/renovate.json", ".github/renovate.json5", ".renovaterc.json", "renovate.json", "renovate.json5", ".renovaterc": *ptools = append(*ptools, checker.Tool{ - Name: "Renovabot", + Name: "RenovateBot", URL: asPointer("https://github.com/renovatebot/renovate"), Desc: asPointer("Automated dependency updates. Multi-platform and multi-language."), Files: []checker.File{ diff --git a/e2e/dependency_update_tool_test.go b/e2e/dependency_update_tool_test.go index 79f08131673..a580a6bb933 100644 --- a/e2e/dependency_update_tool_test.go +++ b/e2e/dependency_update_tool_test.go @@ -81,7 +81,7 @@ var _ = Describe("E2E TEST:"+checks.CheckDependencyUpdateTool, func() { } result := checks.DependencyUpdateTool(&req) // New version. - Expect(scut.ValidateTestReturn(nil, "renovabot", &expected, &result, &dl)).Should(BeTrue()) + Expect(scut.ValidateTestReturn(nil, "renovatebot", &expected, &result, &dl)).Should(BeTrue()) Expect(repoClient.Close()).Should(BeNil()) }) }) From cf3a43fa885720b9ef391f9e93aecf97ab1f8bb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Dec 2022 16:20:32 -0800 Subject: [PATCH 08/15] :seedling: Bump ossf/scorecard-action from 2.1.1 to 2.1.2 (#2570) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.1 to 2.1.2. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/15c10fcf1cf912bd22260bfec67569a359ab87da...e38b1902ae4f44df626f11ba0734b14fb91f8f86) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 00454144eec..88ca38f2fd0 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - name: "Run analysis" - uses: ossf/scorecard-action@15c10fcf1cf912bd22260bfec67569a359ab87da # v2.1.1 + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 with: results_file: results.sarif results_format: sarif From 72d4e98978f220de43b9517e648898d431507ba5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Dec 2022 08:53:23 -0600 Subject: [PATCH 09/15] :seedling: Bump tj-actions/changed-files from 35.1.0 to 35.2.0 (#2574) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.1.0 to 35.2.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/0626c3f94002c0a9d7491dd7fed7055bbdff6f92...392359fc8c85be1a8752e9ab6b1ad9e45158b4a9) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index a09f6a64292..00083f210f8 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -41,7 +41,7 @@ jobs: fetch-depth: 2 - id: files name: Get changed files - uses: tj-actions/changed-files@0626c3f94002c0a9d7491dd7fed7055bbdff6f92 #v35.1.0 + uses: tj-actions/changed-files@392359fc8c85be1a8752e9ab6b1ad9e45158b4a9 #v35.2.0 with: files_ignore: '**.md' - id: docs_only_check From 6ff06a378d589a9c7eef631865f6b41bd5085fb2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jan 2023 11:00:51 -0600 Subject: [PATCH 10/15] :seedling: Bump actions/setup-go from 3.3.1 to 3.5.0 (#2575) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1 to 3.5.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/c4a742cab115ed795e34d4513e2cf7d472deb55f...6edd4406fa81c3da01a34fa6f6343087c207a568) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 14 +++++------ .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 2 +- .github/workflows/main.yml | 40 +++++++++++++++--------------- .github/workflows/publishimage.yml | 2 +- 5 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 00083f210f8..603d109d586 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -90,7 +90,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -138,7 +138,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -186,7 +186,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -234,7 +234,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -282,7 +282,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -330,7 +330,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -378,7 +378,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index b747818a299..3886cef80c8 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -40,7 +40,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: 1.19 