Commit graph

123 commits

Author SHA1 Message Date
dependabot[bot]
eeb00f034f
Bump github/codeql-action from 3.24.9 to 3.24.10
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.9 to 3.24.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1b1aada464...4355270be1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-08 13:59:24 +00:00
ae36ab8722
Merge pull request #205 from wneessen/dependabot/github_actions/sonarsource/sonarqube-quality-gate-action-72f24ebf1f81eda168a979ce14b8203273b7c3ad
Bump sonarsource/sonarqube-quality-gate-action from f9fe214a5be5769c40619de2fff2726c36d2d5eb to 72f24ebf1f81eda168a979ce14b8203273b7c3ad
2024-04-04 16:30:36 +02:00
dependabot[bot]
adb90c453d
Bump codecov/codecov-action from 4.1.1 to 4.2.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](c16abc29c9...7afa10ed9b)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-04 13:21:24 +00:00
dependabot[bot]
294de2c5ee
Bump sonarsource/sonarqube-quality-gate-action
Bumps [sonarsource/sonarqube-quality-gate-action](https://github.com/sonarsource/sonarqube-quality-gate-action) from f9fe214a5be5769c40619de2fff2726c36d2d5eb to 72f24ebf1f81eda168a979ce14b8203273b7c3ad.
- [Release notes](https://github.com/sonarsource/sonarqube-quality-gate-action/releases)
- [Commits](f9fe214a5b...72f24ebf1f)

---
updated-dependencies:
- dependency-name: sonarsource/sonarqube-quality-gate-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-04 13:21:20 +00:00
dependabot[bot]
b0bda8dbc8
Bump sonarsource/sonarqube-scan-action
Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 9ad16418d1dd6d28912bc0047ee387e90181ce1c to 53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](9ad16418d1...53c3e3207f)

---
updated-dependencies:
- dependency-name: sonarsource/sonarqube-scan-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-28 13:31:06 +00:00
dependabot[bot]
d5d377c575
Bump codecov/codecov-action from 4.1.0 to 4.1.1
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](54bcd8715e...c16abc29c9)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-27 13:55:03 +00:00
dependabot[bot]
181ce199af
Bump actions/dependency-review-action from 4.2.4 to 4.2.5
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.2.4 to 4.2.5.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](733dd5d4a5...5bbc3ba658)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-26 13:47:39 +00:00
3a31eb181e
Merge pull request #198 from wneessen/dependabot/github_actions/actions/upload-artifact-4.3.1
Bump actions/upload-artifact from 3.1.3 to 4.3.1
2024-03-25 16:13:01 +01:00
32a66f3df9
Merge pull request #199 from wneessen/dependabot/github_actions/actions/dependency-review-action-4.2.4
Bump actions/dependency-review-action from 4.2.3 to 4.2.4
2024-03-25 16:12:48 +01:00
9976302dd9
Merge pull request #200 from wneessen/dependabot/github_actions/fsfe/reuse-action-3.0.0
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
2024-03-25 16:12:33 +01:00
dependabot[bot]
d28b22d05e
Bump actions/setup-go from 3.5.0 to 5.0.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](6edd4406fa...0c52d547c9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:33 +00:00
dependabot[bot]
4660a9d734
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/fsfe/reuse-action/releases)
- [Commits](28cf8f33bc...a46482ca36)

