Commit graph

249 commits

Author SHA1 Message Date
Alex Goodman
b2f4d7eda2
Follow convention for naming catalogers (#2277)
* follow convention for naming catalogers

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cataloger name example

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 12:39:42 +00:00
dependabot[bot]
2428d704e1
chore(deps): bump github/codeql-action from 2.22.4 to 2.22.5 (#2261)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.4 to 2.22.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](49abf0ba24...74483a38d3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 09:54:23 -04:00
Alex Goodman
7315f83f9d
Upgrade tool management (#2188)
* migrate to binny and taskfile

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update binny to not require github token

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* added support for automatically building snapshots

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* detect source changes for snapshot builds

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fail workflow explicitly when snapshot cache restoral fails

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* match snapshot restoral paths

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-25 09:08:43 -04:00
Alex Goodman
c4b464e616
fix CPE workflow (#2252)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-24 15:07:49 +00:00
dependabot[bot]
bdbf927847
chore(deps): bump github/codeql-action from 2.22.3 to 2.22.4 (#2249)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.3 to 2.22.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0116bc2df5...49abf0ba24)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 10:41:54 -04:00
Alex Goodman
f3d95aa3a9
fill version info from release and git directly (#2244)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-23 09:05:43 -04:00
Alex Goodman
263be01faa
change homebrew release trigger (#2242)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-20 18:31:41 +00:00
Alex Goodman
8f6bdde666
Label PRs when the json schema changes (#2240)
* label PRs when the json schema changes

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* moderate pr comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* be more strict about processing file names

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-20 13:00:15 -04:00
dependabot[bot]
6c7900f5b8
chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#2236)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8ade135a41...b4ffde65f4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-18 09:54:26 -04:00
dependabot[bot]
dcec2bc352
chore(deps): bump github/codeql-action from 2.22.2 to 2.22.3 (#2229)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.2 to 2.22.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](d90b8d79de...0116bc2df5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-16 08:59:39 -04:00
dependabot[bot]
538fe5ee1d
chore(deps): bump github/codeql-action from 2.22.1 to 2.22.2 (#2224)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.1 to 2.22.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](fdcae64e14...d90b8d79de)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 11:10:45 -04:00
Christopher Angelo Phillips
d1120ad56e
chore: add automated homebrew action (#2164)
* chore: add automated homebrew action

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* migrate homebrew publish step to separate post-release workflow

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-11 09:52:22 -04:00
dependabot[bot]
68cf57ed03
chore(deps): bump github/codeql-action from 2.22.0 to 2.22.1 (#2208)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.0 to 2.22.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2cb752a87e...fdcae64e14)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-09 13:05:57 -04:00
dependabot[bot]
eed35ec9ce
chore(deps): bump github/codeql-action from 2.21.9 to 2.22.0 (#2202)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.9 to 2.22.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ddccb87388...2cb752a87e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-06 12:02:34 -04:00
dependabot[bot]
38d5ef2c84
chore(deps): bump github/codeql-action from 2.21.8 to 2.21.9 (#2182)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.8 to 2.21.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](6a28655e3d...ddccb87388)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-28 10:56:08 -04:00
dependabot[bot]
351c683cb4
chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 (#2172)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](3df4ab11eb...8ade135a41)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-26 07:49:13 -04:00
Alex Goodman
8314c0d2cb
Correcting behavior based on Syft release v0.91.0 run (#2162)
* dont show the title in the release notes

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* dont upload assets on the release pipeline

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump action-slack action to v3.15.1

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove custom go mod and build cache

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 20:18:44 +00:00
dependabot[bot]
962ff1ec49
chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 (#2157)
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases)
- [Commits](0914d50df7...3beb63f4bd)

---
updated-dependencies:
- dependency-name: tibdex/github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-20 10:12:13 -04:00
Alex Goodman
40899adb87
use annotated tags, update chronicle, fix cache keys (#2154)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 10:11:44 -04:00
dependabot[bot]
30885ed92e
chore(deps): bump github/codeql-action from 2.21.7 to 2.21.8 (#2150)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](04daf014b5...6a28655e3d)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-19 14:37:54 -04:00
Christopher Angelo Phillips
594ba5f295
chore: pin workflow checkout for cpe update-cpe-dictionary-index (#2141)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 16:00:15 -04:00
Christopher Angelo Phillips
094b41b301
chore: pin and update all workflow dependencies; add permission scopes (#2138)
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 14:18:42 -04:00
dependabot[bot]
c21b16d924
chore(deps): bump docker/login-action from 2 to 3 (#2119)
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 10:34:19 -04:00
dependabot[bot]
b2be411f77
chore(deps): bump tibdex/github-app-token from 1 to 2 (#2116)
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 1 to 2.
- [Release notes](https://github.com/tibdex/github-app-token/releases)
- [Commits](https://github.com/tibdex/github-app-token/compare/v1...v2)