check-latest: true diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index e3d77983251..2500f97f113 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -48,7 +48,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: setup-go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: '1.19' check-latest: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 62906eb2498..89fb635a0de 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -58,7 +58,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -103,7 +103,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -151,7 +151,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -186,7 +186,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -234,7 +234,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -282,7 +282,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -330,7 +330,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -378,7 +378,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -426,7 +426,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -474,7 +474,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -522,7 +522,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -570,7 +570,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -618,7 +618,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -666,7 +666,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -714,7 +714,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -749,7 +749,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -786,7 +786,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -833,7 +833,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -868,7 +868,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -894,7 +894,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 8dc2ef13530..c2e0e332f71 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -44,7 +44,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 with: go-version: ${{ env.GO_VERSION }} check-latest: true From 7c0edac8fb138782f5322b303e675a2f359cae91 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Jan 2023 11:14:36 -0600 Subject: [PATCH 11/15] :seedling: Bump nick-invision/retry from 2.8.2 to 2.8.3 (#2576) Bumps [nick-invision/retry](https://github.com/nick-invision/retry) from 2.8.2 to 2.8.3. - [Release notes](https://github.com/nick-invision/retry/releases) - [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js) - [Commits](https://github.com/nick-invision/retry/compare/3e91a01664abd3c5cd539100d10d33b9c5b68482...943e742917ac94714d2f408a0e8320f2d1fcafcd) --- updated-dependencies: - dependency-name: nick-invision/retry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/integration.yml | 4 ++-- .github/workflows/main.yml | 34 +++++++++++++++--------------- .github/workflows/publishimage.yml | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 2500f97f113..c4739fc0fa6 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -58,7 +58,7 @@ jobs: go mod download - name: Run GITHUB_TOKEN E2E #using retry because the GitHub token is being throttled. - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd env: GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLAB_AUTH_TOKEN: ${{ secrets.GITLAB_TOKEN }} @@ -69,7 +69,7 @@ jobs: command: make e2e-gh-token - name: Run PAT E2E #using retry because the GitHub token is being throttled. - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd env: GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }} with: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 89fb635a0de..5dcaa10743c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -109,7 +109,7 @@ jobs: check-latest: true cache: true - name: generate mocks - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -157,7 +157,7 @@ jobs: check-latest: true cache: true - name: generate docs - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -192,7 +192,7 @@ jobs: check-latest: true cache: true - name: build-proto - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -240,7 +240,7 @@ jobs: check-latest: true cache: true - name: Run build - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -288,7 +288,7 @@ jobs: check-latest: true cache: true - name: build cron - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -336,7 +336,7 @@ jobs: check-latest: true cache: true - name: build worker - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -384,7 +384,7 @@ jobs: check-latest: true cache: true - name: build cii-worker - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -432,7 +432,7 @@ jobs: check-latest: true cache: true - name: build shuffler - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -480,7 +480,7 @@ jobs: check-latest: true cache: true - name: build bq transfer - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -528,7 +528,7 @@ jobs: check-latest: true cache: true - name: build bq transfer - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -576,7 +576,7 @@ jobs: check-latest: true cache: true - name: build webhook - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -624,7 +624,7 @@ jobs: check-latest: true cache: true - name: build-add-script - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -672,7 +672,7 @@ jobs: check-latest: true cache: true - name: build-validate-script - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -720,7 +720,7 @@ jobs: check-latest: true cache: true - name: build-validate-script - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -792,7 +792,7 @@ jobs: check-latest: true cache: true - name: Run build - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -839,7 +839,7 @@ jobs: check-latest: true cache: true - name: Run build - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error @@ -874,7 +874,7 @@ jobs: check-latest: true cache: true - name: Run build - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index c2e0e332f71..ce27ed16b01 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -51,7 +51,7 @@ jobs: - name: install ko uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa - name: publishimage - uses: nick-invision/retry@3e91a01664abd3c5cd539100d10d33b9c5b68482 + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: max_attempts: 3 retry_on: error From 1d15e9c7484bcf677b644c2ea7497d06d7e8215f Mon Sep 17 00:00:00 2001 From: Mike Maraya Date: Thu, 5 Jan 2023 11:00:35 -0800 Subject: [PATCH 12/15] classic personal access tokens required (#2565) Clarified that classic personal access tokens, not fine-grained ones, are needed for scorecard to work. Signed-off-by: Mike Maraya Signed-off-by: Mike Maraya --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c7f9b62b848..0e63a41822e 100644 --- a/README.md +++ b/README.md @@ -228,7 +228,7 @@ requests before running Scorecard. There are two ways to authenticate your requests: either create a GitHub personal access token, or create a GitHub App Installation. -- [Create a GitHub personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). +- [Create a classic GitHub personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic). When creating the personal access token, we suggest you choose the `public_repo` scope. Set the token in an environment variable called `GITHUB_AUTH_TOKEN`, `GITHUB_TOKEN`, `GH_AUTH_TOKEN` or `GH_TOKEN` using the From a2bc29a7a384192f4750897d27211646524791e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Jan 2023 17:04:10 +0000 Subject: [PATCH 13/15] :seedling: Bump actions/checkout from 3.2.0 to 3.3.0 (#2583) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/755da8c3cf115ac066823e79a1e1788f8940201b...ac593985615ec2ede58e132d2e21d2b1cbd6127c) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/depsreview.yml | 2 +- .github/workflows/docker.yml | 16 +++++----- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 2 +- .github/workflows/main.yml | 40 ++++++++++++------------ .github/workflows/publishimage.yml | 2 +- .github/workflows/scorecard-analysis.yml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 