---
updated-dependencies:
- dependency-name: fsfe/reuse-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:29 +00:00
dependabot[bot]
82a0ffef1a
Bump actions/dependency-review-action from 4.2.3 to 4.2.4
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](0fa40c3c10...733dd5d4a5)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:26 +00:00
dependabot[bot]
92bf3166c4
Bump actions/upload-artifact from 3.1.3 to 4.3.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](a8a3f3ad30...5d5d22a312)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:21 +00:00
StepSecurity Bot
d87e2205d6
[StepSecurity] ci: Harden GitHub Actions
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-23 18:01:31 +00:00
25ee875300
"Add Govulncheck Security Scan workflow"
A new GitHub Actions workflow for Govulncheck Security Scan has been added. This workflow gets activated on every push or pull request and includes runner hardening and executing 'govulncheck' to identify potential vulnerabilities.
2024-03-23 18:59:10 +01:00
c78388a2cb
Add read permissions to GitHub workflow files
This commit adds read permissions for 'contents' in the GitHub workflow files sonarqube.yml and reuse.yml. This allows these specific workflows to access the relevant contents they need for execution.
2024-03-23 15:49:03 +01:00
976adc5be9
Merge pull request #186 from wneessen/dependabot/github_actions/github/codeql-action-3.24.9
Bump github/codeql-action from 1.1.39 to 3.24.9
2024-03-22 16:13:33 +01:00
bd513b3d5a
Merge pull request #187 from wneessen/dependabot/github_actions/codecov/codecov-action-4.1.0
Bump codecov/codecov-action from 3.1.6 to 4.1.0
2024-03-22 16:13:20 +01:00
f82a3fc261
Merge pull request #188 from wneessen/dependabot/github_actions/golangci/golangci-lint-action-4.0.0
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
2024-03-22 16:13:08 +01:00
e789acfa75
Merge pull request #190 from wneessen/dependabot/github_actions/ossf/scorecard-action-2.3.1
Bump ossf/scorecard-action from 2.0.6 to 2.3.1
2024-03-22 16:12:55 +01:00
6d31b35fa2
Merge pull request #189 from wneessen/dependabot/github_actions/actions/dependency-review-action-4.2.3
Bump actions/dependency-review-action from 2.5.1 to 4.2.3
2024-03-22 16:12:42 +01:00
101e90f607
Add SPDX license headers to GitHub workflow files
This commit adds SPDX license headers to GitHub workflow files: scorecards.yml, dependency-review.yml, and dependabot.yml. This ensures that the license and copyright information is easily available for everyone to see.
2024-03-22 16:10:30 +01:00
dependabot[bot]
60578e4c00
Bump ossf/scorecard-action from 2.0.6 to 2.3.1
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](99c53751e0...0864cf1902)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:09 +00:00
dependabot[bot]
dbf19d2646
Bump actions/dependency-review-action from 2.5.1 to 4.2.3
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.1 to 4.2.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](0efb1d1d84...0fa40c3c10)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:05 +00:00
dependabot[bot]
86d86beb7f
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](3a91952989...3cfe3a4abb)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:02 +00:00
dependabot[bot]
6283546390
Bump codecov/codecov-action from 3.1.6 to 4.1.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.6 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](ab904c41d6...54bcd8715e)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:04:59 +00:00
dependabot[bot]
1b6f49cd18
Bump github/codeql-action from 1.1.39 to 3.24.9
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.39 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1.1.39...1b1aada464948af03b950897e5eb522f92603cc2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:04:55 +00:00
StepSecurity Bot
886edbc0c9
[StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-22 14:36:47 +00:00
f01047855f
Update Go version in GitHub workflow files
The Go version has been updated to '1.22' in the 'sonarqube.yml', 'golangci-lint.yml', and 'codecov.yml' GitHub action workflow files. This includes an additional modification for the Go versions matrix and condition statements in the 'codecov.yml' workflow.
2024-02-10 14:14:34 +01:00
1c39dc8cf8
Upgrade codecov-action to v3 in GitHub workflow
The codecov-action version used in the GitHub workflow file has been upgraded from v2 to v3. This enhances the reliability and performance by leveraging the new features and improvements available in version 3. This commit doesn't affect the functionality of the project but is more of a dependency update.
2024-01-25 14:03:19 +01:00
0bd5390e37
Update codecov.yml 2023-08-23 11:47:00 +02:00
b2e54717b3
Update Go version to 1.21 in GitHub workflows
This commit updates the Go version from 1.20 to 1.21 on three GitHub workflow files: golangci-lint.yml, codecov.yml, and sonarqube.yml. The change ensures we use the latest Go version which is more efficient and comes with additional features, leading to improved project performance.
2023-08-15 10:11:13 +02:00
169286e109
Update golangci-lint to Go 1.20 2023-02-02 19:10:16 +01:00
0dca1491db
Looks like golangci-lint does not support 1.20 yet 2023-02-02 10:26:11 +01:00
fa0d51ec80
GH seems to interpret 1.20 as 1.2. Let's try if a string works 2023-02-02 10:23:51 +01:00
c5481d9059
Updated workflows to Go 1.20 2023-02-02 10:16:46 +01:00
4a1b1ede96
Update sonarqube.yml
Remove gosec and update to Go 1.19
2022-10-18 17:36:13 +02:00
f36df2fcdb
Fix codecov Go version setup
The different code version usages in the codecov workflow were missing the actual go setup set, which caused all tests to always run with Go 1.17. This PR fixes this
2022-10-18 16:40:03 +02:00
8c6f291b38
Update golangci-lint.yml 2022-10-17 18:35:53 +02:00
9e2fc70ee6
Update golangci-lint.yml 2022-10-17 18:21:28 +02:00
0149003d49
Update golangci-lint.yml 2022-10-17 18:20:37 +02:00
872315ed80
Create golangci-lint.yml 2022-10-17 18:18:32 +02:00
9e2cad565a
Update codecov.yml 2022-09-08 15:33:39 +02:00
6556926573
Update codecov.yml 2022-09-08 15:30:47 +02:00
d5ee314883
Update codecov.yml 2022-09-08 15:29:18 +02:00
48a1acc782
Update codecov.yml 2022-09-08 15:25:08 +02:00
67101c0a99
Update codecov.yml
Install sendmail for tests on ubuntu
2022-09-08 15:23:06 +02:00
bce51755d2
Update codecov.yml
Add Go 1.19 to test coverage and use it as default
2022-09-08 15:05:38 +02:00
04196716f1
Update sonarqube.yml
Run SonarQube on PRs too
2022-07-07 10:52:01 +02:00
4e4d3f5157
Update reuse.yml 2022-06-17 15:27:07 +02:00
617ff3eed5
Create reuse.yml 2022-06-17 15:22:53 +02:00
31001e87b2
#24: Add SPDX license IDs for REUSE compliance
# SUMMARY

