Robert Fairburn
a257a696a6
Ensure that short tags push to quay in addition to dockerhub ( #11006 )
...
This should include the short tags (such as `fleetdm/fleet:43e434b`)
when pushing to quay.io (`quay.io/fleetdm/fleet:43e434b`)
Additionally, the previous `docker buildx imagetools create` line was
only pushing a linux/amd64 image to quay. This means that for these
tags, one could not pull from quay on an arm64 Mac for example. This
update should correct that.
2023-04-05 12:04:34 -05:00
Luke Heath
bfaa8043bf
Add profiles workflow for canary team ( #10966 )
2023-04-04 15:51:07 -05:00
Luke Heath
ac983a97ab
Update the sentry environment variable name ( #10943 )
2023-04-03 14:12:16 -05:00
Robert Fairburn
fc84da1a36
Add Sentry secret to dogfood ( #10859 )
2023-03-30 12:51:12 -05:00
Robert Fairburn
0de8b58f60
Goreleaser quay push to use docker instead of podman ( #10830 )
...
This is to resolve #10693 and looks to work when it triggered on the
branch.
2023-03-30 12:46:39 -05:00
Lucas Manuel Rodriguez
40265d0e6f
Fix SMTP e-mail send when SMTP server has credentials ( #10758 )
...
#9609
This PR also fixes #10777 .
The issue is: We were using `svc.AppConfig` instead of
`svc.ds.AppConfig` to retrieve the SMTP credentials.
`svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does
not.
To help prevent this from happening again I've renamed `svc.AppConfig`
to `svc.AppConfigObfuscated`.
I've also added a new test SMTP server
(https://github.com/axllent/mailpit ) that supports Basic Authentication
and tests that make use of it to catch these kind of bugs (the tests are
executed when running `go test` with `MAIL_TEST=1`).
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 15:23:15 -03:00
Zach Wasserman
477bb53f90
Generate targets for osquery 5.8.2 ( #10802 )
2023-03-28 10:50:07 -07:00
Luke Heath
30aa31e763
Remove disable knex, install fleetctl, apply to workstations ( #10757 )
2023-03-27 09:53:05 -05:00
Luke Heath
547111d5b6
Prepare 4.29.0 ( #10610 )
2023-03-22 15:14:51 -05:00
Luke Heath
7ebf308b0c
Revert fleetctl apply token ( #10647 )
2023-03-21 12:51:41 -05:00
Luke Heath
d514998f3a
Use gitops API token ( #10639 )
2023-03-21 11:23:08 -05:00
Luke Heath
9bf4601120
Prepare 4.28.1 ( #10461 ) ( #10609 )
2023-03-20 17:11:38 -05:00
Robert Fairburn
aadfb12d51
Update dogfood deploy help_p1 webhook secret name ( #10537 )
2023-03-16 16:56:46 -05:00
Lucas Manuel Rodriguez
296b70cda3
Add CI check for spec yamls ( #10530 )
...
This is to prevent merging broken yamls.
2023-03-16 08:54:21 -03:00
Zachary Winnerman
3158da0985
Terraform version bump ( #10513 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-15 12:41:25 -04:00
Lucas Manuel Rodriguez
b0f490b4d6
Run make dump-test-schema ( #10505 )
...
Forgot to run this in https://github.com/fleetdm/fleet/pull/10478
2023-03-15 10:47:49 -03:00
Lucas Manuel Rodriguez
e926581427
Observers can observe team settings ( #10447 )
...
