dependabot[bot]
5f7b4f2416
chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1 ( #1223 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.0 to 3.15.1.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](bdc6f9de22...fbd6aa58ba
2023-04-12 10:55:31 -04:00
dependabot[bot]
4b773c583e
chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11 ( #1225 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
2023-04-12 10:54:35 -04:00
dependabot[bot]
01cbc98198
chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 ( #1219 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.4 to 5.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](38e0b6e68b...5b4a9f6a9e
2023-04-05 19:07:58 -04:00
dependabot[bot]
537c47735c
chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1 ( #1214 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.4 to 0.14.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](448520c4f1...422cb34a0f
2023-04-03 14:35:56 -04:00
Keith Zantow
b9e40306d2
chore: update syft update ( #1211 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 10:28:53 -04:00
Keith Zantow
f40b5d43ab
chore: update deprecated set-output calls ( #1210 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 09:36:18 -04:00
dependabot[bot]
e5cb58f597
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 ( #1205 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
2023-03-31 09:39:00 -04:00
dependabot[bot]
fe76eb9efc
chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 ( #1197 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](67a35a0858...04df1262e6
2023-03-27 12:51:20 -04:00
dependabot[bot]
4ac94147a4
chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 ( #1193 )
2023-03-24 07:49:13 -04:00
Keith Zantow
c1bc54f943
chore: tweak some workflow text ( #1190 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-03-21 11:09:10 -04:00
dependabot[bot]
568b504a7e
chore(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 ( #1184 )
2023-03-21 09:51:27 -04:00
dependabot[bot]
e8fa509e72
chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4 ( #1189 )
2023-03-21 09:50:56 -04:00
dependabot[bot]
96cbcad484
chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 ( #1182 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...4d34df0c23
2023-03-15 17:19:41 -04:00
dependabot[bot]
0cc8b9e4f6
chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7 ( #1183 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.5 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](32dc499307...168b99b3c2
2023-03-15 17:19:12 -04:00
Christopher Angelo Phillips
5754360376
Grype Release Pipeline Update ( #1147 )
...
- Remove old apple signing flow in favor of [quill](https://github.com/anchore/quill )
- Update changelog generation to be in sync with syft's flow
- Remove old goreleaser docker workflow in favor of single file
- Remove individual bootstrap options in favor of single bootstrap action
- Update release and validation workflows to use trigger based approach seen in syft
- Update golangci.yaml to be equivalent to syft patterns
- Remove unused Dockerfile.dev
- Remove docker-compose development cycle
- Add organized test-fixture Makefile targets
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-03-03 21:17:44 +00:00
dependabot[bot]
3e04d32706
chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 ( #1145 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](17573ee1cc...32dc499307
2023-02-27 12:24:47 -05:00
dependabot[bot]
4d36e3706e
chore(deps): bump actions/cache from 3.2.5 to 3.2.6 ( #1143 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](6998d139dd...69d9d449ac
2023-02-24 15:10:19 -05:00
dependabot[bot]
39b9138327
chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 ( #1131 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8775e86802...17573ee1cc
2023-02-14 10:16:58 -05:00
dependabot[bot]
0ccd5930c4
chore(deps): bump actions/cache from 3.2.4 to 3.2.5 ( #1129 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](627f0f41f6...6998d139dd
2023-02-10 13:20:12 -05:00
dependabot[bot]
89b996b41b
chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 ( #1125 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.1 to 2.2.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ebbd71c74...8775e86802
2023-02-09 11:28:48 -05:00
Christopher Angelo Phillips
788ed965ec
chore: prune cosign dependency for grype builds ( #1100 )
...