---
updated-dependencies:
- dependency-name: tibdex/github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 09:56:22 -04:00
Christopher Angelo Phillips
3842d28e90
fix: update codeql-analysis for go 1.21 (#2108)
* fix: update codeql-analysis for go 1.21

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* nit: remove comment

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 15:54:42 -04:00
dlorenc
9f22ab6137
Bump the golang.org/x/exp dependency and fix a build breakage. (#2088)
* Bump the golang.org/x/exp dependency and fix a build breakage.

---------

Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 14:55:52 -04:00
dependabot[bot]
1315cfd787
chore(deps): bump actions/checkout from 3 to 4 (#2094)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:57:51 -04:00
Keith Zantow
dd09e0362e
chore: update quill to the latest version (#2065)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-25 20:45:04 +00:00
Dan Luhring
99d172f0d1
Introduce indexed embedded CPE dictionary (#1897)
* Introduce indexed embedded CPE dictionary

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

* Don't generate cpe-index on make snapshot

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

* Add unit tests for individual addEntry funcs

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

* migrate CPE index build to go generate and add periodic workflow

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add test to ensure generated cpe index is wired up to function that uses it

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-21 13:54:19 +00:00
Alex Goodman
026be3c0f1
add oss community board auto-add workflow (#1898)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-06-27 15:53:59 -04:00
Bob Callaway
0580328ad9
update cosign to v2 release (different go module) (#1805)
Signed-off-by: Bob Callaway <bcallaway@google.com>
2023-05-10 11:12:37 -04:00
Christopher Angelo Phillips
a42bac6fcc
fix: only cache java packages and not source content (#1750)
* fix: only cache java packages and not source content

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* fix: add gradle to matched files for ci checksum

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-04-19 16:07:34 -04:00
Christopher Angelo Phillips
55a90a2ee0
fix: update cache.fingerprint file to java-builds dir (#1748)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-04-19 12:17:07 -04:00
Alex Goodman
5a7bab972c
Fix kernel cataloger test fixtures (#1742)
* pin kernel and modules version for kernel fixtures

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* cache kernel fixtures in CI

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update CLI test image with pinned kernel deps

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update the kernel version found in integration tests

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

---------

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-17 11:44:46 -04:00
dependabot[bot]
394ec8d215
chore(deps): bump peter-evans/create-pull-request from 4 to 5 (#1712)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 19:04:26 -04:00
Keith Zantow
2022ffa0e5
chore: update deprecated set-output calls (#1705)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 09:36:11 -04:00
Keith Zantow
34ace36a9e
chore: tweak some workflow text (#1685)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-03-21 11:08:49 -04:00
dependabot[bot]
b5ec4d4f08
chore(deps): bump actions/setup-go from 3 to 4 (#1671)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-16 12:02:07 -04:00
Keith Zantow
7714bc0521
fix: improved Python binary detection (#1648) 2023-03-07 10:52:29 -05:00
dependabot[bot]
ff34594284
chore(deps): bump actions/upload-artifact from 2 to 3 (#1627)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 14:17:29 -05:00
dependabot[bot]
f3acff81f3
chore(deps): bump actions/checkout from 2 to 3 (#1626)
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 13:14:03 -05:00
Alex Goodman
669fee84d5
Revert "add workaround for macos github actions cache issue (#1584)" (#1605)
This reverts commit 0076b19893.