#9984
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- [X] Documented any permissions changes: Done by @noahtalerman, see
#10440
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- ~[ ] Manual QA for all new/changed functionality~
- For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-13 15:34:39 -03:00
Luke Heath
b3cd710286
Add MDM profiles and github workflow to apply them ( #10416 )
2023-03-10 11:23:10 -06:00
Zachary Winnerman
0ee617778a
Dogfood returns ( #10345 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-08 16:38:53 -05:00
dependabot[bot]
fdc55aabc4
Bump actions/cache from 3.0.8 to 3.2.6 ( #10268 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.8 to
3.2.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases ">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated branch in Force deletion of caches by <a
href="https://github.com/t-dedah "><code>@t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1108 ">actions/cache#1108</a></li>
<li>Fix zstd not being used after zstd version upgrade to 1.5.4 on
hosted runners by <a
href="https://github.com/pdotl "><code>@pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1118 ">actions/cache#1118</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.6 ">https://github.com/actions/cache/compare/v3...v3.2.6 </a></p>
<h2>v3.2.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Rewrite readmes by <a
href="https://github.com/jsoref "><code>@jsoref</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085 ">actions/cache#1085</a></li>
<li>Fixed typos and formatting in docs by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1076 ">actions/cache#1076</a></li>
<li>Fixing paths for OSes by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1101 ">actions/cache#1101</a></li>
<li>Release patch version update by <a
href="https://github.com/Phantsure "><code>@Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1105 ">actions/cache#1105</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jsoref "><code>@jsoref</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085 ">actions/cache#1085</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.5 ">https://github.com/actions/cache/compare/v3...v3.2.5 </a></p>
<h2>v3.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Update json5 package version by <a
href="https://github.com/vsvipul "><code>@vsvipul</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1065 ">actions/cache#1065</a></li>
<li>Cache recipes for cache, restore and save actions by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1055 ">actions/cache#1055</a></li>
<li>Add gnu tar and zstd as pre-requisites for windows self-hosted
runners by <a href="https://github.com/pdotl "><code>@pdotl</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1068 ">actions/cache#1068</a></li>
<li>Fix a whitespace typo by <a
href="https://github.com/kurtmckee "><code>@kurtmckee</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074 ">actions/cache#1074</a></li>
<li>📝 <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1045 ">#1045</a>
update using the <code>set-output</code> command is deprecated by <a
href="https://github.com/siguikesse "><code>@siguikesse</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046 ">actions/cache#1046</a></li>
<li>Fix referenced output key in save action readme by <a
href="https://github.com/ruudk "><code>@ruudk</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061 ">actions/cache#1061</a></li>
<li>Update workflows to use reusable-workflows by <a
href="https://github.com/jongwooo "><code>@jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1066 ">actions/cache#1066</a></li>
<li>Introduce add-to-project step & rename workflow files by <a
href="https://github.com/pallavx "><code>@pallavx</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077 ">actions/cache#1077</a></li>
<li>chore: Fix syntax error typo by <a
href="https://github.com/vHeemstra "><code>@vHeemstra</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081 ">actions/cache#1081</a></li>
<li>Update caching-strategies.md by <a
href="https://github.com/kpfleming "><code>@kpfleming</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084 ">actions/cache#1084</a></li>
<li>Added another usage hint to foresee <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1072 ">#1072</a>
by <a href="https://github.com/maybeec "><code>@maybeec</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089 ">actions/cache#1089</a></li>
<li>Add <code>fail-on-cache-miss</code> option by <a
href="https://github.com/cdce8p "><code>@cdce8p</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036 ">actions/cache#1036</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kurtmckee "><code>@kurtmckee</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074 ">actions/cache#1074</a></li>
<li><a
href="https://github.com/siguikesse "><code>@siguikesse</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046 ">actions/cache#1046</a></li>
<li><a href="https://github.com/ruudk "><code>@ruudk</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061 ">actions/cache#1061</a></li>
