9976302dd9
Merge pull request #200 from wneessen/dependabot/github_actions/fsfe/reuse-action-3.0.0
...
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
2024-03-25 16:12:33 +01:00
dependabot[bot]
d28b22d05e
Bump actions/setup-go from 3.5.0 to 5.0.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...0c52d547c9
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:33 +00:00
dependabot[bot]
4660a9d734
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
...
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action ) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/fsfe/reuse-action/releases )
- [Commits](28cf8f33bc...a46482ca36
)
---
updated-dependencies:
- dependency-name: fsfe/reuse-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:29 +00:00
StepSecurity Bot
d87e2205d6
[StepSecurity] ci: Harden GitHub Actions
...
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-23 18:01:31 +00:00
25ee875300
"Add Govulncheck Security Scan workflow"
...
A new GitHub Actions workflow for Govulncheck Security Scan has been added. This workflow gets activated on every push or pull request and includes runner hardening and executing 'govulncheck' to identify potential vulnerabilities.
2024-03-23 18:59:10 +01:00
c78388a2cb
Add read permissions to GitHub workflow files
...
This commit adds read permissions for 'contents' in the GitHub workflow files sonarqube.yml and reuse.yml. This allows these specific workflows to access the relevant contents they need for execution.
2024-03-23 15:49:03 +01:00
976adc5be9
Merge pull request #186 from wneessen/dependabot/github_actions/github/codeql-action-3.24.9
...
Bump github/codeql-action from 1.1.39 to 3.24.9
2024-03-22 16:13:33 +01:00
bd513b3d5a
Merge pull request #187 from wneessen/dependabot/github_actions/codecov/codecov-action-4.1.0
...
Bump codecov/codecov-action from 3.1.6 to 4.1.0
2024-03-22 16:13:20 +01:00
f82a3fc261
Merge pull request #188 from wneessen/dependabot/github_actions/golangci/golangci-lint-action-4.0.0
...
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
2024-03-22 16:13:08 +01:00
e789acfa75
Merge pull request #190 from wneessen/dependabot/github_actions/ossf/scorecard-action-2.3.1
...
Bump ossf/scorecard-action from 2.0.6 to 2.3.1
2024-03-22 16:12:55 +01:00
6d31b35fa2
Merge pull request #189 from wneessen/dependabot/github_actions/actions/dependency-review-action-4.2.3
...
Bump actions/dependency-review-action from 2.5.1 to 4.2.3
2024-03-22 16:12:42 +01:00
101e90f607
Add SPDX license headers to GitHub workflow files
...
This commit adds SPDX license headers to GitHub workflow files: scorecards.yml, dependency-review.yml, and dependabot.yml. This ensures that the license and copyright information is easily available for everyone to see.
2024-03-22 16:10:30 +01:00
dependabot[bot]
60578e4c00
Bump ossf/scorecard-action from 2.0.6 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...0864cf1902
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:09 +00:00
dependabot[bot]
dbf19d2646
Bump actions/dependency-review-action from 2.5.1 to 4.2.3
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 4.2.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84...0fa40c3c10
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:05 +00:00
dependabot[bot]
86d86beb7f
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](3a91952989...3cfe3a4abb
)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:02 +00:00
dependabot[bot]
6283546390
Bump codecov/codecov-action from 3.1.6 to 4.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.6 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](ab904c41d6...54bcd8715e
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:04:59 +00:00
dependabot[bot]
1b6f49cd18
Bump github/codeql-action from 1.1.39 to 3.24.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.39 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1.1.39...1b1aada464948af03b950897e5eb522f92603cc2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:04:55 +00:00
StepSecurity Bot
886edbc0c9
[StepSecurity] Apply security best practices
...
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-22 14:36:47 +00:00
f01047855f
Update Go version in GitHub workflow files
...
The Go version has been updated to '1.22' in the 'sonarqube.yml', 'golangci-lint.yml', and 'codecov.yml' GitHub action workflow files. This includes an additional modification for the Go versions matrix and condition statements in the 'codecov.yml' workflow.
2024-02-10 14:14:34 +01:00
1c39dc8cf8
Upgrade codecov-action to v3 in GitHub workflow
...
