Commit graph

126 commits

Author SHA1 Message Date
dependabot[bot]
b80694f5df
Bump docker/setup-buildx-action from 3.2.0 to 3.3.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](2b51285047...d70bba72b1)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-08 09:08:12 +00:00
dependabot[bot]
31beff9e47
Bump sonarsource/sonarqube-scan-action
Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 9ad16418d1dd6d28912bc0047ee387e90181ce1c to 53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](9ad16418d1...53c3e3207f)

---
updated-dependencies:
- dependency-name: sonarsource/sonarqube-scan-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-29 08:52:42 +00:00
dependabot[bot]
1919eabc08
Bump actions/dependency-review-action from 4.2.4 to 4.2.5
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.2.4 to 4.2.5.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](733dd5d4a5...5bbc3ba658)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-26 08:57:51 +00:00
795f9671b5
Merge pull request #12 from wneessen/dependabot/github_actions/github/codeql-action-3.24.9
Bump github/codeql-action from 3.24.8 to 3.24.9
2024-03-25 09:24:09 +01:00
dependabot[bot]
b7f7997861
Bump github/codeql-action from 3.24.8 to 3.24.9
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.8 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](05963f47d8...1b1aada464)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 08:20:03 +00:00
dependabot[bot]
615b3eb5a4
Bump actions/dependency-review-action from 4.2.3 to 4.2.4
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](0fa40c3c10...733dd5d4a5)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 08:19:50 +00:00
f0e0b94307
Add SPDX license headers to workflows and Dependabot config
Added SPDX license headers to the GitHub workflows and the Dependabot configuration file, specifying the license as MIT. Also, minor formatting changes have been made to the dependency review workflow file.
2024-03-21 16:35:03 +01:00
7b6edf1c31
Merge pull request #3 from wneessen/dependabot/github_actions/actions/checkout-4.1.2
Bump actions/checkout from 2.7.0 to 4.1.2
2024-03-21 16:33:27 +01:00
dependabot[bot]
9a7db0fb90
Bump actions/checkout from 2.7.0 to 4.1.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.7.0 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.7.0...9bb56186c3b09b4f86b1c65136769dd318469633)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 15:33:13 +00:00
fc1ca00262
Merge pull request #4 from wneessen/dependabot/github_actions/github/codeql-action-3.24.8
Bump github/codeql-action from 2.24.8 to 3.24.8
2024-03-21 16:33:08 +01:00
f54f539549
Merge pull request #5 from wneessen/dependabot/github_actions/actions/setup-go-5.0.0
Bump actions/setup-go from 3.5.0 to 5.0.0
2024-03-21 16:32:47 +01:00
0fb013853b
Merge pull request #6 from wneessen/dependabot/github_actions/fsfe/reuse-action-3.0.0
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
2024-03-21 16:32:37 +01:00
dependabot[bot]
3f4a9c23cc
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](3a91952989...3cfe3a4abb)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 15:31:34 +00:00
dependabot[bot]
4967c82d92
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/fsfe/reuse-action/releases)
- [Commits](28cf8f33bc...a46482ca36)

---
updated-dependencies:
- dependency-name: fsfe/reuse-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 15:31:31 +00:00
dependabot[bot]
08a58e25ad
Bump actions/setup-go from 3.5.0 to 5.0.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](6edd4406fa...0c52d547c9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 15:31:29 +00:00
dependabot[bot]
8d6a02c386
Bump github/codeql-action from 2.24.8 to 3.24.8
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.24.8 to 3.24.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2.24.8...05963f47d870e2cb19a537396c1f668a348c7d8f)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 15:31:25 +00:00
StepSecurity Bot
5897a4ece0
[StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-21 15:21:39 +00:00
5c41bef4dc
Remove CodeQL 2024-03-21 16:13:37 +01:00
df58859a4f
Update language matrix in codeql workflow
The language matrix in the .github/workflows/codeql.yml file has been updated to only include 'go'. This change removes the 'javascript-typescript' option to focus solely on Go code analysis and enhance the efficiency of the workflow process.
2024-03-21 16:10:38 +01:00
38661b29ae
Disable Autobuild and add new build commands in workflow
The Autobuild command in the .github/workflows/codeql.yml file has been commented out due to possible build failure. Instead, a new run command is added to manually build the application using Go. This change allows for more control and reliability on the build process.
2024-03-21 16:08:38 +01:00
ddc62a9a04
Add CC0-1.0 license and update workflow files
A new file, LICENSES/CC0-1.0.txt, has been created to provide the Creative Commons Zero v1.0 Universal license for the project. Additionally, SPDX headers specifying the MIT license and copyright details have been added to each of the GitHub workflow files, enhancing the clarity and compliance of the project's license utilization.
2024-03-21 16:02:13 +01:00
42e89bc2bb
Implement security improvements and workflow updates
Added SECURITY.md with details for vulnerability reporting and encryption. Introduced new workflows for dependency review, Scorecard supply-chain security, and CodeQL analysis. Made amendments to docker-publish.yml for better Docker build and publishing process. These enhancements are aimed towards improving the security stance and the efficiency of CI/CD workflows.
2024-03-21 15:47:46 +01:00
f08e92fdd4
Create docker-publish.yml 2023-12-27 18:28:01 +01:00
ea1ac393bc
Add SPDX license identifiers and update copyright year
All source code files as well as README.md, .gitignore, and various configuration files have been updated with an SPDX license identifier, changing license from CC0-1.0 to MIT. The copyright year has been updated to 2023, and the copyright holder's email address has been corrected from 'winni@neessen.dev' to 'wn@neessen.dev'. An MIT license text file has been additionally added.
2023-12-15 16:35:41 +01:00
4689c24617
Add REUSE Compliance, Golang Linter workflows and funding options
This commit introduces two new workflows for Github Actions: REUSE Compliance Check and golangci-lint. It also includes the funding options for the project in a dedicated FUNDING.yml file. These changes will enhance code quality checks and offer ways to support the project financially.
2023-12-08 14:42:27 +01:00
c5d8197070
Add SonarQube configuration and update .gitignore
This commit introduces a SonarQube configuration setup, adds an .idea/.gitignore file, and expands the root .gitignore file. The SonarQube setup includes a GitHub Actions workflow and a project properties file. The .gitignore files are updated to properly ignore files for JetBrains IDEs, local testfiles, SonarQube, and others.
2023-12-08 14:37:32 +01:00