Merge remote-tracking branch 'upstream/main' into fix/orient-by-cve-m…

…erging-generics
kzantow-anchore · Jan 26, 2023 · 1eaaeae · 1eaaeae
2 parents d946f11 + c01ee9b
commit 1eaaeae
Show file tree

Hide file tree

Showing 32 changed files with 625 additions and 651 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: daily
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: daily
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -142,7 +142,7 @@ jobs:
           AC_USERNAME: ${{ secrets.ENG_CI_APPLE_ID }}
           AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }}
 
-      - uses: anchore/sbom-action@06e109483e6aa305a2b2395eabae554e51530e1d # v0.13.1
+      - uses: anchore/sbom-action@54e36e45f34bc64728f51adb8044404daca492a6 # v0.13.2
         continue-on-error: true
         with:
           artifact-name: sbom.spdx.json
@@ -157,7 +157,7 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
         if: ${{ success() }}
 
-      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: artifacts
           path: dist/**/*

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -25,7 +25,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6
+        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # tag=v2.1.2
         with:
           results_file: results.sarif
           results_format: sarif

diff --git a/.github/workflows/update-bootstrap-tools.yml b/.github/workflows/update-bootstrap-tools.yml
@@ -33,20 +33,20 @@ jobs:
           YAJSV_LATEST_VERSION=$(go list -m -json github.com/neilpa/yajsv@latest 2>/dev/null | jq -r '.Version')
 
           # update version variables in the Makefile
-          sed -r -i -e 's/^(GOLANGCILINT_VERSION = ).*/\1'${GOLANGCILINT_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(BOUNCER_VERSION = ).*/\1'${BOUNCER_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(CHRONICLE_VERSION = ).*/\1'${CHRONICLE_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(GORELEASER_VERSION = ).*/\1'${GORELEASER_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(GOSIMPORTS_VERSION = ).*/\1'${GOSIMPORTS_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(YAJSV_VERSION = ).*/\1'${YAJSV_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(GOLANGCILINT_VERSION := ).*/\1'${GOLANGCILINT_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(BOUNCER_VERSION := ).*/\1'${BOUNCER_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(CHRONICLE_VERSION := ).*/\1'${CHRONICLE_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(GORELEASER_VERSION := ).*/\1'${GORELEASER_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(GOSIMPORTS_VERSION := ).*/\1'${GOSIMPORTS_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(YAJSV_VERSION := ).*/\1'${YAJSV_LATEST_VERSION}'/' Makefile
 
           # export the versions for use with create-pull-request
-          echo "::set-output name=GOLANGCILINT::$GOLANGCILINT_LATEST_VERSION"
-          echo "::set-output name=BOUNCER::$BOUNCER_LATEST_VERSION"
-          echo "::set-output name=CHRONICLE::$CHRONICLE_LATEST_VERSION"
-          echo "::set-output name=GORELEASER::$GORELEASER_LATEST_VERSION"
-          echo "::set-output name=GOSIMPORTS::$GOSIMPORTS_LATEST_VERSION"
-          echo "::set-output name=YAJSV::$YAJSV_LATEST_VERSION"
+          echo "GOLANGCILINT=$GOLANGCILINT_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "BOUNCER=$BOUNCER_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "CHRONICLE=$CHRONICLE_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "GORELEASER=$GORELEASER_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "GOSIMPORTS=$GOSIMPORTS_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "YAJSV=$YAJSV_LATEST_VERSION" >> $GITHUB_OUTPUT
         id: latest-versions
 
       - uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # v1.7.0

diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml
@@ -99,7 +99,7 @@ jobs:
       - name: Run unit tests
         run: make unit
 
-      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: unit-test-results
           path: test/results/**/*
@@ -114,7 +114,7 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
           stable: ${{ env.GO_STABLE_VERSION }}
 
-      - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.3.0
+      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
 
@@ -155,6 +155,8 @@ jobs:
 
       - name: Run quality tests
         run: make quality
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   Integration-Test:
     # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
@@ -243,7 +245,7 @@ jobs:
       - name: Build snapshot artifacts
         run: make snapshot snapshot-docker-assets
 
-      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: artifacts
           path: snapshot/**/*
@@ -256,7 +258,7 @@ jobs:
     steps:
       - uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v2.5.0
 
-      - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
+      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: artifacts
           path: snapshot
@@ -290,7 +292,7 @@ jobs:
     steps:
       - uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v2.5.0
 
-      - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
+      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: artifacts
           path: snapshot
@@ -334,7 +336,7 @@ jobs:
           path: ${{ github.workspace }}/test/cli/test-fixtures/cache
           key: ${{ runner.os }}-cli-test-cache-${{ hashFiles('test/cli/test-fixtures/cache.fingerprint') }}
 
-      - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
+      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: artifacts
           path: snapshot