9 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 19d527323cd..0c7527c6e64 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 70eb1a5d0c6..39eb62d5e68 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -22,6 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - name: 'Dependency Review' uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 603d109d586..5dd43d9be23 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,7 +36,7 @@ jobs: docs_only: ${{ steps.docs_only_check.outputs.docs_only }} steps: - name: Check out code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.2.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c #v3.3.0 with: fetch-depth: 2 - id: files @@ -86,7 +86,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -134,7 +134,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 3886cef80c8..d361fc600ce 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -36,7 +36,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Set up Go diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index c4739fc0fa6..8918b68427a 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -43,7 +43,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: pull_request actions/checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5dcaa10743c..915dbca0ef4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -54,7 +54,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -99,7 +99,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -147,7 +147,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -422,7 +422,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -470,7 +470,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -518,7 +518,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -566,7 +566,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -614,7 +614,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -662,7 +662,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -710,7 +710,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -745,7 +745,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -782,7 +782,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -829,7 +829,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -864,7 +864,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -893,7 +893,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index ce27ed16b01..e154af107d8 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -40,7 +40,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 88ca38f2fd0..7e2db3f07a7 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - name: "Run analysis" uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index 86cd6c0c5f6..e8613250899 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -15,7 +15,7 @@ jobs: ldflags: ${{ steps.ldflags.outputs.value }} steps: - id: checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v2.3.4 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 with: fetch-depth: 0 - id: ldflags From be695d10dc7728eda31df122cbd45d42cb294e6b Mon Sep 17 00:00:00 2001 From: Gabriela Gutierrez Date: Fri, 6 Jan 2023 16:16:30 -0300 Subject: [PATCH 14/15] =?UTF-8?q?=F0=9F=90=9B=20=20Add=20wasm=20files=20as?= =?UTF-8?q?=20binary=20artifacts=20(#2548)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: Add wasm files to binary check Signed-off-by: Gabriela Gutierrez * test: Add wasm to binary check Signed-off-by: Gabriela Gutierrez * chore: Automatic projects update Signed-off-by: Gabriela Gutierrez * Revert "chore: Automatic projects update" This reverts commit 99fb2af9b4172c974cca19e7b7f587c1cbbeed3a. Signed-off-by: Gabriela Gutierrez Signed-off-by: Gabriela Gutierrez --- checks/raw/binary_artifact.go | 1 + checks/raw/binary_artifact_test.go | 9 +++++++++ checks/testdata/binaryartifacts/wasms/simple.wasm | Bin 0 -> 78 bytes 3 files changed, 10 insertions(+) create mode 100644 checks/testdata/binaryartifacts/wasms/simple.wasm diff --git a/checks/raw/binary_artifact.go b/checks/raw/binary_artifact.go