From 598ffdb4d3ffbd2a7c60ea5e440f88bba68801e0 Mon Sep 17 00:00:00 2001 From: Adrian Dischinger <72736591+AdrianDsg@users.noreply.github.com> Date: Thu, 19 Oct 2023 11:09:28 +0000 Subject: [PATCH 1/4] chore(deps): upgrade checkout action --- .../actions-sync-e2e-test-called.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/codeql-analysis.yml | 58 +++++++++---------- .github/workflows/licenced.yml | 4 +- .github/workflows/releases.yml | 4 +- 5 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/actions-sync-e2e-test-called.yml b/.github/workflows/actions-sync-e2e-test-called.yml index 036731c..6222d9d 100644 --- a/.github/workflows/actions-sync-e2e-test-called.yml +++ b/.github/workflows/actions-sync-e2e-test-called.yml @@ -18,7 +18,7 @@ jobs: execute: runs-on: ${{ inputs.runson }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Bootstrap run: | .\script\bootstrap-sanity-test.ps1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8c938fe..7a9526e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Lint run: docker-compose run --rm lint - name: Test diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b10cf4c..97294f8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,12 +13,12 @@ name: "CodeQL" on: push: - branches: [ main ] + branches: [main] pull_request: # The branches below must be a subset of the branches above - branches: [ main ] + branches: [main] schedule: - - cron: '37 14 * * 1' + - cron: "37 14 * * 1" jobs: analyze: @@ -32,39 +32,39 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go' ] + language: ["go"] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - # â„šī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # â„šī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl - # âœī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # âœī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language - #- run: | - # make bootstrap - # make release + #- run: | + # make bootstrap + # make release - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/licenced.yml b/.github/workflows/licenced.yml index 407bc76..6dd7017 100644 --- a/.github/workflows/licenced.yml +++ b/.github/workflows/licenced.yml @@ -10,8 +10,8 @@ jobs: name: Licences Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v1 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 with: go-version: 1.14.1 - uses: jonabc/setup-licensed@v1 diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index 64e59ff..bc833e2 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go @@ -18,7 +18,7 @@ jobs: - name: Set CURRENT_TAG run: echo "GORELEASER_CURRENT_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v3 + uses: goreleaser/goreleaser-action@v5 with: version: latest args: release --clean From e0b006391e3926a6d8ee91189bda5d41868363fd Mon Sep 17 00:00:00 2001 From: Adrian Dischinger <72736591+AdrianDsg@users.noreply.github.com> Date: Thu, 19 Oct 2023 11:09:49 +0000 Subject: [PATCH 2/4] chore: init dependabot.yml config file --- .github/dependabot.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..8b4b177 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily + + # Maintain dependencies for go + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: daily \ No newline at end of file From 4e8dfee7c2366b2a16ad20b3d47f02ae1330fcfe Mon Sep 17 00:00:00 2001 From: Adrian Dischinger <72736591+AdrianDsg@users.noreply.github.com> Date: Wed, 17 Jan 2024 09:07:31 +0000 Subject: [PATCH 3/4] chore: change dependabot schedules to weekly --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8b4b177..1ac9b15 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,10 +4,10 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: daily + interval: weekly # Maintain dependencies for go - package-ecosystem: "gomod" directory: "/" schedule: - interval: daily \ No newline at end of file + interval: weekly \ No newline at end of file From 7b4aa8ae8073c749f88c94d223ead2cb2091fa97 Mon Sep 17 00:00:00 2001 From: Adrian Dischinger <72736591+AdrianDsg@users.noreply.github.com> Date: Wed, 17 Jan 2024 09:12:01 +0000 Subject: [PATCH 4/4] chore(deps): use full commit sha to pin 3rd party actions --- .github/workflows/licenced.yml | 4 ++-- .github/workflows/releases.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/licenced.yml b/.github/workflows/licenced.yml index 6dd7017..8ffade8 100644 --- a/.github/workflows/licenced.yml +++ b/.github/workflows/licenced.yml @@ -14,10 +14,10 @@ jobs: - uses: actions/setup-go@v4 with: go-version: 1.14.1 - - uses: jonabc/setup-licensed@v1 + - uses: jonabc/setup-licensed@53335d677bd13ee176a37f1612fbe030c08c1d2b with: version: 2.x - - uses: jonabc/licensed-ci@v1 + - uses: jonabc/licensed-ci@b092bcc641fecee0b731506cf2736d33c9f47831 with: github_token: ${{ secrets.GITHUB_TOKEN }} workflow: branch diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index bc833e2..0580774 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -18,7 +18,7 @@ jobs: - name: Set CURRENT_TAG run: echo "GORELEASER_CURRENT_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 + uses: goreleaser/goreleaser-action@14707cd26fbb4b6c8abf03fb8ea4eb6c59711a62 with: version: latest args: release --clean