Commit graph

19 commits

Author SHA1 Message Date
b0b7b07a8a
Set permissions to read for workflow
Add 'contents: read' permissions to the GitHub Actions workflow configuration. This change enhances security by only allowing read access to the repository contents.
2024-09-16 09:56:04 +02:00
f2f653eeb6
Merge pull request #17 from wneessen/dependabot/github_actions/github/codeql-action-3.26.7
Some checks failed
CodeQL / Analyze (push) Failing after 23s
golangci-lint / lint (push) Failing after 2s
Govulncheck Security Scan / test (push) Failing after 2s
REUSE Compliance Check / test (push) Failing after 2s
Scorecard supply-chain security / Scorecard analysis (push) Failing after 2s
SonarQube / Build and analyze (push) Failing after 2s
Bump github/codeql-action from 3.26.6 to 3.26.7
2024-09-13 20:33:58 +02:00
7559b1e956
Merge pull request #12 from wneessen/dependabot/github_actions/fsfe/reuse-action-4.0.0
Bump fsfe/reuse-action from 1.3.0 to 4.0.0
2024-09-13 20:32:33 +02:00
dependabot[bot]
b1e14a709b
Bump github/codeql-action from 3.26.6 to 3.26.7
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.6 to 3.26.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.26.6...8214744c546c1e5c8f03dde8fab3a7353211988d)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-13 18:32:22 +00:00
a74296b2d2
Merge pull request #13 from wneessen/dependabot/github_actions/codecov/codecov-action-4.5.0
Bump codecov/codecov-action from 3.1.6 to 4.5.0
2024-09-13 20:32:20 +02:00
7140fed74b
Merge pull request #14 from wneessen/dependabot/github_actions/golangci/golangci-lint-action-6.1.0
Bump golangci/golangci-lint-action from 3.7.0 to 6.1.0
2024-09-13 20:32:10 +02:00
2848da6c7b
Merge pull request #15 from wneessen/dependabot/github_actions/step-security/harden-runner-2.10.1
Bump step-security/harden-runner from 2.9.1 to 2.10.1
2024-09-13 20:31:59 +02:00
cb0ddc90ce
Merge pull request #16 from wneessen/dependabot/github_actions/actions/setup-go-5.0.2
Bump actions/setup-go from 4.1.0 to 5.0.2
2024-09-13 20:31:48 +02:00
8b2121841f
Add SPDX license headers to workflow files
Included appropriate SPDX headers to ensure clear licensing information in both CodeQL and Dependabot workflow files. This improves compliance and transparency across the repository.
2024-09-13 20:30:57 +02:00
dependabot[bot]
667b3b2bd4
Bump actions/setup-go from 4.1.0 to 5.0.2
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.1.0 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4.1.0...0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-13 18:29:07 +00:00
dependabot[bot]
40f53eb9b9
Bump step-security/harden-runner from 2.9.1 to 2.10.1
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.1 to 2.10.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/v2.9.1...91182cccc01eb5e619899d80e4e971d6181294a7)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-13 18:29:05 +00:00
dependabot[bot]
1dc4e10279
Bump golangci/golangci-lint-action from 3.7.0 to 6.1.0
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 6.1.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](3a91952989...aaa42aa062)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-13 18:29:02 +00:00
dependabot[bot]
e2b9383c6e
Bump codecov/codecov-action from 3.1.6 to 4.5.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.6 to 4.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](ab904c41d6...e28ff129e5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-13 18:28:59 +00:00
dependabot[bot]
9fb780b0a4
Bump fsfe/reuse-action from 1.3.0 to 4.0.0
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action) from 1.3.0 to 4.0.0.
- [Release notes](https://github.com/fsfe/reuse-action/releases)
- [Commits](28cf8f33bc...3ae3c6bdf1)

---
updated-dependencies:
- dependency-name: fsfe/reuse-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-13 18:28:57 +00:00
StepSecurity Bot
f4d7b6b9df
[StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-09-13 18:26:26 +00:00
10d77340d5
Add security workflows for code analysis
This commit introduces three GitHub Actions workflows: `govulncheck`, `dependency-review`, and `scorecards`. These workflows enhance security by scanning for vulnerabilities, reviewing dependencies, and analyzing the supply-chain, respectively.
2024-09-11 10:58:53 +02:00
926cfc9581
Fix Go version syntax in SonarQube workflow
Corrected the Go version syntax from '1.23.x' to '1.23' in the SonarQube GitHub Action workflow configuration to ensure proper version setup. This change addresses potential issues with version resolution in the setup-go action.
2024-09-11 10:22:51 +02:00
e557e4caac
Add SonarQube integration for code analysis
Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored.
2024-09-11 10:19:00 +02:00
03f6fd14d1
Initial checkin 2024-09-01 16:01:58 +02:00