index a5c8404d7c7..04997f4cc16 100644 --- a/checks/raw/binary_artifact.go +++ b/checks/raw/binary_artifact.go @@ -133,6 +133,7 @@ var checkBinaryFileContent fileparser.DoWhileTrueOnFileContent = func(path strin "pyo": true, "par": true, "rpm": true, + "wasm": true, "whl": true, } var t types.Type diff --git a/checks/raw/binary_artifact_test.go b/checks/raw/binary_artifact_test.go index 2f29599ac6a..92181c8a45d 100644 --- a/checks/raw/binary_artifact_test.go +++ b/checks/raw/binary_artifact_test.go @@ -41,6 +41,15 @@ func TestBinaryArtifacts(t *testing.T) { getFileContentCount int expect int }{ + { + name: "Wasm file", + err: nil, + files: [][]string{ + {"../testdata/binaryartifacts/wasms/simple.wasm"}, + }, + getFileContentCount: 1, + expect: 1, + }, { name: "Jar file", err: nil, diff --git a/checks/testdata/binaryartifacts/wasms/simple.wasm b/checks/testdata/binaryartifacts/wasms/simple.wasm new file mode 100644 index 0000000000000000000000000000000000000000..a2e9ad6acbc70204dba743dd5064f0afab5a6e38 GIT binary patch literal 78 zcmZQbEY4+QU|?Y6U`k-DXGmaRV3K5H&&(~zFDfbKh0v)f@oA-b$qWq4OpJ`|f{eVW U6(DJtFe4WSBO8OGmH-1c0JS<1egFUf literal 0 HcmV?d00001 From 78d09039266eb47bee7f1001508bdc0d213ad2cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Jan 2023 20:36:46 +0000 Subject: [PATCH 15/15] :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2573) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.13.1 to 1.14.0. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.13.1...v1.14.0) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 25 ++++++++++++----------- tools/go.sum | 56 +++++++++++++++++++++++++++++++--------------------- 2 files changed, 47 insertions(+), 34 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 2a40ead432a..db3860d89f7 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -7,7 +7,7 @@ require ( github.com/golangci/golangci-lint v1.50.1 github.com/google/addlicense v1.1.0 github.com/google/ko v0.11.3-0.20220812194550-f9b4471f654a - github.com/goreleaser/goreleaser v1.13.1 + github.com/goreleaser/goreleaser v1.14.0 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.5.1 google.golang.org/protobuf v1.28.1 @@ -46,7 +46,7 @@ require ( github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect - github.com/Masterminds/semver/v3 v3.1.1 // indirect + github.com/Masterminds/semver/v3 v3.2.0 // indirect github.com/Masterminds/sprig v2.22.0+incompatible // indirect github.com/Microsoft/go-winio v0.5.2 // indirect github.com/OpenPeeDeeP/depguard v1.1.1 // indirect @@ -58,7 +58,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/ashanbrown/forbidigo v1.3.0 // indirect github.com/ashanbrown/makezero v1.1.1 // indirect - github.com/atc0005/go-teams-notify/v2 v2.6.1 // indirect + github.com/atc0005/go-teams-notify/v2 v2.7.0 // indirect github.com/aws/aws-sdk-go v1.44.93 // indirect github.com/aws/aws-sdk-go-v2 v1.16.14 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.4 // indirect @@ -97,7 +97,7 @@ require ( github.com/caarlos0/env/v6 v6.10.1 // indirect github.com/caarlos0/go-reddit/v3 v3.0.1 // indirect github.com/caarlos0/go-shellwords v1.0.12 // indirect - github.com/caarlos0/log v0.1.10 // indirect + github.com/caarlos0/log v0.2.1 // indirect github.com/cavaliergopher/cpio v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.1.3 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -113,10 +113,11 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/denis-tingaikin/go-header v0.4.3 // indirect github.com/dghubble/go-twitter v0.0.0-20220716041154-837915ec2f79 // indirect - github.com/dghubble/oauth1 v0.7.1 // indirect + github.com/dghubble/oauth1 v0.7.2 // indirect github.com/dghubble/sling v1.4.