<li><a href="https://github.com/pallavx "><code>@pallavx</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077 ">actions/cache#1077</a></li>
<li><a href="https://github.com/vHeemstra "><code>@vHeemstra</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081 ">actions/cache#1081</a></li>
<li><a href="https://github.com/kpfleming "><code>@kpfleming</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084 ">actions/cache#1084</a></li>
<li><a href="https://github.com/maybeec "><code>@maybeec</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089 ">actions/cache#1089</a></li>
<li><a href="https://github.com/cdce8p "><code>@cdce8p</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036 ">actions/cache#1036</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.4 ">https://github.com/actions/cache/compare/v3...v3.2.4 </a></p>
<h2>v3.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Mint example by <a
href="https://github.com/uhooi "><code>@uhooi</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1051 ">actions/cache#1051</a></li>
<li>Fixed broken link by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1057 ">actions/cache#1057</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md ">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files > 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624 ">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689 ">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834 ">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809 ">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833 ">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810 ">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888 ">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891 ">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984 ">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="69d9d449achttps://github-redirect.dependabot.com/actions/cache/issues/1118 ">#1118</a>
from actions/pdotl/zstd-hotfix</li>
<li><a
href="8d3a1e02aab1db4b48977d4d6f7ffd8f7fa5d71595b455a0fb81b7281936https://github-redirect.dependabot.com/actions/cache/issues/1108 ">#1108</a>)</li>
<li><a
href="6998d139ddhttps://github-redirect.dependabot.com/actions/cache/issues/1105 ">#1105</a>)</li>
<li><a
href="2b8105bdaehttps://github-redirect.dependabot.com/actions/cache/issues/1101 ">#1101</a>)</li>
<li><a
href="e08330827dhttps://github-redirect.dependabot.com/actions/cache/issues/1076 ">#1076</a>)</li>
<li>Additional commits viewable in <a
href="fd5de65bc8...69d9d449achttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.8&new-version=3.2.6 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-02 13:51:13 -08:00
Zach Wasserman
f8f3a1e335
Update OSSF Scorecards action ( #10255 )
...
Based on the current recommended configuration from
https://github.com/ossf/scorecard-action#installation .
2023-03-02 09:14:42 -08:00
Zach Wasserman
2ed2940683
Generate targets for osqueryd 5.8.1 ( #10245 )
2023-03-01 17:51:15 -08:00
Lucas Manuel Rodriguez
2c6bd879f8
Notify Go and Integration CI failures to new channel ( #10235 )
2023-03-01 20:14:07 -03:00
dependabot[bot]
05d38abc35
Bump github/codeql-action from 2.1.21 to 2.2.5 ( #10220 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 2.1.21 to 2.2.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1543 ">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518 ">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access ">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517 ">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475 ">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images ">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache "><code>@actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object ">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data ">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498 ">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494 ">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/ ">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466 ">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431 ">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32dc499307https://github-redirect.dependabot.com/github/codeql-action/issues/1547 ">#1547</a>
from github/update-v2.2.5-237a258d2</li>
<li><a
href="b742728ac2237a258d2bhttps://github-redirect.dependabot.com/github/codeql-action/issues/1543 ">#1543</a>
from github/alexet/update-2.12.3</li>
<li><a
href="5972e6d72e164027e6823dde1f3512https://github-redirect.dependabot.com/github/codeql-action/issues/1540 ">#1540</a>
from cklin/expect-discarded-cache</li>
<li><a
href="d7d7567b0e0e4e857bab08d1f21d4ff3bd25eefahttps://github-redirect.dependabot.com/github/codeql-action/issues/1544 ">#1544</a>
from github/aeisenberg/clean-cache</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v2.1.21...32dc499307d133bb5085bae78498c0ac2cf762d5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2023-03-01 11:39:55 -08:00
dependabot[bot]
17ecc388ec
Bump tfsec/tfsec-sarif-action from 0.1.3 to 0.1.4 ( #10219 )
...