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-02-22 15:03:12 -05:00
Alex Goodman
0076b19893
add workaround for macos github actions cache issue (#1584)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-02-17 10:29:33 -05:00
Alex Goodman
88c81d33ed
switch from trigger-release target to release target (#1560)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-02-09 16:35:11 +00:00
Alex Goodman
8847ba5d0b
Add release trigger (#1501)
* add release trigger

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* deduplicate version and changelog calls + add gh checks

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add more chronicle verbosity, but not when triggering releases

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* bump chronicle version to get --version-file feature

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update bootstrap tool workflow to include glow

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add version prefix check on tags in release quality gate

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

---------

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-02-08 11:38:27 -05:00
Bradley Jones
cdac2245b5
feat: update golang to 1.19 (#1526)
* feat: update golang to 1.19

Signed-off-by: Bradley Jones <bradley.jones@anchore.com>

* chore: break out json schema drift check into separate script

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* chore: update git index refresh

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-01-31 11:39:57 -05:00
Keith Zantow
674a54512c
chore: correct bootstrap tool script (#1514) 2023-01-25 10:22:28 -05:00
dependabot[bot]
b77c104aa6
chore(deps): bump github/codeql-action from 1 to 2 (#1473)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 09:38:06 -05:00
dependabot[bot]
10ca7f56ab
chore(deps): bump actions/setup-go from 2 to 3 (#1472)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 09:37:45 -05:00
Christopher Angelo Phillips
03971ace43
chore: use checkout v3 with new depth (#1471) 2023-01-17 21:26:39 +00:00
Christopher Angelo Phillips
07aee798b0
chore: use checkout v2 for tag depth (#1470) 2023-01-17 21:03:29 +00:00
Alex Goodman
05611c283d
bootstrap within composite action (#1461)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-01-17 10:04:22 -05:00
Weston Steimel
e87cfe7319
chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452) 2023-01-12 16:21:01 -05:00
Alex Goodman
e0acfa98c7
add s3 credentials to release (#1309)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-11-02 15:48:37 +00:00
Keith Zantow
35f0f2931e
chore: update goreleaser brew token (#1306) 2022-11-02 10:05:20 -04:00
Keith Zantow
ba57f3db51
chore: update github token permissions for goreleaser (#1305) 2022-11-01 16:28:37 +00:00
Christopher Angelo Phillips
4c5c6f6319
fix: update ci secret to use new password (#1304) 2022-11-01 14:30:29 +00:00
Christopher Angelo Phillips
1b69fbd566
fix: update secret value to use new cert cahin (#1303)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-11-01 00:05:40 +00:00
Alex Goodman
28cadfdb5d
replace signing tooling with quill (#1280)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-10-24 13:03:10 -04:00
Keith Zantow
b20310eaf8
Add gosimports (#1205) 2022-09-14 13:38:18 -04:00
Keith Zantow
70db13d49e
Add RPM file scanning support (#1188) 2022-09-07 14:16:30 -04:00
Weston Steimel
6949a2500f
Fix update-bootstrap-tools workflow (#1170) 2022-08-22 16:17:28 +00:00
Weston Steimel
5282820b5d
workflow to create automated PRs to update bootstrap tools (#1167) 2022-08-22 11:28:24 -04:00
Keith Zantow
69bde44c6e
Update stereoscope to get rid of the replace directive (#1140) 2022-08-03 12:24:20 -04:00
Christopher Angelo Phillips
f5d02d4e52
improve docker release bootstrap (#1136) 2022-08-02 15:44:24 +00:00
Christopher Angelo Phillips
1bf97af3fb
remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133) 2022-08-01 21:08:38 +00:00
Christopher Angelo Phillips
ca69fb8370
remove prefixed v from tag to match release (#1131) 2022-08-01 15:07:58 +00:00
Christopher Angelo Phillips
8f21180681
rollback actions-setup-docker to earlier version (#1130) 2022-08-01 14:10:50 +00:00
Christopher Angelo Phillips
20ad59ad1b
Delete pr_action.yaml (#1120) 2022-07-27 17:12:00 +00:00
Christopher Angelo Phillips
ba685eada8
Add PR action back to workflow with new token (#1086) 2022-07-06 09:31:51 -04:00
Christopher Angelo Phillips
3ce1a4aac1
remove pr automation until service account creation (#1080) 2022-06-30 21:43:24 +00:00
Christopher Angelo Phillips
f35a252ecf
add workflows to test new project automation (#1023) 2022-06-08 09:42:53 -04:00
Keith Zantow
321eddf874
Auto-PR needs to run go mod tidy (#958) 2022-04-13 16:30:35 -04:00
Keith Zantow
25bf679f8f
Add workflow for automatic PR for new stereoscope updates (#954) 2022-04-13 13:20:40 -04:00
Alex Goodman
e415bb21e7
Update write permissions and log into ghcr.io for release (#942) 2022-04-06 21:15:55 +00:00
Alex Goodman
7f9edf346a
Bump golangci-lint to 1.45.0 (#909) 2022-03-22 11:02:36 -04:00
Jonas Xavier
6ef3e45ffc
Use go 1.18 buildinfo to catalog binaries (#827)
* initial working version