* feat: segment cosign dependency for grype builds for faster build times
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-01-31 11:42:40 -05:00
dependabot[bot]
8545f2e686
chore(deps): bump actions/cache from 3.2.3 to 3.2.4 ( #1107 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.3 to 3.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](58c146cc91...627f0f41f6
2023-01-30 11:36:45 -05:00
dependabot[bot]
e8796d5783
chore(deps): bump actions/cache from 3.0.11 to 3.2.3 ( #1096 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.11 to 3.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](9b0c1fce7a...58c146cc91
2023-01-27 10:54:58 -05:00
dependabot[bot]
8ebf97cedc
chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 ( #1097 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...3ebbd71c74
2023-01-27 10:54:34 -05:00
dependabot[bot]
3c3675f0dd
chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 ( #1098 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.2 to 0.13.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](54e36e45f3...07978da4bd
2023-01-27 10:51:13 -05:00
dependabot[bot]
c89fa42552
chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 ( #1099 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](021a2405c7...b62528385c
2023-01-27 10:50:16 -05:00
dependabot[bot]
48db63a05e
chore(deps): bump actions/checkout from 3.1.0 to 3.3.0 ( #1090 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.1.0...ac593985615ec2ede58e132d2e21d2b1cbd6127c )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 18:39:09 +00:00
dependabot[bot]
5ff488a250
chore(deps): bump 8398a7/action-slack from 3.14.0 to 3.15.0 ( #1088 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.14.0 to 3.15.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](a189acbf0b...bdc6f9de22
2023-01-26 13:06:47 -05:00
dependabot[bot]
1ac4289432
chore(deps): bump peter-evans/create-pull-request from 4.2.0 to 4.2.3 ( #1089 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.0 to 4.2.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](b4d51739f9...2b011faafd
2023-01-26 13:06:01 -05:00
dependabot[bot]
752b0d470f
chore(deps): bump actions/setup-go from 3.3.1 to 3.5.0 ( #1091 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.3.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](c4a742cab1...6edd4406fa
2023-01-26 13:05:20 -05:00
dependabot[bot]
e15412dc44
chore(deps): bump github/codeql-action from 2.1.31 to 2.1.39 ( #1092 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.31 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2.1.31...a34ca99b4610d924e04c68db79e503e1f79f9f02 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 13:04:56 -05:00
dependabot[bot]
4ebe182655
chore(deps): bump actions/setup-python from 4.3.0 to 4.5.0 ( #1075 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](13ae5bb136...d27e3f3d7c
2023-01-25 12:30:15 -05:00
dependabot[bot]
55fc253fea
chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 ( #1076 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.1 to 0.13.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](06e109483e...54e36e45f3
2023-01-25 12:29:56 -05:00
dependabot[bot]
a98a81f4cb
chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 ( #1077 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](83fd05a356...0b7f8abb15
2023-01-25 12:28:26 -05:00
dependabot[bot]
3841782b69
chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 ( #1074 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9782bd6a98...9bc31d5ccc
2023-01-25 12:24:49 -05:00
dependabot[bot]
2fd9543562
chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 ( #1078 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...e38b1902ae
2023-01-25 12:24:27 -05:00
Keith Zantow
e99a95697c
chore: align makefile and bootstrap tools scripts more with syft ( #1073 )
2023-01-25 16:27:42 +00:00
Weston Steimel
5b0f0fe3b9
chore: enable dependabot on gomod and GitHub actions ( #1072 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-01-25 15:58:56 +00:00
Keith Zantow
5ff7b07748
chore: add github token to quality tests ( #1056 )
2023-01-11 13:48:02 -05:00
Christopher Angelo Phillips
26438862df
chore: update default packages to read ( #1007 )
2022-11-21 13:07:42 -05:00
Christopher Angelo Phillips
d5c93aa00f
scoped: token release for content write on image assets ( #1002 )
2022-11-18 22:32:49 +00:00
Christopher Angelo Phillips
3e0af43383
chore: pin dependencies ( #994 )
2022-11-14 21:23:42 +00:00
Christopher Angelo Phillips
e1d3302b9a
chore: code-ql top level read check ( #993 )
2022-11-14 14:30:52 -05:00
Christopher Angelo Phillips
02fe5e9c76
chore: update codeql to pinned v2 with correct write permissions
2022-11-14 15:39:45 +00:00
Joyce
8f28a6ea96
Update token permissions to be read-only ( #988 )
...