Bumps
[tfsec/tfsec-sarif-action](https://github.com/tfsec/tfsec-sarif-action )
from 0.1.3 to 0.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tfsec/tfsec-sarif-action/releases ">tfsec/tfsec-sarif-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.1.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Replace deprecated <code>set-output</code> usage with environment
file <code>GITHUB_OUTPUT</code> by <a
href="https://github.com/sivapalan "><code>@sivapalan</code></a> in <a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/35 ">aquasecurity/tfsec-sarif-action#35</a></li>
<li>Fix conditional expression for setting <code>TFSEC_VERSION</code> by
<a href="https://github.com/sivapalan "><code>@sivapalan</code></a> in
<a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/36 ">aquasecurity/tfsec-sarif-action#36</a></li>
<li>Forcing wget to use IPv4 by <a
href="https://github.com/jasonjanderson "><code>@jasonjanderson</code></a>
in <a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/37 ">aquasecurity/tfsec-sarif-action#37</a></li>
<li>add git and hg to docker image by <a
href="https://github.com/bobcallaway "><code>@bobcallaway</code></a> in
<a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/33 ">aquasecurity/tfsec-sarif-action#33</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/jasonjanderson "><code>@jasonjanderson</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/37 ">aquasecurity/tfsec-sarif-action#37</a></li>
<li><a
href="https://github.com/bobcallaway "><code>@bobcallaway</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/33 ">aquasecurity/tfsec-sarif-action#33</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/tfsec-sarif-action/compare/v0.1.3...v0.1.4 ">https://github.com/aquasecurity/tfsec-sarif-action/compare/v0.1.3...v0.1.4 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21ded20e8chttps://github-redirect.dependabot.com/tfsec/tfsec-sarif-action/issues/33 ">#33</a>)</li>
<li><a
href="8019886f8dhttps://github-redirect.dependabot.com/tfsec/tfsec-sarif-action/issues/37 ">#37</a>)</li>
<li><a
href="83567846f0https://github-redirect.dependabot.com/tfsec/tfsec-sarif-action/issues/36 ">#36</a>)</li>
<li><a
href="9d5437db455d34a982aa...21ded20e8chttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tfsec/tfsec-sarif-action&package-manager=github_actions&previous-version=0.1.3&new-version=0.1.4 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-01 11:37:49 -08:00
dependabot[bot]
74a86ff0ab
Bump dawidd6/action-download-artifact from 2.23.0 to 2.26.0 ( #10218 )
...
Bumps
[dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact )
from 2.23.0 to 2.26.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e780fc7bbhttps://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/227 ">#227</a>)</li>
<li><a
href="b59d8c6a6chttps://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/225 ">#225</a>)</li>
<li><a
href="5004d5476ehttps://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/219 ">#219</a>
from dawidd6/dependabot-npm_and_yarn-actions-artifact...</li>
<li><a
href="b1a9c91d1fbd10f381a9https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/218 ">#218</a>
from dawidd6/dependabot-npm_and_yarn-adm-zip-0.5.10</li>
<li><a
href="61a654a8cedcadc4bd45https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/211 ">#211</a>
from koplo199/master</li>
<li><a
href="ceeb280c4f806bb52fe0e6e25ac3a2https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/209 ">#209</a>
from dawidd6/v2</li>
<li>Additional commits viewable in <a
href="7847792dd4...5e780fc7bbhttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dawidd6/action-download-artifact&package-manager=github_actions&previous-version=2.23.0&new-version=2.26.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2023-03-01 11:32:47 -08:00
StepSecurity Bot
2154c13865
Pin actions to commit SHA ( #10204 )
...
## Summary
This pull request is created by [Secure
Repo](https://app.stepsecurity.io/securerepo ) at the request of @zwass.
Please merge the Pull Request to incorporate the requested changes.
Please tag @zwass on your message if you have any questions related to
the PR. You can also engage with the
[StepSecurity](https://github.com/step-security ) team by tagging
@step-security-bot.
## Security Fixes
### Pinned Dependencies
GitHub Action tags and Docker tags are mutable. This poses a security
risk. GitHub's Security Hardening guide recommends pinning actions to
full length commit.
- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions )
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies )
## Feedback
For bug reports, feature requests, and general feedback; please create
an issue in
[step-security/secure-repo](https://github.com/step-security/secure-repo ).
To create such PRs, please visit https://app.stepsecurity.io/securerepo .
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2023-02-28 17:55:38 -08:00
Zach Wasserman
64cd97fc83
Remove debug on failure from integration test action ( #10202 )
...
This would cause the job to take much longer to report a failure.
Instead, just add this line if debugging is necessary.
