dependabot[bot]
|
f983342597
|
Bump actions/checkout from 4.2.1 to 4.2.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](eef61447b9...11bd71901b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
3 weeks ago |
dependabot[bot]
|
c867af8e11
|
Bump actions/setup-go from 5.0.2 to 5.1.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](0a12ed9d6a...41dfa10bad )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
3 weeks ago |
dependabot[bot]
|
d517450a11
|
Bump actions/checkout from 4.2.0 to 4.2.1
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](d632683dd7...eef61447b9 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
1 month ago |
dependabot[bot]
|
9e192b28eb
|
Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](aaa42aa062...971e284b60 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
1 month ago |
dependabot[bot]
|
79257331c2
|
Bump golang/govulncheck-action from 1.0.3 to 1.0.4
Bumps [golang/govulncheck-action](https://github.com/golang/govulncheck-action) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/golang/govulncheck-action/releases)
- [Commits](dd0578b371...b625fbe08f )
---
updated-dependencies:
- dependency-name: golang/govulncheck-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2 months ago |
Matt Farina
|
b2286c4caa
|
Merge pull request #13328 from robertsirc/adjusting-go-setup-check-latest
adding check-latest:true
|
2 months ago |
dependabot[bot]
|
2cd8d54c83
|
Bump actions/checkout from 4.1.7 to 4.2.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](692973e3d9...d632683dd7 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2 months ago |
Robert Sirchia
|
a8750f4ce9
|
adding toplevel permissions to workflows missing them
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
62069eb7b5
|
removing testing trigger from govulncheck action
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
114db17898
|
adding top-level permissions
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Matt Farina
|
3a3e3846ca
|
Merge pull request #13331 from helm/dependabot/github_actions/ossf/scorecard-action-2.4.0
Bump ossf/scorecard-action from 2.3.1 to 2.4.0
|
2 months ago |
Matt Farina
|
334f5ed87e
|
Merge pull request #13330 from helm/dependabot/github_actions/actions/checkout-4.1.7
Bump actions/checkout from 4.1.1 to 4.1.7
|
2 months ago |
Robert Sirchia
|
8642225be3
|
Fixing the action trigger
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
5217ea8f18
|
testing permissing for codeql
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
dependabot[bot]
|
9134b9edab
|
Bump ossf/scorecard-action from 2.3.1 to 2.4.0
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](0864cf1902...62b2cac7ed )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2 months ago |
dependabot[bot]
|
144e7b0287
|
Bump actions/checkout from 4.1.1 to 4.1.7
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.1...692973e3d937129bcbf40652eb9f2f61becf3332)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2 months ago |
Robert Sirchia
|
611fae3d7d
|
adding check-latest:true
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Joe Julian
|
ef2719448b
|
Merge pull request #13233 from harshitasao/issue-13131
Added the scorecard github action and its badge
|
2 months ago |
Joe Julian
|
1a55457375
|
Merge pull request #13259 from harshitasao/scorecard-checks-fix
fix: fixed the token-permission and pinned-dependencies issue
|
2 months ago |
Robert Sirchia
|
e7b25bab6f
|
bumping version to 1.22.7
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
5326d79d3e
|
refectoring to ONE GH action
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
d91188159e
|
adding new lines at the end of each files
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
1aa640fe1d
|
changing the trigger file
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
3ef6dd4036
|
changing trigger file from go.sum to go.mod
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
5f15f53e2e
|
removing govulncheck from build-test
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
4df7d5628b
|
adding new workflows for govulncheck
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
2 months ago |
Robert Sirchia
|
88fa81ecb6
|
adding a new line at the end of the file as per the request of the maintainers
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
Robert Sirchia
|
76b9d962f0
|
restoring the original triggers that were removed for testing
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
Robert Sirchia
|
38dd4a7fea
|
moving govulncheck to a seperate job
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
Robert Sirchia
|
1ad6af9287
|
removing specific go version for govulncheck
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
Robert Sirchia
|
e46e0ddb98
|
updating go version for govulncheck
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
Robert Sirchia
|
6757f8a81b
|
fixing directory for go-packages
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
Robert Sirchia
|
031b34458e
|
changing the triggers to test this GH actions
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
Robert Sirchia
|
7e3df4baaf
|
Adding in workflow_call to test GH Actions
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
Robert Sirchia
|
eba0f78a47
|
Merge branch 'helm:main' into adding-goland-govulncheck-action
|
3 months ago |
dependabot[bot]
|
e448aae04e
|
Bump github/codeql-action from 3.26.3 to 3.26.6
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.3 to 3.26.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](883d8588e5...4dd16135b6 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
3 months ago |
Robert Sirchia
|
b351fdce99
|
adding workflow_dispatch to test
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
Robert Sirchia
|
67617290d4
|
adding govulncheck
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
|
3 months ago |
dependabot[bot]
|
c58cb9a529
|
Bump github/codeql-action from 3.26.2 to 3.26.3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](429e197704...883d8588e5 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
3 months ago |
harshitasao
|
b4caed94cd
|
fix: fixed the token-permission and pinned-dependencies issue
Signed-off-by: harshitasao <harshitasao@gmail.com>
|
3 months ago |
dependabot[bot]
|
83874d9edd
|
Bump github/codeql-action from 3.26.1 to 3.26.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.1 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](29d86d22a3...429e197704 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
3 months ago |
dependabot[bot]
|
990dbf671c
|
Bump github/codeql-action from 3.26.0 to 3.26.1
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.0 to 3.26.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](eb055d739a...29d86d22a3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
3 months ago |
Matt Farina
|
abdbe1ed34
|
Merge pull request #13217 from helm/dependabot/github_actions/golangci/golangci-lint-action-6.1.0
Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0
|
3 months ago |
dependabot[bot]
|
5bbe19a479
|
Bump github/codeql-action from 3.25.15 to 3.26.0
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](afb54ba388...eb055d739a )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
3 months ago |
harshitasao
|
ae17dea00d
|
Added the scorecard github action and its badge
Signed-off-by: harshitasao <harshitasao@gmail.com>
|
3 months ago |
dependabot[bot]
|
f293480688
|
Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.0.1 to 6.1.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](a4f60bb28d...aaa42aa062 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
4 months ago |
dependabot[bot]
|
8c1bfc7c99
|
Bump github/codeql-action from 3.25.13 to 3.25.15
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.13 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2d790406f5...afb54ba388 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
4 months ago |
dependabot[bot]
|
856d57600d
|
Bump github/codeql-action from 3.25.12 to 3.25.13
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4fa2a79536...2d790406f5 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
4 months ago |
Matt Farina
|
878af3ef1d
|
Merge pull request #13170 from helm/dependabot/github_actions/actions/setup-go-5.0.2
Bump actions/setup-go from 5.0.1 to 5.0.2
|
4 months ago |
dependabot[bot]
|
168c48be99
|
Bump github/codeql-action from 3.25.11 to 3.25.12
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b611370bb5...4fa2a79536 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
4 months ago |