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* added build settings to pkg metadata

wip - unit tests

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* handle mach-O FatFiles

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* add support to mod replace

fixed golang catalger tests

trying GH Actions with go 1.18rc1

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* log error

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* use go-macholibre for extraction

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* cleaner tests

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* add version to main module

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* check macho file with macholibre

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* run golangci in its own workflow

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* wip - golangci workflow

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix golangci wf yml

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix golangci wf yml

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* wip - golangci wf

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* wip - golangci wf

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* get arch from bin file headers

upgrade macholibre

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* go mod tidy

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* test new stereoscope lazy reader interface

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* go mod tidy

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* remove devel version from golang cataloger

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* go mod tidy

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* switch github workflows to go1.18 stable

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* add union reader interface in golang cataloger

update stereoscope

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* go mod tidy

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* simpler golangci validation

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix makefile

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* get archs refactor

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* nolint for golang version

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix go bin tests

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* feedback changes

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* golangci nolint needs a \n before package

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* cleanup

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* move golangci-lint to its own jobs again

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix ci yaml

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* add support for xcoff files

add arch assets to test bin file types

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* clean up golangci-lint config

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* nolint for xcoff

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* explain nolints

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* remove unused xcoff testdata assets

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* make go bin test-fixtures in docker

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix make clean with -f

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* update json output schema

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* update schema version in test fixture

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* feedback changes

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* explain possible empty main module

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
2022-03-16 17:07:02 -07:00
Alex Goodman
635904fcb6
Reduce PR check failures (#858) 2022-03-02 17:51:37 +00:00
Christopher Angelo Phillips
256e85bc12
510 - SBOM attestation stdout (#785)
add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-02-22 21:45:12 -05:00
Alex Goodman
55c7f3d1e7
Upgrade install.sh to support installations for previous versions (#830) 2022-02-15 22:23:11 +00:00
Christopher Angelo Phillips
8f96adacfb
Upgrade golang to 1.17 (#809)
* initial upgrade workflow

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* update go.mod

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-02-09 11:08:24 -05:00
Alex Goodman
341288ba29
Normalize snapshot and release artifacts (#789)
* refactor signing steps in release/snapshot workflows

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* show signing logs on snapshot or release failure

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update install.sh + tests to account for new goreleaser changes

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update cli tests to account for new goreleaser build names

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix acceptance test to use new snapshot bin path

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add notarization

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* address review comments

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-04 12:41:37 -05:00
Alex Goodman
f38b0b7256
Refactor install.sh (#765)
* [wip] get assets based on gh api

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* put install.sh download_asset fn under test

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* put install.sh install_asset fn under test

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* use zip for darwin installs

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix install.sh negative test cases

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* allow errors to propagate in install.sh

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* remove exit on error from install.sh tests

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add more docs around install.sh helpers

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add integration tests for install.sh

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add install.sh testing to pipeline

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add install test cache to CI

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* make colors globally available

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* test download against github release

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* always test release-based install against latest release

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* use better install.sh test names

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-01 16:58:47 -05:00
Christopher Angelo Phillips
1c63943055
Add arm64 image support and Darwin M1 support to .goreleaser.yaml (#591)
* update support arm64

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>

* small update syntax

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>

* restore release command

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>

* add docker manifests

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-26 09:42:35 -04:00
Alex Goodman
4bf08e6b6d
swap out the changelog generator for chronicle tool (#580)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-10-21 13:37:13 -04:00
Christopher Angelo Phillips
10fa8dc7c9
Add windows support (#548)
* update  build tags, ui support, and stereoscope, and release for windows support

