dependabot[bot]
87c4fcfed4
Bump github/codeql-action from 3.24.10 to 3.25.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.10 to 3.25.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4355270be1...df5a14dc28
2024-04-15 19:17:08 +00:00
dependabot[bot]
5ef7019b12
Bump codecov/codecov-action from 4.2.0 to 4.3.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](7afa10ed9b...84508663e9
2024-04-09 19:23:09 +00:00
dependabot[bot]
6d92513629
Bump docker/setup-buildx-action from 3.2.0 to 3.3.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](2b51285047...d70bba72b1
2024-04-08 19:42:36 +00:00
dependabot[bot]
3ae07cad4d
Bump github/codeql-action from 3.24.9 to 3.24.10
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.9 to 3.24.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b1aada464...4355270be1
2024-04-05 19:49:07 +00:00
5dc7809c93
Merge pull request #100 from wneessen/dependabot/github_actions/codecov/codecov-action-4.2.0
...
Bump codecov/codecov-action from 4.1.1 to 4.2.0
2024-04-04 23:51:36 +02:00
dependabot[bot]
3f5f61f403
Bump sonarsource/sonarqube-quality-gate-action
...
Bumps [sonarsource/sonarqube-quality-gate-action](https://github.com/sonarsource/sonarqube-quality-gate-action ) from f9fe214a5be5769c40619de2fff2726c36d2d5eb to 72f24ebf1f81eda168a979ce14b8203273b7c3ad.
- [Release notes](https://github.com/sonarsource/sonarqube-quality-gate-action/releases )
- [Commits](f9fe214a5b...72f24ebf1f
2024-04-04 19:53:45 +00:00
dependabot[bot]
737cd0c985
Bump codecov/codecov-action from 4.1.1 to 4.2.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](c16abc29c9...7afa10ed9b
2024-04-04 19:53:42 +00:00
dependabot[bot]
ecf7c1063b
Bump sonarsource/sonarqube-scan-action
...
Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action ) from 9ad16418d1dd6d28912bc0047ee387e90181ce1c to 53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases )
- [Commits](9ad16418d1...53c3e3207f
2024-03-28 19:38:29 +00:00
dependabot[bot]
ef2f27c35f
Bump codecov/codecov-action from 4.1.0 to 4.1.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](54bcd8715e...c16abc29c9
2024-03-26 19:46:28 +00:00
0e2df1fe07
Update workflows to trigger on specific file changes
...
The update limits the GolangCI, Codecov, SonarQube, and Docker workflow triggers to only fire when specific related files are modified. By focusing on relevant paths like '**.go', 'go.*' and respective workflow files, we enhance the efficiency of our CI/CD process.
2024-03-25 19:32:40 +01:00
dependabot[bot]
2263417aaf
Bump github/codeql-action from 3.24.8 to 3.24.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.8 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](05963f47d8...1b1aada464
2024-03-22 20:02:01 +00:00
ff719d09b7
Merge pull request #84 from wneessen/dependabot/github_actions/actions/setup-go-5.0.0
...
Bump actions/setup-go from 3.5.0 to 5.0.0
2024-03-19 20:45:20 +01:00
850ea82828
Merge pull request #85 from wneessen/dependabot/github_actions/docker/build-push-action-5.3.0
...
Bump docker/build-push-action from 3.3.1 to 5.3.0
2024-03-19 20:45:06 +01:00
474c137f89
Merge pull request #86 from wneessen/dependabot/github_actions/docker/metadata-action-5.5.1
...
Bump docker/metadata-action from 3.3.0 to 5.5.1
2024-03-19 20:44:53 +01:00
dependabot[bot]
c674235d94
Bump sonarsource/sonarqube-scan-action
...
Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action ) from 1b9d398800bf807ad36901b351fff52deba642d6 to 9ad16418d1dd6d28912bc0047ee387e90181ce1c.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases )
- [Commits](1b9d398800...9ad16418d1
2024-03-19 19:42:38 +00:00
dependabot[bot]
f7b196bfbf
Bump docker/metadata-action from 3.3.0 to 5.5.1
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 3.3.0 to 5.5.1.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md )
- [Commits](98669ae865...8e5442c4ef
2024-03-19 19:42:34 +00:00
dependabot[bot]
d1dfac476d
Bump docker/build-push-action from 3.3.1 to 5.3.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.3.1 to 5.3.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](1104d47137...2cdde995de
2024-03-19 19:42:29 +00:00
dependabot[bot]
f4a61bf426
Bump actions/setup-go from 3.5.0 to 5.0.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...0c52d547c9
2024-03-19 19:42:25 +00:00
760593f248
Merge pull request #83 from wneessen/dependabot/github_actions/docker/setup-buildx-action-3.2.0
...
Bump docker/setup-buildx-action from 2.10.0 to 3.2.0
2024-03-18 22:07:47 +01:00
7d5493c77d
Merge pull request #82 from wneessen/dependabot/github_actions/github/codeql-action-3.24.8
...
Bump github/codeql-action from 3.24.7 to 3.24.8
2024-03-18 22:07:32 +01:00
d4d76a0f0a
Merge pull request #81 from wneessen/dependabot/github_actions/actions/upload-artifact-4.3.1
...
Bump actions/upload-artifact from 3.1.0 to 4.3.1
2024-03-18 22:07:19 +01:00
bac3aa4750
Merge pull request #80 from wneessen/dependabot/github_actions/fsfe/reuse-action-3.0.0
...
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
2024-03-18 22:07:10 +01:00
dependabot[bot]
a0c312f39f
Bump docker/setup-buildx-action from 2.10.0 to 3.2.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.10.0 to 3.2.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](885d1462b8...2b51285047
2024-03-18 19:41:54 +00:00
dependabot[bot]
35cce6e2c7
Bump github/codeql-action from 3.24.7 to 3.24.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.7 to 3.24.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ab4101902...05963f47d8
2024-03-18 19:41:50 +00:00
dependabot[bot]
174ca5da39
Bump actions/upload-artifact from 3.1.0 to 4.3.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](3cea537223...5d5d22a312
2024-03-18 19:41:45 +00:00
dependabot[bot]
df816f5ae4
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
...
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action ) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/fsfe/reuse-action/releases )
- [Commits](28cf8f33bc...a46482ca36
2024-03-18 19:41:42 +00:00
dependabot[bot]
da5ffa7d3d
Bump docker/setup-qemu-action from 2.2.0 to 3.0.0
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 2.2.0 to 3.0.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](2b82ce82d5...68827325e0
2024-03-18 19:41:39 +00:00
bf9cb85f9b
Merge pull request #76 from wneessen/dependabot/github_actions/ossf/scorecard-action-2.3.1
...
Bump ossf/scorecard-action from 2.1.2 to 2.3.1
2024-03-17 23:32:03 +01:00
7a1170b2d0
Merge pull request #74 from wneessen/dependabot/github_actions/github/codeql-action-3.24.7
...
Bump github/codeql-action from 2.2.4 to 3.24.7
2024-03-17 23:31:48 +01:00
abc5b90aea
Merge pull request #73 from wneessen/dependabot/github_actions/docker/login-action-3.1.0
...
Bump docker/login-action from 1.9.0 to 3.1.0
2024-03-17 23:31:37 +01:00
0c68f136ea
Merge pull request #72 from wneessen/dependabot/github_actions/golangci/golangci-lint-action-4.0.0
...
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
2024-03-17 23:31:26 +01:00
dependabot[bot]
1d8087b1d7
Bump ossf/scorecard-action from 2.1.2 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...0864cf1902
2024-03-17 22:26:56 +00:00
dependabot[bot]
3ddc257cb5
Bump codecov/codecov-action from 3.1.6 to 4.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.6 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](ab904c41d6...54bcd8715e
2024-03-17 22:26:51 +00:00
dependabot[bot]
2639bb5c69
Bump github/codeql-action from 2.2.4 to 3.24.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.4 to 3.24.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2.2.4...3ab4101902695724f9365a384f86c1074d94e18c )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-17 22:26:48 +00:00
dependabot[bot]
f7d220dd2b
Bump docker/login-action from 1.9.0 to 3.1.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.9.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](28218f9b04...e92390c5fb
2024-03-17 22:26:43 +00:00
dependabot[bot]
134d943439
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](3a91952989...3cfe3a4abb
2024-03-17 22:26:40 +00:00
StepSecurity Bot
35067dbf85
[StepSecurity] Apply security best practices
...