* Bad licenses:
* Deprecated licenses:
* Licenses without file extension:
* Missing licenses:
* Unused licenses:
* Used licenses: CC0-1.0, MIT
* Read errors: 0
* Files with copyright information: 45 / 45
* Files with license information: 45 / 45

Congratulations! Your project is compliant with version 3.0 of the REUSE Specification :-)
2022-06-17 15:05:54 +02:00
1d697c3334
Update codecov.yml
We do not support go 1.15
2022-06-09 09:53:39 +02:00
556223c09a
Update sonarqube.yml 2022-04-12 23:25:23 +02:00
a5cd8d6d68
Update sonarqube.yml 2022-04-12 23:15:56 +02:00
483773cb9c
Update sonarqube.yml 2022-04-12 23:12:32 +02:00
b7c817d4e4
Update and rename sonarqube.yaml to sonarqube.yml 2022-04-12 19:36:20 +02:00
e76cd59d66
Create sonarqube.yaml 2022-04-12 19:35:07 +02:00
4c5aa79ff4
Update codecov.yml 2022-03-21 11:03:55 +01:00
a6e36d57bc
Update codecov.yml 2022-03-21 10:15:58 +01:00
dc37b3d285
Update codecov.yml 2022-03-16 21:08:34 +01:00
57bb99b43d
Update codecov.yml
Set 1.18 as if criteria
2022-03-15 21:58:57 +01:00
ece721ffc1
Update codecov.yml
Typo in 1.18 change
2022-03-15 21:57:50 +01:00
236f981968
Update codecov.yml
Replaced go 1.14 with 1.18
2022-03-15 21:57:05 +01:00
b092316e96
Update codecov.yml 2022-03-15 21:42:00 +01:00
46687c9d7e
Update codecov.yml 2022-03-15 21:41:24 +01:00
c2ea1989a8
Update codecov.yml 2022-03-15 21:40:04 +01:00
5443964d66
Update codecov.yml 2022-03-15 21:32:05 +01:00
f00913b0ac
Update codecov.yml 2022-03-15 21:30:51 +01:00
099275021f
Update codecov.yml 2022-03-15 21:29:26 +01:00
b7d7c655b7
Create codecov.yml 2022-03-15 21:25:23 +01:00
066b421725
Create codeql-analysis.yml 2022-03-14 16:00:33 +01:00