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/disgoorg/disgo v0.13.21 // indirect + github.com/disgoorg/disgo v0.14.1 // indirect + github.com/disgoorg/json v1.0.0 // indirect github.com/disgoorg/log v1.2.0 // indirect github.com/disgoorg/snowflake/v2 v2.0.1 // indirect github.com/docker/cli v20.10.17+incompatible // indirect @@ -178,7 +179,7 @@ require ( github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/go-containerregistry v0.11.0 // indirect - github.com/google/go-github/v48 v48.1.0 // indirect + github.com/google/go-github/v48 v48.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/pprof v0.0.0-20220729232143-a41b82acbcb1 // indirect github.com/google/uuid v1.3.0 // indirect @@ -188,7 +189,7 @@ require ( github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 // indirect github.com/goreleaser/chglog v0.2.2 // indirect github.com/goreleaser/fileglob v1.3.0 // indirect - github.com/goreleaser/nfpm/v2 v2.22.1 // indirect + github.com/goreleaser/nfpm/v2 v2.22.2 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/gostaticanalysis/analysisutil v0.7.1 // indirect github.com/gostaticanalysis/comment v1.4.2 // indirect @@ -293,7 +294,7 @@ require ( github.com/sivchari/containedctx v1.0.2 // indirect github.com/sivchari/nosnakecase v1.7.0 // indirect github.com/sivchari/tenv v1.7.0 // indirect - github.com/slack-go/slack v0.11.4 // indirect + github.com/slack-go/slack v0.12.1 // indirect github.com/sonatard/noctx v0.0.1 // indirect github.com/sourcegraph/go-diff v0.6.1 // indirect github.com/spf13/afero v1.9.2 // indirect @@ -317,13 +318,13 @@ require ( github.com/tomarrell/wrapcheck/v2 v2.7.0 // indirect github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect - github.com/ulikunitz/xz v0.5.10 // indirect + github.com/ulikunitz/xz v0.5.11 // indirect github.com/ultraware/funlen v0.0.3 // indirect github.com/ultraware/whitespace v0.0.5 // indirect github.com/uudashr/gocognit v1.0.6 // indirect github.com/vbatts/tar-split v0.11.2 // indirect github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 // indirect - github.com/xanzy/go-gitlab v0.74.0 // indirect + github.com/xanzy/go-gitlab v0.77.0 // indirect github.com/xanzy/ssh-agent v0.3.1 // indirect github.com/yagipy/maintidx v1.0.0 // indirect github.com/yeya24/promlinter v0.2.0 // indirect @@ -345,7 +346,7 @@ require ( golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde // indirect golang.org/x/sys v0.2.0 // indirect golang.org/x/term v0.1.0 // indirect - golang.org/x/text v0.4.0 // indirect + golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect golang.org/x/tools v0.2.0 // indirect golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect diff --git a/tools/go.sum b/tools/go.sum index 65296aaebd2..c2b13f4ebbc 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -261,8 +261,9 @@ github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3Q github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= +github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= @@ -297,6 +298,7 @@ github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5 github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= +github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= @@ -409,8 +411,8 @@ github.com/ashanbrown/forbidigo v1.3.0/go.mod h1:vVW7PEdqEFqapJe95xHkTfB1+XvZXBF github.com/ashanbrown/makezero v0.0.0-20210520155254-b6261585ddde/go.mod h1:oG9Dnez7/ESBqc4EdrdNlryeo7d0KcW1ftXHm7nU/UU= github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s= github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI= -github.com/atc0005/go-teams-notify/v2 v2.6.1 h1:t22ybzQuaQs4UJe4ceF5VYGsPhs6ir3nZOId/FBy6Go= -github.com/atc0005/go-teams-notify/v2 v2.6.1/go.mod h1:xo6GejLDHn3tWBA181F8LrllIL0xC1uRsRxq7YNXaaY= +github.com/atc0005/go-teams-notify/v2 v2.7.0 h1:yRKblRTM/v+FnbibPAQiBcgT+aUBn/8zj9E/UxBdIRg= +github.com/atc0005/go-teams-notify/v2 v2.7.0/go.mod h1:nJeYAr8U1KtT376MUHHiy47nqy/4Mn0UR8veVQxdMcM= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= @@ -638,8 +640,8 @@ github.com/caarlos0/go-reddit/v3 v3.0.1/go.mod h1:QlwgmG5SAqxMeQvg/A2dD1x9cIZCO5 github.com/caarlos0/go-rpmutils v0.2.1-0.20211112020245-2cd62ff89b11 