The codecov-action version used in the GitHub workflow file has been upgraded from v2 to v3. This enhances the reliability and performance by leveraging the new features and improvements available in version 3. This commit doesn't affect the functionality of the project but is more of a dependency update.
2024-01-25 14:03:19 +01:00
0bd5390e37
Update codecov.yml
2023-08-23 11:47:00 +02:00
b2e54717b3
Update Go version to 1.21 in GitHub workflows
...
This commit updates the Go version from 1.20 to 1.21 on three GitHub workflow files: golangci-lint.yml, codecov.yml, and sonarqube.yml. The change ensures we use the latest Go version which is more efficient and comes with additional features, leading to improved project performance.
2023-08-15 10:11:13 +02:00
169286e109
Update golangci-lint to Go 1.20
2023-02-02 19:10:16 +01:00
0dca1491db
Looks like golangci-lint does not support 1.20 yet
2023-02-02 10:26:11 +01:00
fa0d51ec80
GH seems to interpret 1.20 as 1.2. Let's try if a string works
2023-02-02 10:23:51 +01:00
c5481d9059
Updated workflows to Go 1.20
2023-02-02 10:16:46 +01:00
4a1b1ede96
Update sonarqube.yml
...
Remove gosec and update to Go 1.19
2022-10-18 17:36:13 +02:00
f36df2fcdb
Fix codecov Go version setup
...
The different code version usages in the codecov workflow were missing the actual go setup set, which caused all tests to always run with Go 1.17. This PR fixes this
2022-10-18 16:40:03 +02:00
8c6f291b38
Update golangci-lint.yml
2022-10-17 18:35:53 +02:00
9e2fc70ee6
Update golangci-lint.yml
2022-10-17 18:21:28 +02:00
0149003d49
Update golangci-lint.yml
2022-10-17 18:20:37 +02:00
872315ed80
Create golangci-lint.yml
2022-10-17 18:18:32 +02:00
9e2cad565a
Update codecov.yml
2022-09-08 15:33:39 +02:00
6556926573
Update codecov.yml
2022-09-08 15:30:47 +02:00
d5ee314883
Update codecov.yml
2022-09-08 15:29:18 +02:00
48a1acc782
Update codecov.yml
2022-09-08 15:25:08 +02:00
67101c0a99
Update codecov.yml
...
Install sendmail for tests on ubuntu
2022-09-08 15:23:06 +02:00
bce51755d2
Update codecov.yml
...
Add Go 1.19 to test coverage and use it as default
2022-09-08 15:05:38 +02:00
04196716f1
Update sonarqube.yml
...
Run SonarQube on PRs too
2022-07-07 10:52:01 +02:00
4e4d3f5157
Update reuse.yml
2022-06-17 15:27:07 +02:00
617ff3eed5
Create reuse.yml
2022-06-17 15:22:53 +02:00
31001e87b2
#24 : Add SPDX license IDs for REUSE compliance
...
# SUMMARY
* Bad licenses:
* Deprecated licenses:
* Licenses without file extension:
* Missing licenses:
* Unused licenses:
* Used licenses: CC0-1.0, MIT
* Read errors: 0
* Files with copyright information: 45 / 45
* Files with license information: 45 / 45
Congratulations! Your project is compliant with version 3.0 of the REUSE Specification :-)
2022-06-17 15:05:54 +02:00
1d697c3334
Update codecov.yml
...
We do not support go 1.15
2022-06-09 09:53:39 +02:00
556223c09a
Update sonarqube.yml
2022-04-12 23:25:23 +02:00
a5cd8d6d68
Update sonarqube.yml
2022-04-12 23:15:56 +02:00
483773cb9c
Update sonarqube.yml
2022-04-12 23:12:32 +02:00
b7c817d4e4
Update and rename sonarqube.yaml to sonarqube.yml
2022-04-12 19:36:20 +02:00
e76cd59d66
Create sonarqube.yaml
2022-04-12 19:35:07 +02:00
4c5aa79ff4
Update codecov.yml
2022-03-21 11:03:55 +01:00
a6e36d57bc
Update codecov.yml
2022-03-21 10:15:58 +01:00