From 503aa3817d357488b4d79b2e92985bab9c7b44e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 19:37:12 +0000 Subject: [PATCH 01/11] Bump actions/checkout from 3.6.0 to 4.0.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.6.0...v4.0.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/depsreview.yml | 2 +- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/license.yml | 2 +- .github/workflows/linux.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/reuse.yml | 4 ++-- .github/workflows/scorecards.yml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1ffba74b..447cb48e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 9aff0755..6f7c79d1 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -23,6 +23,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v3.6.0 # v3 + uses: actions/checkout@v4.0.0 # v3 - name: 'Dependency Review' uses: actions/dependency-review-action@v3 # v2 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 64b880ea..72eb7920 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -27,6 +27,6 @@ jobs: - uses: actions/setup-go@v4 with: go-version: 1.20.6 - - uses: actions/checkout@v3.6.0 + - uses: actions/checkout@v4.0.0 - name: golangci-lint uses: golangci/golangci-lint-action@v3.7.0 diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 6a5733da..063d3225 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -29,7 +29,7 @@ jobs: with: go-version: 1.20.6 - name: checkout - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 - name: Install addlicense run: go install github.com/google/addlicense@latest - name: Check license headers diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index ca92eb88..142b7adc 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -29,7 +29,7 @@ jobs: name: Go ${{ matrix.go }} build steps: - name: checkout - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - uses: actions/cache@v3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d6375202..db832553 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v3.6.0 + uses: actions/checkout@v4.0.0 - name: install go uses: actions/setup-go@v4 diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index c845c8fb..71685348 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -43,13 +43,13 @@ jobs: steps: - name: Checkout release if: ${{ inputs.tag == 'release'}} - uses: actions/checkout@v3.6.0 # v3.5.3 + uses: actions/checkout@v4.0.0 # v3.5.3 with: fetch-depth: 0 - name: Checkout image if: ${{ inputs.tag == 'image'}} - uses: actions/checkout@v3.6.0 # v3.5.3 + uses: actions/checkout@v4.0.0 # v3.5.3 - name: Unshallow if: ${{ inputs.tag == 'image'}} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index affc85a8..7f68226d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -24,7 +24,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v3.6.0 # v3.5.3 + uses: actions/checkout@v4.0.0 # v3.5.3 with: persist-credentials: false From 789dfd7c6ad8b04094bee3c0f1fd0002b6b84790 Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:25:25 -0700 Subject: [PATCH 02/11] Update depsreview.yml comment --- .github/workflows/depsreview.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 6f7c79d1..96eefdd7 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -23,6 +23,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v4.0.0 # v3 + uses: actions/checkout@v4.0.0 # v4.0.0 - name: 'Dependency Review' - uses: actions/dependency-review-action@v3 # v2 + uses: actions/dependency-review-action@v3 # v3 From 9610b4eb4e92cac9676fdd378e441b7c67cdfd5b Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:28:56 -0700 Subject: [PATCH 03/11] Update reuse.yml to use git shas --- .github/workflows/reuse.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 71685348..58b43f31 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -43,20 +43,20 @@ jobs: steps: - name: Checkout release if: ${{ inputs.tag == 'release'}} - uses: actions/checkout@v4.0.0 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: fetch-depth: 0 - name: Checkout image if: ${{ inputs.tag == 'image'}} - uses: actions/checkout@v4.0.0 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Unshallow if: ${{ inputs.tag == 'image'}} run: git fetch --prune --unshallow --tags - name: Set up Go - uses: actions/setup-go@v4 # v2.1.5 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ~1.20.6 From 0c31e4a32e14d53202beebb0a1dfade5c6bb041b Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:32:54 -0700 Subject: [PATCH 04/11] Update scorecards.yml use git shas --- .github/workflows/scorecards.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7f68226d..60888f27 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -24,7 +24,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v4.0.0 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: persist-credentials: false @@ -44,7 +44,7 @@ jobs: # Upload the results as artifacts (optional). - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: SARIF file path: results.sarif From 1522cd28ceb197ea83948b4815661a40eacc5d26 Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:34:07 -0700 Subject: [PATCH 05/11] Update codeql-analysis.yml use git sha --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 447cb48e..e29b6ca5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4.0.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL From 4e5bd5c60a290c7673f50be04d9e09b0950c7f76 Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:36:00 -0700 Subject: [PATCH 06/11] Update depsreview.yml use git shas --- .github/workflows/depsreview.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 96eefdd7..27ae96ae 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -23,6 +23,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v4.0.0 # v4.0.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: 'Dependency Review' - uses: actions/dependency-review-action@v3 # v3 + uses: actions/dependency-review-action@f6fff72a3217f580d5afd49a46826795305b63c7 # v3.0.8 From 001250e8e6891e9509f3f3c2542737d453edf79f Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:37:26 -0700 Subject: [PATCH 07/11] Update golangci-lint.yml use git shas --- .github/workflows/golangci-lint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 72eb7920..95d28c9c 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -27,6 +27,6 @@ jobs: - uses: actions/setup-go@v4 with: go-version: 1.20.6 - - uses: actions/checkout@v4.0.0 + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: golangci-lint - uses: golangci/golangci-lint-action@v3.7.0 + uses: golangci/golangci-lint-action@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 From 6aee9778fc6bdd9d4675a90c110309f5ec8785ac Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:39:35 -0700 Subject: [PATCH 08/11] Update license.yml use git shas --- .github/workflows/license.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 063d3225..b82555d7 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -25,11 +25,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: 1.20.6 - name: checkout - uses: actions/checkout@v4.0.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Install addlicense run: go install github.com/google/addlicense@latest - name: Check license headers From 78141dc879f581b4b111d1ea8adbd0fff5b494b4 Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:42:58 -0700 Subject: [PATCH 09/11] Update linux.yml use git shas --- .github/workflows/linux.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 142b7adc..0bc3ec88 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -25,14 +25,14 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go: [ '1.18.x', '1.19.x', '1.20.6' ] + go: [ '1.19.x', '1.20.x', '1.21.0' ] name: Go ${{ matrix.go }} build steps: - name: checkout - uses: actions/checkout@v4.0.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: # In order: # * Module download cache @@ -45,7 +45,7 @@ jobs: ${{ runner.os }}-go- - name: Setup go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ${{ matrix.go }} @@ -62,6 +62,6 @@ jobs: run: go test -v -race -coverprofile=coverage.txt -covermode=atomic ./... - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: file: ./coverage.txt From 07c60653991eabdb6d8c1928bb9bad15fece4e41 Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:46:25 -0700 Subject: [PATCH 10/11] Update release.yml use git shas --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index db832553..65b55a71 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,10 +24,10 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4.0.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: 1.20.6 From 8bfe43a3aac20189751433e236f3f3ab20ede3f7 Mon Sep 17 00:00:00 2001 From: Aditya Mahendrakar Date: Tue, 5 Sep 2023 06:49:11 -0700 Subject: [PATCH 11/11] Update golangci-lint.yml use git shas --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 95d28c9c..34ddc129 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -29,4 +29,4 @@ jobs: go-version: 1.20.6 - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: golangci-lint - uses: golangci/golangci-lint-action@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0