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-21 12:49:36 -04:00
Alex Goodman
cbdb72ea22
remove unnecessary codeql checkout from second parent commit (#567)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-10-18 13:31:19 -04:00
Keith Zantow
e5caba043d
Add SBOM to releases (#500)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2021-09-24 20:21:23 -04:00
Alex Goodman
ddfc8e20c0
Revert "disable docker releases (workaround) (#493)" (#501)
This reverts commit 06dcd3261d.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-09-13 13:06:23 -04:00
Alex Goodman
06dcd3261d
disable docker releases (workaround) (#493)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-09-03 21:29:34 +00:00
Alex Goodman
6e70d8af98
respond to pull_request events for internal PRs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-06-16 12:48:50 -04:00
Alex Goodman
5e1e2628cf
align check names to release quality gate
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-04-22 16:20:21 -04:00
Alex Goodman
0c100c4037
change mac acceptance test image.tar path
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-04-16 09:57:13 -04:00
Alex Goodman
8658abc8c4
ignore failures on benchmark sticky comment
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-29 11:59:49 -04:00
Alex Goodman
2a9b1b2680
move docker login after keychain creation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-26 10:41:44 -04:00
Alex Goodman
cfec812804
enable release environment (manual approval for releases)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-25 12:01:20 -04:00
Alex Goodman
ac4b653721
fix sticky benchmark comment on PRs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-25 11:53:05 -04:00
Alex Goodman
51bf9f9e05
manually login to docker via cli during release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 17:57:41 -04:00
Alex Goodman
1b7c755536
add file-type mix as golden image
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 16:50:57 -04:00
Alex Goodman
8854d83934
cache mac acceptance image
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 15:03:25 -04:00
Alex Goodman
12f419111e
remove docker layer cache from validation pipeline
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 13:04:13 -04:00
Alex Goodman
77e4c89a5a
bump coverage threshold + use ubuntu for snapshot builds
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 10:28:57 -04:00
Alex Goodman
e3b1522394
upgrade goreleaser + constrain pipeline tool cache
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 06:58:30 -04:00
Alex Goodman
36e4af1953
adjust jsom schema version + adopt java pom properies test fixtures
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 11:27:01 -04:00
Alex Goodman
abca2c5f0b
remove token usage from benchmark sticky comment action
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 10:58:09 -04:00
Alex Goodman
f180d1c537
improve config parsing + fix command deprecation warning
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 10:58:09 -04:00
Alex Goodman
b1b57f6ba6
remove benchmark test event filter in validations pipeline
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 10:58:08 -04:00
Alex Goodman
1d87f07da1
update pipeline with new levels of testing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 10:58:07 -04:00
Alex Goodman
83778677c1
run snapshot build on ubuntu
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-19 08:42:27 -04:00
Alex Goodman
9f57e17887
add labels to the docker image + pin the docker pipeline install version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-18 16:28:03 -04:00
Alex Goodman
e9105c180a
add dockerfile + docker build step
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-11 16:45:20 -05:00
Alex Goodman
c7b26c55ac
add docker to mac instance
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-11 14:01:00 -05:00
Alex Goodman
5e62bca72f
Revert "Add docker image and refactor release pipeline (#310)"
This reverts commit 6195002ae5.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2021-03-11 12:42:18 -05:00
Dan Luhring
6195002ae5
Add docker image and refactor release pipeline (#310)
* Create independent build targets for Mac and Linux

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Create targets for macOS signing and notarization

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Create target for Linux packaging

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Update release workflow and leverage new make targets

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add release assets to release draft

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add homebrew formula release follow-up and improve Makefile

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add follow-up workflow for updating version check file

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Get rid of fetch depth 0 for checkout action

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add follow-up workflow for Docker images

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Restore wait-for-checks job

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Replace make functions with shell functions

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Account for envsubst command in bootstrap-ci-linux

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* move homebrew generation into script

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add release approval step; remove goreleaser; add docker image smoke testing in acceptance step

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* replace homebrew formula template file with heredoc template

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update release documentation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-10 13:25:31 -05:00
Dan Luhring
bf2d5ed87e
Pin actions/cache to v2.1.3
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2021-02-05 11:15:53 -05:00
Alex Goodman
a56292e2e0
Revert "Add the ability to run syft from a scratch image."
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2020-12-16 16:54:34 -05:00
Toure Dunnon
a19496b846 added: Docker login github action to publish new images
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
2020-12-15 11:07:14 -05:00
Dan Luhring
ecfc471ce5
Resolve security warning for macOS users (#249)
* Add support for macOS signing and notarization

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Use Docker to run the changelog generator locally