2023-02-28 17:23:52 -08:00
dependabot[bot]
0ef74017ea
Bump docker/login-action from 2.0.0 to 2.1.0 ( #10182 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from
2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases ">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Ensure AWS temp credentials are redacted in workflow logs by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/275 ">#275</a>)</li>
<li>Bump <code>@actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/252 ">#252</a>
<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/292 ">#292</a>)</li>
<li>Bump <code>@aws-sdk/client-ecr</code> from 3.53.0 to 3.186.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/298 ">#298</a>)</li>
<li>Bump <code>@aws-sdk/client-ecr-public</code> from 3.53.0 to 3.186.0
(<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/299 ">#299</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v2.0.0...v2.1.0 ">https://github.com/docker/login-action/compare/v2.0.0...v2.1.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f4ef78c080https://github-redirect.dependabot.com/docker/login-action/issues/299 ">#299</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="9ad4ce3929884eadd4f8a266232f5chttps://github-redirect.dependabot.com/docker/login-action/issues/298 ">#298</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="f97efcfbf95ae789beac71c23b5b34https://github-redirect.dependabot.com/docker/login-action/issues/292 ">#292</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li><a
href="6401d70aab67e8909cc621f251affchttps://github-redirect.dependabot.com/docker/login-action/issues/275 ">#275</a>
from crazy-max/redact-aws-creds</li>
<li>Additional commits viewable in <a
href="49ed152c8e...f4ef78c080https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2023-02-28 17:19:37 -08:00
dependabot[bot]
56b26753a5
Bump ossf/scorecard-action from 1.1.2 to 2.1.2 ( #10180 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action )
from 1.1.2 to 2.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases ">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.2</h2>
<h2>What's Changed</h2>
<h3>Fixes</h3>
<ul>
<li>🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf
statement. by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054 ">ossf/scorecard-action#1054</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2 ">https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2 </a></p>
<h2>v2.1.1</h2>
<h2>Scorecard version</h2>
<p>This release use <a
href="https://github.com/ossf/scorecard/releases/tag/v4.10.1 ">Scorecard's
v4.10.1</a></p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1 ">https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1 </a></p>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<h3>Scorecard version</h3>
<p>This release uses <a
href="https://github.com/ossf/scorecard/releases/tag/v4.10.0 ">scorecard
v4.10.0</a>.</p>
<h3>Improvements</h3>
<ul>
<li>Docker build workflow by <a
href="https://github.com/naveensrinivasan "><code>@naveensrinivasan</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/981 ">ossf/scorecard-action#981</a></li>
<li>Use root user in distroless to support GitHub Actions by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/994 ">ossf/scorecard-action#994</a></li>
<li>Disable pull_request_target by <a
href="https://github.com/laurentsimon "><code>@laurentsimon</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1031 ">ossf/scorecard-action#1031</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add PAT section explaining risks by <a
href="https://github.com/olivekl "><code>@olivekl</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1024 ">ossf/scorecard-action#1024</a></li>
<li>Make the badge text easier to copy by <a
href="https://github.com/rajbos "><code>@rajbos</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026 ">ossf/scorecard-action#1026</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joycebrum "><code>@joycebrum</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/984 ">ossf/scorecard-action#984</a></li>
<li><a href="https://github.com/rajbos "><code>@rajbos</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026 ">ossf/scorecard-action#1026</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0 ">https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0 </a></p>
<h2>v2.0.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix - Broken dockerfile by <a
href="https://github.com/naveensrinivasan "><code>@naveensrinivasan</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/979 ">ossf/scorecard-action#979</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6 ">https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6 </a></p>
<h2>v2.0.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Remove trailing space from example by <a
href="https://github.com/jamacku "><code>@jamacku</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/955 ">ossf/scorecard-action#955</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e38b1902aehttps://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055 ">#1055</a>)</li>
<li><a
href="7da02bf0d5https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054 ">#1054</a>)</li>
<li><a
href="013c0f8bd2🌱 Bump actions/dependency-review-action from 3.0.1 to
3.0.2</li>
<li><a
href="f93c094f4a🌱 Bump github/codeql-action from 2.1.36 to 2.1.37</li>
<li><a
href="ce8978e058🌱 Bump actions/upload-artifact from 3.1.0 to 3.1.1</li>
<li><a
href="5ce49db1aa🌱 Bump actions/setup-go from 3.4.0 to 3.5.0</li>
<li><a
href="15c10fcf1chttps://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047 ">#1047</a>)</li>
<li><a
href="f96da1a128🌱 Update scorecard for the panic (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045 ">#1045</a>)</li>
<li><a
href="813a825152https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044 ">#1044</a>)</li>
<li><a
href="be62ea89c1https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042 ">#1042</a>)</li>
<li>Additional commits viewable in <a
href="ce330fde6b...e38b1902aehttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=1.1.2&new-version=2.1.2 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-28 17:17:15 -08:00
Luke Heath
ac3541659d
Remove e2e tests from github test workflow ( #10176 )
2023-02-28 14:07:03 -06:00
Zach Wasserman
dfba1d2511
Update codecov action ( #10124 )
2023-02-28 09:42:49 -08:00
Zach Wasserman
e971f4510b
Remove contents:write from build-orbit action ( #10156 )
...