Closes https://github.com/anchore/grype/issues/984
2022-11-14 08:10:09 -05:00
Joyce
2cd2ef5340
Enable the Scorecard Github Action and badge ( #929 )
2022-11-03 14:24:20 -04:00
Alex Goodman
d4587ddeec
Add in-depth quality gate checks ( #949 )
...
* add in-depth quality gate checks
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add quality tests to PR checks
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-10-05 16:26:26 -04:00
Christopher Angelo Phillips
78d87c1e11
grype release message update ( #914 )
2022-09-06 11:46:59 -04:00
Alex Goodman
ea4b250055
Fix docker build typo ( #891 )
2022-08-24 17:07:48 +00:00
Weston Steimel
0de5dfdd86
fix getting latest gosimports version ( #885 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2022-08-22 18:27:50 +00:00
Weston Steimel
d463d74178
workflow to create automated PRs to update bootstrap tools ( #883 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2022-08-22 17:59:54 +00:00
Christopher Angelo Phillips
8fe761b41f
remove env variable dependencies and keychain from signing script ( #864 )
2022-08-03 14:55:15 +00:00
Christopher Angelo Phillips
d264309035
macos-latest for signing ( #863 )
2022-08-03 14:09:44 +00:00
Christopher Angelo Phillips
6810fa5809
move docker release into separate release workflow ( #862 )
2022-08-03 13:10:40 +00:00
Christopher Angelo Phillips
5cb0bf742b
revert to old docker action ( #861 )
2022-08-03 11:56:22 +00:00
Christopher Angelo Phillips
ad55091216
push older version for mac runner stability ( #852 )
2022-08-01 10:32:06 -04:00
Christopher Angelo Phillips
a6ec8f11be
add env variables and keychain for GHCR publish ( #843 )
2022-07-25 15:26:14 +00:00
Keith Zantow
4ed0704dcf
Auto-PR needs to run go mod tidy ( #727 )
2022-04-13 16:30:53 -04:00
Keith Zantow
b1e7189a4a
Add workflow for automatic PR for new Syft releases ( #722 )
2022-04-13 13:08:04 -04:00
Jonas Xavier
50a6a09c86
Upgrade CI to go1.18 ( #687 )
...
* upgrade CI to Go1.18
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* remove golanci-lint go1.17 job
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix error from gocritic (linter)
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
2022-03-22 12:02:14 -07:00
Jonas Xavier
dae6411c5c
upgrade github workflows to go 1.18 ( #649 )
...
* upgrade github workflows to go 1.18
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* upgrade syft & set go1.18 for CI workflows
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add go1.17 static analysis
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix yaml comment
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
2022-03-17 14:58:20 -07:00
Keith Zantow
0b76016235
Directly install gon ( #667 )
2022-03-15 13:47:15 +00:00
Alex Goodman
4af3cf7455
reduce PR CI pain and flakyness ( #652 )
2022-03-02 14:03:19 -05:00
Alex Goodman
b0c8dc0e57
Share import mac code signing certificate steps for release ( #646 )
2022-02-26 23:11:24 +00:00
Alex Goodman
598af89b2e
Upgrade install.sh to support installations for previous versions ( #636 )
2022-02-15 17:29:24 -05:00
Alex Goodman
5aa85338d6
Normalize release assets and refactor install.sh ( #630 )
...
* refactor release to keep snapshot assets in parity with release assets
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* refactor install.sh and put under test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* tidy go.sum
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add mac acceptance test to github actions workflow
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rm use of goreleaser in cli tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* go mod tidy with go 1.17
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-11 19:24:25 +00:00
Christopher Angelo Phillips
16e6bee766
update go -> 1.17 ( #628 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-02-11 10:50:13 -05:00
Alex Goodman
a7ce318b20
fix release quality gate section ( #518 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-12-03 17:11:26 +00:00
Alex Goodman
51e1b6307b
Update syft, jotframe, and validations pipeline ( #512 )
...
* update syft and jotframe
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update validations and release pipeline
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* moved terminal package to golang.org/x/term
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update integration tests to account for package relationships
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add license exception for xz
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update Location and Coordinate references
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove benchmark tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove mac acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add syft-grype relationship notes in DEVELOPING.md
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-11-30 18:10:07 +00:00
Alex Goodman
afc9de6058
Fix hang when running as a subprocess ( #484 )
...