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-17 22:22:53 +00:00
b289d440da
Update Go build command in GitHub workflow
...
The GitHub workflow script has been updated to use a different command for building the Go application. This will ensure that the application is built with necessary parameters for correct operation and proper linking of static libraries.
2024-03-17 20:23:29 +01:00
ef8e334df0
Add read permissions to GitHub workflows
...
The reuse and docker-publish workflow scripts in GitHub Actions have been updated. Now these scripts have permission to read contents. This will ensure secure access and controlled operations on repositories.
2024-03-17 20:16:27 +01:00
bfc12841ce
Update Go version and build command in codeql workflow
...
The codeql workflow script has been updated. Specifically, the Go version in the build command has been changed from 1.22.0 to 1.22.1+auto, to ensure alignment with the Go version specified elsewhere in the project. Additionally, the build command itself has been simplified, utilizing '/usr/bin/env' to consolidate dependencies.
2024-03-17 19:59:29 +01:00
4ea41be22f
Update Go version and simplify build script
...
The Go version in go.mod has been updated from 1.22 to 1.22.0 to avoid potential compatibility issues. Additionally, the build process in codeql.yml has been simplified by consolidating multiple 'go mod' commands into a single 'go build' command.
2024-03-17 19:51:46 +01:00
6f25663957
Update Go build steps in GitHub workflow
...
The build steps in the CodeQL action of the GitHub workflow have been updated. Instead of using the 'apt-get' command, the 'go mod tidy', 'go mod download', and 'go mod verify' are now used. This improves the building process by organizing and verifying the dependencies.
2024-03-17 19:31:10 +01:00
31cf70c678
Update golangci-lint workflow permissions
...
The "read-all" permission has been eliminated from the .github/workflows/golangci-lint.yml file. In its place, more specific read permissions have been implemented to enhance security measures and establish accurate access levels.
2024-03-17 19:28:59 +01:00
4bc210f1ab
Refine permissions in CodeQL workflow
...
The "read-all" permission has been removed from the CodeQL workflow. Instead, the workflow now includes a specific read permission for contents, ensuring a more precise and secure access level.
2024-03-17 19:28:06 +01:00
b36aeeeab6
Update CodeQL workflow to include Go installation and building
...
The previous autobuild process has been disabled in the Github actions workflow. A new step for Go installation and manual building of the application using Go has been implemented, providing enhanced control and flexibility over the project's build process.
2024-03-17 19:24:19 +01:00
043008a97d
Update CodeQL workflow to include Go installation and building
...
The previous autobuild process has been disabled in the Github actions workflow. A new step for Go installation and manual building of the application using Go has been implemented, providing enhanced control and flexibility over the project's build process.
2024-03-17 19:22:18 +01:00
2af31dcb48
Disable Autobuild and setup manual Go build in CodeQL workflow
...
The Github actions autobuild functionality has been commented out and replaced with manual building using Go. This customized build command ensures better flexibility and control over the build process.
2024-03-17 19:19:38 +01:00
7ebaf2d2b7
Add read-all permissions to workflow files
...
This commit adds "read-all" permissions to golangci-lint, codecov, and sonarqube workflow files. This change ensures that all necessary activities are allowed during the workflow processes.
2024-03-17 19:15:34 +01:00
eec1b36edc
Add read-all permissions and SPDX license headers in codeql.yml
...
The commit adds SPDX-FileCopyrightText and SPDX-License-Identifier headers at the top of codeql.yml, specifying a CC0-1.0 license for Winni Neessen's 2022 copyright. It also grants read-all permissions, ensuring all needed activities are allowed in the file's workflow.
2024-03-17 19:14:42 +01:00
2d674214a7
Create codeql.yml
2024-03-17 19:12:21 +01:00