h1:IRrDwVlWQr6kS1U8/EtyA1+EHcc4yl8pndcqXWrEamg= github.com/caarlos0/go-shellwords v1.0.12 h1:HWrUnu6lGbWfrDcFiHcZiwOLzHWjjrPVehULaTFgPp8= github.com/caarlos0/go-shellwords v1.0.12/go.mod h1:bYeeX1GrTLPl5cAMYEzdm272qdsQAZiaHgeF0KTk1Gw= -github.com/caarlos0/log v0.1.10 h1:kHKiXTKEeK019o7QQWXRbHVKFrYYljxuQ7vF2taEA3M= -github.com/caarlos0/log v0.1.10/go.mod h1:BLxpdZKXvWBjB6fshua4c8d7ApdYjypEDok6ibt+pXk= +github.com/caarlos0/log v0.2.1 h1:E5vf0Sg24tUbrGanknDu2UH0CZq6cCColThb8gTQnHQ= +github.com/caarlos0/log v0.2.1/go.mod h1:BLxpdZKXvWBjB6fshua4c8d7ApdYjypEDok6ibt+pXk= github.com/caarlos0/sshmarshal v0.0.0-20220308164159-9ddb9f83c6b3 h1:w2ANoiT4ubmh4Nssa3/QW1M7lj3FZkma8f8V5aBDxXM= github.com/caarlos0/testfs v0.4.4 h1:3PHvzHi5Lt+g332CiShwS8ogTgS3HjrmzZxCm6JCDr8= github.com/caarlos0/testfs v0.4.4/go.mod h1:bRN55zgG4XCUVVHZCeU+/Tz1Q6AxEJOEJTliBy+1DMk= @@ -770,6 +772,7 @@ github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk= +github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= @@ -892,8 +895,8 @@ github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936/go.mod github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dghubble/go-twitter v0.0.0-20220716041154-837915ec2f79 h1:Z9wtGrNgCDhG7u+hVTlcBl9jeNdSfqzvg3piJNR4VX0= github.com/dghubble/go-twitter v0.0.0-20220716041154-837915ec2f79/go.mod h1:q7VYuSasPO79IE/QBNAMYVNlzZNy4Zr7vay6is50u5I= -github.com/dghubble/oauth1 v0.7.1 h1:JjbOVSVVkms9A4h/sTQy5Jb2nFuAAVb2qVYgenJPyrE= -github.com/dghubble/oauth1 v0.7.1/go.mod h1:0eEzON0UY/OLACQrmnjgJjmvCGXzjBCsZqL1kWDXtF0= +github.com/dghubble/oauth1 v0.7.2 h1:pwcinOZy8z6XkNxvPmUDY52M7RDPxt0Xw1zgZ6Cl5JA= +github.com/dghubble/oauth1 v0.7.2/go.mod h1:9erQdIhqhOHG/7K9s/tgh9Ks/AfoyrO5mW/43Lu2+kE= github.com/dghubble/sling v1.4.0 h1:/n8MRosVTthvMbwlNZgLx579OGVjUOy3GNEv5BIqAWY= github.com/dghubble/sling v1.4.0/go.mod h1:0r40aNsU9EdDUVBNhfCstAtFgutjgJGYbO1oNzkMoM8= github.com/dgraph-io/badger/v3 v3.2103.2/go.mod h1:RHo4/GmYcKKh5Lxu63wLEMHJ70Pac2JqZRYGhlyAo2M= @@ -911,8 +914,10 @@ github.com/digitalocean/godo v1.81.0/go.mod h1:BPCqvwbjbGqxuUnIKB4EvS/AX7IDnNmt5 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/disgoorg/disgo v0.13.21 h1:mapasORJIZWGMcsAxTzosIHfBlx39g2KLbY/OJlJn3A= -github.com/disgoorg/disgo v0.13.21/go.mod h1:VpRp9ifKNcQ05mgIx9l5oU4TADysXUGmNx9iHM9/DpA= +github.com/disgoorg/disgo v0.14.1 h1:J1GoRZfbCPFcNd3OH+W3XbAVEdvV3kVAoNqJrPjzY1I= +github.com/disgoorg/disgo v0.14.1/go.mod h1:YiVpXSmyXLRalYQHTHUFWEQvolCNzw0zh6nfug07b/M= +github.com/disgoorg/json v1.0.0 h1:kDhSM661fgIuNoZF3BO5/odaR5NSq80AWb937DH+Pdo= +github.com/disgoorg/json v1.0.0/go.mod h1:BHDwdde0rpQFDVsRLKhma6Y7fTbQKub/zdGO5O9NqqA= github.com/disgoorg/log v1.2.0 h1:sqlXnu/ZKAlIlHV9IO+dbMto7/hCQ474vlIdMWk8QKo= github.com/disgoorg/log v1.2.0/go.mod h1:3x1KDG6DI1CE2pDwi3qlwT3wlXpeHW/5rVay+1qDqOo= github.com/disgoorg/snowflake/v2 v2.0.1 h1:CuUxGLwggUxEswZOmZ+mZ5i0xSumQdXW9tXW7uGqe+0= @@ -1413,8 +1418,8 @@ github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PH github.com/google/go-containerregistry v0.11.0/go.mod h1:BBaYtsHPHA42uEgAvd/NejvAfPSlz281sJWqupjSxfk= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-github/v45 v45.2.0/go.mod h1:FObaZJEDSTa/WGCzZ2Z3eoCDXWJKMenWWTrd8jrta28= -github.com/google/go-github/v48 v48.1.0 h1:nqPqq+0oRY2AMR/SRskGrrP4nnewPB7e/m2+kbT/UvM= -github.com/google/go-github/v48 v48.1.0/go.mod h1:dDlehKBDo850ZPvCTK0sEqTCVWcrGl2LcDiajkYi89Y= +github.com/google/go-github/v48 v48.2.0 h1:68puzySE6WqUY9KWmpOsDEQfDZsso98rT6pZcz9HqcE= +github.com/google/go-github/v48 v48.2.0/go.mod h1:dDlehKBDo850ZPvCTK0sEqTCVWcrGl2LcDiajkYi89Y= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= @@ -1465,6 +1470,7 @@ github.com/google/pprof v0.0.0-20220729232143-a41b82acbcb1/go.mod h1:gSuNB+gJaOi github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= github.com/google/rpmpack v0.0.0-20210518075352-dc539ef4f2ea/go.mod h1:+y9lKiqDhR4zkLl+V9h4q0rdyrYVsWWm6LLCQP33DIk= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/tink/go