* use named pipe bit on stdin as indicator for piped input
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure stdin is ignored when the CLI hints are present
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add CLI test to cover subprocess integration behavior
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* added test case for java regression
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove extra line in makefile
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-10-29 14:51:58 +00:00
Christopher Angelo Phillips
9349060765
Add QEMU to acceptance tests flow ( #483 )
...
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-26 11:51:53 -04:00
Christopher Angelo Phillips
9d245e3d9d
update CI regression and add docker manifests ( #479 )
...
* see if QEMU offers support
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update QEMU support before cli verification
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-26 10:04:38 -04:00
Alex Goodman
1e7218b01f
add chronicle as changelog generator ( #468 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-10-21 16:30:24 -04:00
Alex Goodman
dc1f682e4b
remove unnecessary codeql checkout from second parent commit ( #458 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-10-18 13:18:56 -04:00
Conor Nosal
1c3605dfa6
Support gomod configuration in goreleaser ( #391 )
...
* Support gomod configuration in goreleaser
Signed-off-by: Conor Nosal <cnosal@vmware.com>
* switch to goreleaser build for snapshots + bump version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* modify goreleaser buildx option due to deprecation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add snapshot flag to builds
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2021-10-01 09:37:36 -04:00
Dan Luhring
682fb4482f
Update description for Slack link ( #439 )
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2021-09-30 21:45:22 +00:00
Keith Zantow
1d08335bb3
Add SBOM to releases ( #429 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2021-09-24 20:22:14 -04:00
Vijay Pillai
1a7c9d1779
Bugfixes + Integration test for sbom input vs grype library comparison ( #424 )
...
This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library.
* adds integration test that compares SBOM input vs image input
* fix integration test cache path
* Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON
* Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction
* bump syft to version 0.24.0
* update license check for packageurl-go
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-22 21:53:32 -04:00
Zane Burstein
d169d5292a
Added goreleaser-install.sh and execution in make bootstrap target
...
Previous install of goreleaser v 0.160.0 was being done with curl command to https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh , but there have been changes to that script that broke bootstrap. Copied the shell script to repo and changed the checksum file name to goreleaser_checksums.txt
Signed-off-by: Zane Burstein <zane.burstein@anchore.com>
2021-09-07 14:20:13 -07:00
Alex Goodman
2faefdf902
update slack channels
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-07-12 08:06:47 -04:00
Dan Luhring
ab85f428fa
Remove git checkout from tidy check
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2021-07-01 14:45:01 -04:00
Dan Luhring
81f68a1562
Modify tidy check to compare against git HEAD
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2021-07-01 14:45:01 -04:00
Dan Luhring
c1e70893e6
Replace links to Slack channels with public signup link ( #325 )
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2021-05-26 13:24:23 +00:00
Dan Luhring
ede8990906
Update script name for consistency
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2021-05-26 08:54:18 -04:00
Dan Luhring
bf1cfcd848
Clarify message in go mod checking
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2021-05-26 08:53:25 -04:00
Alex Goodman
a6585f4842
add go.mod tidy CI check
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-05-25 13:43:53 -04:00
Alex Goodman
a0767aaa04
fix release pipeline quality gate
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-04-14 14:56:56 -04:00
Alex Goodman
c72803eb24
unify cli test make target
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-04-13 16:13:11 -04:00
Alex Goodman
9b7988178c
bump to building and testing on golang 1.16
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-04-01 10:01:09 -04:00
Alex Goodman
9fd20b910e
ensure docker is auth'd during entire release process
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-26 10:11:59 -04:00
Alex Goodman
5dc5b440e4
move docker login after keychain creation
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-25 16:44:23 -04:00
Alex Goodman
1010a09d6b
manually login to docker via cli during release
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 17:55:27 -04:00
Alex Goodman
887b3f0303
move snapshot builds to linux box
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 12:33:21 -04:00
Alex Goodman
a399647afc
add docker image to release process
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 10:00:13 -04:00
Dan Luhring
e93bf99d9d
Use snapshot build for pipeline CLI testing
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2021-03-09 08:58:02 -05:00
Dan Luhring
d7a323b0be
Add signed and notarized ZIP release asset
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-11 17:30:50 -05:00
Dan Luhring
bf9cf38362
Add Slack notifications for acceptance test failures
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-05 12:49:33 -05:00
Dan Luhring
263da9e3a8
Add bootstrap step to acceptance workflow
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-05 09:55:23 -05:00
Dan Luhring
5725f26c04
Resolve security warning for macOS users ( #194 )
...