This is no longer needed since we use the upload action rather than
draft GitHub release.
2023-02-27 19:51:43 -08:00
dependabot[bot]
c7672db1f9
Bump goreleaser/goreleaser-action from 3.0.0 to 4.2.0 ( #9558 )
...
Bumps
[goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action )
from 3.0.0 to 4.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/goreleaser-action/releases ">goreleaser/goreleaser-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: don't depend on the GitHub API to check release by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/391 ">goreleaser/goreleaser-action#391</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v4.1.1...v4.2.0 ">https://github.com/goreleaser/goreleaser-action/compare/v4.1.1...v4.2.0 </a></p>
<h2>v4.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update Readme to reference
<code>goreleaser/goreleaser-action@v4</code> by <a
href="https://github.com/felladrin "><code>@felladrin</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/384 ">goreleaser/goreleaser-action#384</a></li>
<li>docs: fix README badge by <a
href="https://github.com/dirien "><code>@dirien</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/386 ">goreleaser/goreleaser-action#386</a></li>
<li>chore(deps): bump json5 from 2.2.0 to 2.2.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/388 ">goreleaser/goreleaser-action#388</a></li>
<li>fix: use <code>@action/github</code> by <a
href="https://github.com/caarlos0 "><code>@caarlos0</code></a> and <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/390 ">goreleaser/goreleaser-action#390</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/felladrin "><code>@felladrin</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/384 ">goreleaser/goreleaser-action#384</a></li>
<li><a href="https://github.com/dirien "><code>@dirien</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/386 ">goreleaser/goreleaser-action#386</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v4.1.0...v4.1.1 ">https://github.com/goreleaser/goreleaser-action/compare/v4.1.0...v4.1.1 </a></p>
<h2>v4.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat!: remove auto-snapshot on dirty tag by <a
href="https://github.com/caarlos0 "><code>@caarlos0</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/382 ">goreleaser/goreleaser-action#382</a></li>
<li>docs: add example when using workdir along with upload-artifact by
<a href="https://github.com/zdtsw "><code>@zdtsw</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/366 ">goreleaser/goreleaser-action#366</a></li>
<li>Fix Self-Hosted Windows Error: Expand-Archive by <a
href="https://github.com/flarco "><code>@flarco</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/379 ">goreleaser/goreleaser-action#379</a></li>
<li>chore(deps): bump minimatch from 3.0.4 to 3.1.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/383 ">goreleaser/goreleaser-action#383</a></li>
</ul>
<h2>Migrating from v3</h2>
<p>If you need the auto-snapshot feature, take a look at <a
href="https://github.com/caarlos0/goreleaser-action-v4-auto-snapshot-example ">this
example repository</a>: it's a minimal working example with all you
need.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/zdtsw "><code>@zdtsw</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/366 ">goreleaser/goreleaser-action#366</a></li>
<li><a href="https://github.com/flarco "><code>@flarco</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/379 ">goreleaser/goreleaser-action#379</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v4...v4.1.0 ">https://github.com/goreleaser/goreleaser-action/compare/v4...v4.1.0 </a></p>
<h2>v4.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: do not override GORELEASER_CURRENT_TAG by <a
href="https://github.com/caarlos0 "><code>@caarlos0</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/370 ">goreleaser/goreleaser-action#370</a></li>
</ul>
<h2>Migrating from v3</h2>
<p>If you need the auto-snapshot feature, take a look at <a
href="https://github.com/caarlos0/goreleaser-action-v4-auto-snapshot-example ">this