v1.7.0/go.mod h1:GAUOd+QE3pgj9q8VKIGTCP33c/B7eb4NhxLcgTJZStM= @@ -1515,11 +1521,11 @@ github.com/goreleaser/chglog v0.2.2/go.mod h1:2s5JwtCOWjZa8AIneL+xdUl9SRuigCjRHN github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= -github.com/goreleaser/goreleaser v1.13.1 h1:9yTCn5UE3+1wNtVB3ybUAwjioLq79UyfGz8D+iPOcRk= -github.com/goreleaser/goreleaser v1.13.1/go.mod h1:JFjB/kuTGFwpL3o9ix09K1ctGpABCk/xGIdoVDr0AJw= +github.com/goreleaser/goreleaser v1.14.0 h1:UeF67AkJAYiPgw1GWWjLC/1TsiUrR7ciOwbyFeoINQg= +github.com/goreleaser/goreleaser v1.14.0/go.mod h1:yFKr4PpVOROokKB3gRVOmTD8oWnciPnMAuHQPwPe7vE= github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= -github.com/goreleaser/nfpm/v2 v2.22.1 h1:S5ShUIQYIB4uUiJmBy7S0w5SvZ2CwqBOvXNvRGnO6XE= -github.com/goreleaser/nfpm/v2 v2.22.1/go.mod h1:c5/coiBdrKNdXXgKnSCrqSk8OtltpGwJ2woU/8EtHD4= +github.com/goreleaser/nfpm/v2 v2.22.2 h1:K/how1xpNJC4xHpgMKQwE46iJp8+h0iTxWhhMYizhAA= +github.com/goreleaser/nfpm/v2 v2.22.2/go.mod h1:nW+gTJ38KmCvVlceNVFmCiNteF/WU22VpXee7PhDukY= github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75/go.mod h1:g2644b03hfBX9Ov0ZBDgXXens4rxSxmqFBbhvKv2yVA= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= @@ -2235,6 +2241,7 @@ github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rm github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= +github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw= github.com/opencontainers/runc v1.1.2/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -2257,6 +2264,7 @@ github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxS github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/ory/dockertest/v3 v3.9.1 h1:v4dkG+dlu76goxMiTT2j8zV7s4oPPEppKT8K8p2f1kY= github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= @@ -2525,8 +2533,8 @@ github.com/sivchari/tenv v1.4.7/go.mod h1:5nF+bITvkebQVanjU6IuMbvIot/7ReNsUV7I5N github.com/sivchari/tenv v1.7.0 h1:d4laZMBK6jpe5PWepxlV9S+LC0yXqvYHiq8E6ceoVVE= github.com/sivchari/tenv v1.7.0/go.mod h1:64yStXKSOxDfX47NlhVwND4dHwfZDdbp2Lyl018Icvg= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= -github.com/slack-go/slack v0.11.4 h1:ojSa7KlPm3PqY2AomX4VTxEsK5eci5JaxCjlzGV5zoM= -github.com/slack-go/slack v0.11.4/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw= +github.com/slack-go/slack v0.12.1 h1:X97b9g2hnITDtNsNe5GkGx6O2/Sz/uC20ejRZN6QxOw= +github.com/slack-go/slack v0.12.1/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= @@ -2703,8 +2711,9 @@ github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4A github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= +github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ultraware/funlen v0.0.3 h1:5ylVWm8wsNwH5aWo9438pwvsK0QiqVuUrt9bn7S/iLA= github.com/ultraware/funlen v0.0.3/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= @@ -2753,8 +2762,8 @@ github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1/go.mod h1:nmuySo github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/go-gitlab v0.73.1/go.mod h1:d/a0vswScO7Agg1CZNz15Ic6SSvBG9vfw8egL99t4kA= -github.com/xanzy/go-gitlab v0.74.0 h1:Ha1cokbjn0PXy6B19t3W324dwM4AOT52fuHr7nERPrc= -github.com/xanzy/go-gitlab v0.74.0/go.mod h1:d/a0vswScO7Agg1CZNz15Ic6SSvBG9vfw8egL99t4kA= +github.com/xanzy/go-gitlab v0.77.0 h1:UrbGlxkWVCbkpa6Fk6cM8ARh+rLACWemkJnsawT7t98= +github.com/xanzy/go-gitlab v0.77.0/go.mod h1:d/a0vswScO7Agg1CZNz15Ic6SSvBG9vfw8egL99t4kA= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= github.com/xanzy/ssh-agent v0.3.1 h1:AmzO1SSWxw73zxFZPRwaMN1MohDw8UyHnmuxyceTEGo= @@ -2765,9 +2774,12 @@ github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23n github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= +github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= @@ -3458,8 +3470,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b/go.mod h1:EFNZuWvGYxIRUEX+K8UmCFwYmZjqcrnq15ZuVldZkZ0= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=