dependabot[bot]
5bc2afbbb6
build(deps): bump the actions-deps group with 6 updates ( #7142 )
...
Bumps the actions-deps group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner ) | `2.12.1` | `2.13.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.6.1` | `4.6.2` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `e9a05e6d32d7ed22b5656cd874ef31af58d05bfa` | `d58896d6a1865668819e1d91763c7751a165e159` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.20.1` | `0.20.4` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) | `2.4.1` | `2.4.2` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.29.0` | `3.29.4` |
Updates `step-security/harden-runner` from 2.12.1 to 2.13.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](002fdce3c6...ec9f2d5744https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...ea165f8d65b6e75b540449e92b4886f43607fa02 )
Updates `sigstore/cosign-installer` from e9a05e6d32d7ed22b5656cd874ef31af58d05bfa to d58896d6a1865668819e1d91763c7751a165e159
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](e9a05e6d32...d58896d6a1https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](9246b90769...7b36ad622fhttps://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](f49aabe0b5...05b42c6244https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ce28f5bb42...4e828ff8d4
2025-08-01 04:34:14 +03:00
Mohammed Al Sahaf
2f0fc62b34
chore: apply security best practices for CI ( #7066 )
...
* chore: apply security best practices for CI
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* remove redundant codeql job
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* run scorecard flow on PRs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-06-16 20:14:09 +00:00
Mohammed Al Sahaf
7a33f481f1
ci: add dep review, OSSF scorecard actions ( #7063 )
...
* ci: add dep review action
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* sprinkle permissions on Actions jobs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* README: add OpenSSF best practices badge
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* add draft OpenSSF Scorecard workflow
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-06-12 23:40:51 +00:00
dependabot[bot]
223f314331
build(deps): bump peter-evans/repository-dispatch from 2 to 3 ( #6080 )
...
Bumps [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch ) from 2 to 3.
- [Release notes](https://github.com/peter-evans/repository-dispatch/releases )
- [Commits](https://github.com/peter-evans/repository-dispatch/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: peter-evans/repository-dispatch
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 18:34:40 -05:00
Marten Seemann
f45a6de20d
go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum ( #5644 )
...
* update quic-go to v0.37.0
* Bump to Go 1.20
* Bump golangci-lint version, yml syntax consistency
* Use skip-pkg-cache workaround
* Workaround needed for both?
* Seeding weakrand is no longer necessary
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-07-21 22:00:48 -06:00
dependabot[bot]
cd49847edb
build(deps): bump peter-evans/repository-dispatch from 1 to 2 ( #5261 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 18:44:54 -05:00
Francis Lavoie
2d0f8831f8
ci: Fix another oops with publish workflow ( #3536 )
2020-06-30 15:36:17 -04:00
Francis Lavoie
caca55e582
ci: Fix release publish trigger ( #3524 )
...
Looks like event payloads need to be prefixed with `github.event` to get the actual payload contents. Didn't dig deep enough.
https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#github-context
2020-06-26 16:00:54 -04:00
Francis Lavoie
7211101c52
ci: Fix gemfury upload condition, move triggers to publish event ( #3483 )
2020-06-08 12:21:20 -06:00