example repository</a>: it's a minimal working example with all you
need.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v3...v4.0.0 ">https://github.com/goreleaser/goreleaser-action/compare/v3...v4.0.0 </a></p>
<h2>v3.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/374 ">#374</a>)</li>
<li>chore(deps): bump <code>@actions/core</code> from 1.9.1 to 1.10.0
(<a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/372 ">#372</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f82d6c1c34https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/391 ">#391</a>)</li>
<li><a
href="9754a253a8https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/390 ">#390</a>)</li>
<li><a
href="b1a238106bb1ffc5d990https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/388 ">#388</a>)</li>
<li><a
href="256e4b8b28a7c543ca7ahttps://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/386 ">#386</a>)</li>
<li><a
href="13f1e21a50https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/384 ">#384</a>)</li>
<li><a
href="8f67e590f278df308971https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/383 ">#383</a>)</li>
<li><a
href="66134d94a768acf3b1ad...f82d6c1c34https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=goreleaser/goreleaser-action&package-manager=github_actions&previous-version=3.0.0&new-version=4.2.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 18:22:01 -08:00
dependabot[bot]
673a4465cc
Bump stefanprodan/helm-gh-pages from 1.5.0 to 1.7.0 ( #8804 )
...
Bumps
[stefanprodan/helm-gh-pages](https://github.com/stefanprodan/helm-gh-pages )
from 1.5.0 to 1.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanprodan/helm-gh-pages/releases ">stefanprodan/helm-gh-pages's
releases</a>.</em></p>
<blockquote>
<h2>v1.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Allow private helm repo auth in dependencies by <a
href="https://github.com/zzorica "><code>@zzorica</code></a> in <a
href="https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/pull/35 ">stefanprodan/helm-gh-pages#35</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/zzorica "><code>@zzorica</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/pull/35 ">stefanprodan/helm-gh-pages#35</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/stefanprodan/helm-gh-pages/compare/v1.6.0...v1.7.0 ">https://github.com/stefanprodan/helm-gh-pages/compare/v1.6.0...v1.7.0 </a></p>
<h2>v1.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for alias:<!-- raw HTML omitted --> in dependencies
check by <a
href="https://github.com/paulcarlton-ww "><code>@paulcarlton-ww</code></a>
in <a
href="https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/pull/32 ">stefanprodan/helm-gh-pages#32</a></li>
<li>Update Helm to v3.10.0 by <a
href="https://github.com/stefanprodan "><code>@stefanprodan</code></a>
in <a
href="https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/pull/33 ">stefanprodan/helm-gh-pages#33</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/stefanprodan/helm-gh-pages/compare/v1.5.0...v1.6.0 ">https://github.com/stefanprodan/helm-gh-pages/compare/v1.5.0...v1.6.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0ad2bb3773https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/issues/35 ">#35</a>
from zzorica/allow-private-helm-repo-auth-in-dependencies</li>
<li><a
href="86e9903900a5c9252781https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/issues/33 ">#33</a>
from stefanprodan/helm-3.10.0</li>
<li><a
href="844812954cb97c7e37c5https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/issues/32 ">#32</a>
from paulcarlton-ww/debug</li>
<li><a
href="84568715a3aa53926042a77eeb9630ce5cd1646e13eb32b03bb43a8719cc...0ad2bb3773https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanprodan/helm-gh-pages&package-manager=github_actions&previous-version=1.5.0&new-version=1.7.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 18:17:32 -08:00
dependabot[bot]
527cb0a622
Bump aws-actions/amazon-ecr-login from 1.5.0 to 1.5.3 ( #8507 )
...