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-04 15:47:55 -05:00
Alex Goodman
cc466e47da
bump python version for acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-27 14:53:52 -04:00
Alex Goodman
103f0617f5
bootstrap cached deps and ci deps separately for acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-23 10:42:57 -04:00
Alex Goodman
4c751cb1d4
Merge pull request #222 from VinodAnandan/main
Enable CodeQL Security Scan
2020-10-15 23:11:01 -04:00
Vinod Anandan
0f92f16eb6 Enable CodeQL Security Scan
https://github.blog/2020-09-30-code-scanning-is-now-available/

remove java from codeql scan

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Vinod Anandan <vinod.anandan@jpmorgan.com>
2020-10-16 03:02:09 +01:00
Alex Goodman
1bf1e643eb
restore original release token
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-15 14:41:28 -04:00
Alex Goodman
dcb5d6d08e
remove greeter action since it is broken for forked PRs (#223)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-15 10:20:09 -04:00
Alex Goodman
2b932f8d65
run tests on fork PRs (#210)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-09 07:45:05 -04:00
Robert Prince
587589bfe3
Add first issue/PR welcome message action (#185)
* Add first issue/PR welcome message action

Signed-off-by: Robert Prince <robert.prince@anchore.com>

* update first-pr-issue message with a simple greeting

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2020-10-08 15:42:46 -04:00
Alex Goodman
956af57d3b
update release token name
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-08 14:37:06 -04:00
Alex Goodman
262a0888a8
fix release pipeline to wait for GHA check names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-08 13:57:43 -04:00
Alex Goodman
da0eb6f20f
fix acceptance tests & add notification upon failures (#204)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-08 11:07:00 -04:00
Alex Goodman
16b23e7994
add gha pipeline to replace circlei pipeline (#202)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-07 12:20:51 -04:00
Alex Goodman
2844b9878f
add release notification
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 23:21:16 -04:00
Alex Goodman
8b81c87d18
remove unreleased tags and exclude size labels
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 22:59:19 -04:00
Alex Goodman
9bd9dad76c
remove unrelease changelog option
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 18:11:02 -04:00
Alex Goodman
6d9f9a9b3b
pin the two tags used for release autochangelog
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 17:57:51 -04:00
Alex Goodman
f4502fc824
Add notifications around the release process (#184)
* add pipeline notification upon release

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add pending notification to release pipeline

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 16:58:56 -04:00
Alex Goodman
90bd68e44c
Disable prerelease version update check (#140)
* disable prerelease version update check

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* use prerelease flag as source of truth for user notifications

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-11 09:54:04 -04:00
Alex Goodman
676544b6ab
use token on release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 18:28:43 -04:00
Alex Goodman
2d452bf59e
Add inline-comparison as acceptance test (#130)
* add inline-compare as acceptance test

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add additional RPM metadata

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add comments and doc strings to the compare-* make targets

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 10:33:44 -04:00
Alex Goodman
a3a3e3848f
replace master with main (#128)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-07 13:27:11 -04:00
Alex Goodman
f855a38a01
pull all commits on checkout for release to build changelog (#126) 2020-08-06 08:28:01 -04:00
Alex Goodman
ad1a72c6ff
ignore prerelease verions when uploading version file on release 2020-07-29 14:54:47 -04:00
Alex Goodman
19eadde9ca
use aws creds for version file upload 2020-07-27 09:55:11 -04:00
Alex Goodman
c9dea59232
verify signing fingerprint 2020-07-25 09:59:48 -04:00
Alex Goodman
1ba0678cf6
provide signed checksums 2020-07-25 08:42:50 -04:00
Alex Goodman
f3428e49b8
add release quality gate 2020-07-25 07:23:15 -04:00
Alex Goodman
585569e929
fix gha go cache key; rm brew until oss release 2020-07-25 07:18:21 -04:00
Alex Goodman
32bd57886e
add publish release 2020-07-25 07:09:20 -04:00
Alex Goodman
44f26c7f90
update release quality gate version 2020-07-25 07:03:57 -04:00
Alex Goodman
ba4f63099d
Add release process (#89)
* add check for app update; fix ETUI error handling

* validate user args

* add goreleaser support

* replace cgo dependencies (go-rpm) with go equivalents

* add acceptance tests against build snapshot

* add brew tap + acceptance test pipeline

* add mac acceptance tests

* fix compare makefile

* fix mac acceptance tests

* add release pipeline with wait checks

* add token to release step

* rm dir presenters int test

* enforce dpkg to be non interactive

Co-authored-by: Alfredo Deza <adeza@anchore.com>

* pin brew formulae

* pin skopeo to formulae url

* only run acceptance tests

Co-authored-by: Alfredo Deza <adeza@anchore.com>
2020-07-23 10:52:44 -04:00