dependabot[bot]
962ff1ec49
chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 ( #2157 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0914d50df7...3beb63f4bd
2023-09-20 10:12:13 -04:00
Alex Goodman
40899adb87
use annotated tags, update chronicle, fix cache keys ( #2154 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 10:11:44 -04:00
dependabot[bot]
30885ed92e
chore(deps): bump github/codeql-action from 2.21.7 to 2.21.8 ( #2150 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04daf014b5...6a28655e3d
2023-09-19 14:37:54 -04:00
Christopher Angelo Phillips
594ba5f295
chore: pin workflow checkout for cpe update-cpe-dictionary-index ( #2141 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 16:00:15 -04:00
Christopher Angelo Phillips
094b41b301
chore: pin and update all workflow dependencies; add permission scopes ( #2138 )
...
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 14:18:42 -04:00
dependabot[bot]
c21b16d924
chore(deps): bump docker/login-action from 2 to 3 ( #2119 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 10:34:19 -04:00
dependabot[bot]
b2be411f77
chore(deps): bump tibdex/github-app-token from 1 to 2 ( #2116 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1 to 2.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](https://github.com/tibdex/github-app-token/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: tibdex/github-app-token
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 09:56:22 -04:00
Christopher Angelo Phillips
3842d28e90
fix: update codeql-analysis for go 1.21 ( #2108 )
...
* fix: update codeql-analysis for go 1.21
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* nit: remove comment
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 15:54:42 -04:00
dlorenc
9f22ab6137
Bump the golang.org/x/exp dependency and fix a build breakage. ( #2088 )
...
* Bump the golang.org/x/exp dependency and fix a build breakage.
---------
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 14:55:52 -04:00
dependabot[bot]
1315cfd787
chore(deps): bump actions/checkout from 3 to 4 ( #2094 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:57:51 -04:00
Keith Zantow
dd09e0362e
chore: update quill to the latest version ( #2065 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-25 20:45:04 +00:00
Dan Luhring
99d172f0d1
Introduce indexed embedded CPE dictionary ( #1897 )
...
* Introduce indexed embedded CPE dictionary
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
* Don't generate cpe-index on make snapshot
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
* Add unit tests for individual addEntry funcs
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
* migrate CPE index build to go generate and add periodic workflow
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add test to ensure generated cpe index is wired up to function that uses it
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-21 13:54:19 +00:00
Alex Goodman
026be3c0f1
add oss community board auto-add workflow ( #1898 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-06-27 15:53:59 -04:00
Bob Callaway
0580328ad9
update cosign to v2 release (different go module) ( #1805 )
...
Signed-off-by: Bob Callaway <bcallaway@google.com>
2023-05-10 11:12:37 -04:00
Christopher Angelo Phillips
a42bac6fcc
fix: only cache java packages and not source content ( #1750 )
...
* fix: only cache java packages and not source content
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* fix: add gradle to matched files for ci checksum
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-04-19 16:07:34 -04:00
Christopher Angelo Phillips
55a90a2ee0
fix: update cache.fingerprint file to java-builds dir ( #1748 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-04-19 12:17:07 -04:00
Alex Goodman
5a7bab972c
Fix kernel cataloger test fixtures ( #1742 )
...
* pin kernel and modules version for kernel fixtures
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* cache kernel fixtures in CI
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update CLI test image with pinned kernel deps
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update the kernel version found in integration tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-17 11:44:46 -04:00
dependabot[bot]
394ec8d215
chore(deps): bump peter-evans/create-pull-request from 4 to 5 ( #1712 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 19:04:26 -04:00
Keith Zantow
2022ffa0e5
chore: update deprecated set-output calls ( #1705 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 09:36:11 -04:00
Keith Zantow
34ace36a9e
chore: tweak some workflow text ( #1685 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-03-21 11:08:49 -04:00
dependabot[bot]
b5ec4d4f08
chore(deps): bump actions/setup-go from 3 to 4 ( #1671 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-16 12:02:07 -04:00
Keith Zantow
7714bc0521
fix: improved Python binary detection ( #1648 )
2023-03-07 10:52:29 -05:00
dependabot[bot]
ff34594284
chore(deps): bump actions/upload-artifact from 2 to 3 ( #1627 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 14:17:29 -05:00
dependabot[bot]
f3acff81f3
chore(deps): bump actions/checkout from 2 to 3 ( #1626 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 13:14:03 -05:00
Alex Goodman
669fee84d5
Revert "add workaround for macos github actions cache issue ( #1584 )" ( #1605 )
...