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-05 08:50:58 -05:00
Alex Goodman
50e9800594
update release gate checks
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-23 14:12:34 -04:00
Alex Goodman
ed27c7fcfa
Merge pull request #185 from VinodAnandan/main
...
Enable CodeQL Security Scan
2020-10-16 19:22:19 -04:00
Vinod Anandan
fa5e7abe38
Enable CodeQL Security Scan
...
https://github.blog/2020-09-30-code-scanning-is-now-available/
Signed-off-by: Vinod Anandan <vinod.anandan@jpmorgan.com>
2020-10-17 00:11:09 +01:00
Alex Goodman
86015454dc
fix grype version verbiage
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-15 11:51:14 -04:00
Alex Goodman
d26eff6c1d
remove greeter action since it is broken for forked PRs ( #186 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-15 10:20:00 -04:00
Robert Prince
9363f27627
Add first issue/PR welcome message action ( #168 )
...
* Add first issue/PR welcome message action
Signed-off-by: Robert Prince <robert.prince@anchore.com>
* update first-pr-issue message with a simple greeting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* simplify first message to a greeting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-09 10:20:08 -04:00
Alex Goodman
b787a69520
run tests on fork PRs ( #180 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-09 07:45:09 -04:00
Alex Goodman
86b0ae1ada
migrate to GHA pipeline ( #176 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-07 14:57:59 -04:00
Alex Goodman
3c35e562bf
exclude size labels from release changelog
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 23:30:15 -04:00
Alex Goodman
75e3638468
add changelog generation into the release process ( #167 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 16:59:00 -04:00
Alex Goodman
0618d1dbeb
github is picky about the issue template file extension
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-12 11:12:43 -04:00
Alex Goodman
d0b03fad13
add slack links to issue selection ( #123 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-12 11:08:24 -04:00
Alex Goodman
89a6201555
Disable prerelease version update check ( #118 )
...
* disable prerelease version update check
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use prerelease flag as source of truth for user notifications
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-11 09:54:09 -04:00
Alex Goodman
cbd6060652
Add installer script + brew tap ( #116 )
...
* add installer script + brew tap
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use correct token on release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 18:57:03 -04:00
Alex Goodman
50d7251a0b
add issue templates ( #112 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2020-08-10 14:39:49 -04:00
Alex Goodman
56b9576a19
Add inline-comparison as acceptance test ( #106 )
...
* add inline-compare as acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* improve RPM matching with source indirection matching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add comments to compare-* make targets
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* clean inline-compare image test names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump syft version to get rpm field enhancements
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 11:03:48 -04:00
Alex Goodman
f1ad989c9b
replace master with main ( #104 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-07 13:27:04 -04:00
Alex Goodman
81eab4e65b
pull all commits on checkout for release to build changelog ( #98 )
2020-08-06 08:29:06 -04:00
Alex Goodman
009dcb1a46
Ignore prerelease versions on release + add DB update URL ( #76 )
...
* ignore prerelease versions when uploading version file on release
* add db update url
2020-07-30 12:37:49 -04:00
Alex Goodman
c524fba691
use aws creds for version file upload
2020-07-27 10:12:40 -04:00
Alex Goodman
ff5e31f437
add release quality gate
2020-07-25 16:25:34 -04:00
Alex Goodman
bb2afc3a59
fix checks wait step for release
2020-07-25 11:45:26 -04:00
Alex Goodman
2835ccb23f
add snapshot check & enable release publishing
2020-07-25 11:08:54 -04:00
Alex Goodman
6340b2da3a
add release pipeline & replace imgbom with syft ( #60 )
2020-07-23 21:26:03 -04:00