This reverts commit 0076b19893
2023-02-22 15:03:12 -05:00
Alex Goodman
0076b19893
add workaround for macos github actions cache issue ( #1584 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-02-17 10:29:33 -05:00
Alex Goodman
88c81d33ed
switch from trigger-release target to release target ( #1560 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-02-09 16:35:11 +00:00
Alex Goodman
8847ba5d0b
Add release trigger ( #1501 )
...
* add release trigger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* deduplicate version and changelog calls + add gh checks
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add more chronicle verbosity, but not when triggering releases
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump chronicle version to get --version-file feature
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update bootstrap tool workflow to include glow
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add version prefix check on tags in release quality gate
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-02-08 11:38:27 -05:00
Bradley Jones
cdac2245b5
feat: update golang to 1.19 ( #1526 )
...
* feat: update golang to 1.19
Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
* chore: break out json schema drift check into separate script
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* chore: update git index refresh
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-01-31 11:39:57 -05:00
Keith Zantow
674a54512c
chore: correct bootstrap tool script ( #1514 )
2023-01-25 10:22:28 -05:00
dependabot[bot]
b77c104aa6
chore(deps): bump github/codeql-action from 1 to 2 ( #1473 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 09:38:06 -05:00
dependabot[bot]
10ca7f56ab
chore(deps): bump actions/setup-go from 2 to 3 ( #1472 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 09:37:45 -05:00
Christopher Angelo Phillips
03971ace43
chore: use checkout v3 with new depth ( #1471 )
2023-01-17 21:26:39 +00:00
Christopher Angelo Phillips
07aee798b0
chore: use checkout v2 for tag depth ( #1470 )
2023-01-17 21:03:29 +00:00
Alex Goodman
05611c283d
bootstrap within composite action ( #1461 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-01-17 10:04:22 -05:00
Weston Steimel
e87cfe7319
chore: remove bumping cosign in go.mod when updating bootstrap tools ( #1452 )
2023-01-12 16:21:01 -05:00
Alex Goodman
e0acfa98c7
add s3 credentials to release ( #1309 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-11-02 15:48:37 +00:00
Keith Zantow
35f0f2931e
chore: update goreleaser brew token ( #1306 )
2022-11-02 10:05:20 -04:00
Keith Zantow
ba57f3db51
chore: update github token permissions for goreleaser ( #1305 )
2022-11-01 16:28:37 +00:00
Christopher Angelo Phillips
4c5c6f6319
fix: update ci secret to use new password ( #1304 )
2022-11-01 14:30:29 +00:00
Christopher Angelo Phillips
1b69fbd566
fix: update secret value to use new cert cahin ( #1303 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-11-01 00:05:40 +00:00
Alex Goodman
28cadfdb5d
replace signing tooling with quill ( #1280 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-10-24 13:03:10 -04:00
Keith Zantow
b20310eaf8
Add gosimports ( #1205 )
2022-09-14 13:38:18 -04:00
Keith Zantow
70db13d49e
Add RPM file scanning support ( #1188 )
2022-09-07 14:16:30 -04:00
Weston Steimel
6949a2500f
Fix update-bootstrap-tools workflow ( #1170 )
2022-08-22 16:17:28 +00:00
Weston Steimel
5282820b5d
workflow to create automated PRs to update bootstrap tools ( #1167 )
2022-08-22 11:28:24 -04:00
Keith Zantow
69bde44c6e
Update stereoscope to get rid of the replace directive ( #1140 )
2022-08-03 12:24:20 -04:00
Christopher Angelo Phillips
f5d02d4e52
improve docker release bootstrap ( #1136 )
2022-08-02 15:44:24 +00:00
Christopher Angelo Phillips
1bf97af3fb
remove docker assets from main goreleaser configuration to reduce mac-os runner friction ( #1133 )
2022-08-01 21:08:38 +00:00
Christopher Angelo Phillips
ca69fb8370
remove prefixed v from tag to match release ( #1131 )
2022-08-01 15:07:58 +00:00