Bumps
[aws-actions/amazon-ecr-login](https://github.com/aws-actions/amazon-ecr-login )
from 1.5.0 to 1.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/amazon-ecr-login/releases ">aws-actions/amazon-ecr-login's
releases</a>.</em></p>
<blockquote>
<h2>v1.5.3</h2>
<p>See the <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/HEAD/CHANGELOG.md ">changelog</a>
for details about the changes included in this release.</p>
<h2>v1.5.2</h2>
<p>See the <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/HEAD/CHANGELOG.md ">changelog</a>
for details about the changes included in this release.</p>
<h2>v1.5.1</h2>
<p>See the <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/HEAD/CHANGELOG.md ">changelog</a>
for details about the changes included in this release.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/main/CHANGELOG.md ">aws-actions/amazon-ecr-login's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version ">standard-version</a>
for commit guidelines.</p>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.5.2...v1.5.3 ">1.5.3</a>
(2022-10-29)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.5.1...v1.5.2 ">1.5.2</a>
(2022-10-18)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.5.0...v1.5.1 ">1.5.1</a>
(2022-08-04)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>reverted change that masked Docker credentials (<a
href="7d073b66cchttps://github.com/aws-actions/amazon-ecr-login/compare/v1.4.0...v1.5.0 ">1.5.0</a>
(2022-06-27)</h2>
<h3>Features</h3>
<ul>
<li>added ECR Public Registry support (<a
href="b4f084e928https://github.com/aws-actions/amazon-ecr-login/compare/v1.3.3...v1.4.0 ">1.4.0</a>
(2022-05-20)</h2>
<h3>Features</h3>
<ul>
<li>output docker credentials after login (<a
href="57206dc28cd121236bfd45a78e2dabhttps://github.com/aws-actions/amazon-ecr-login/compare/v1.3.2...v1.3.3 ">1.3.3</a>
(2021-02-15)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.3.1...v1.3.2 ">1.3.2</a>
(2021-02-01)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.3.0...v1.3.1 ">1.3.1</a>
(2020-11-24)</h3>
<h2><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.2.2...v1.3.0 ">1.3.0</a>
(2020-10-29)</h2>
<h3>Features</h3>
<ul>
<li>optional skipping of docker registries logout in post step (<a
href="https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/78 ">#78</a>)
(<a
href="dd3fdeeb95https://github.com/aws-actions/amazon-ecr-login/compare/v1.2.1...v1.2.2 ">1.2.2</a>
(2020-10-05)</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="261a7de32b3e4df454b5https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/330 ">#330</a>
from aws-actions/docs</li>
<li><a
href="c77259b767383620b24dhttps://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/352 ">#352</a>
from aws-actions/dependabot/npm_and_yarn/actions/core...</li>
<li><a
href="8ccaf47755eb9a709a70ba4f9ee500https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/355 ">#355</a>
from aws-actions/dependabot/npm_and_yarn/eslint-8.25.0</li>
<li><a
href="a1ac76b296c21dbea0d3https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/356 ">#356</a>
from aws-actions/dependabot/npm_and_yarn/aws-sdk-2.12...</li>
<li><a
href="e70c985d14https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/354 ">#354</a>
from gotoeveryone/chore/update-runtime-to-node16</li>
<li>Additional commits viewable in <a
href="b874a33292...261a7de32bhttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-actions/amazon-ecr-login&package-manager=github_actions&previous-version=1.5.0&new-version=1.5.3 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 18:15:16 -08:00
Luke Heath
71f2a62b4c
Prepare for 4.28.0 ( #10103 )
2023-02-27 15:19:15 -08:00
Zach Wasserman
2a7b7100dd
Update Orbit to use CGO on Linux ( #9846 )
2023-02-21 18:49:13 -08:00
Lucas Manuel Rodriguez
2e199dcdab
Fix golangci-lint issue and run Github action on all OSs ( #9944 )
...
We have code that builds conditionally depending on the platform (mostly
Orbit code) so we should run `golangci-lint` checks on all OSs.
This adds it to run on macOS, for Windows see:
https://github.com/fleetdm/fleet/issues/9943
2023-02-21 14:30:45 -03:00
Luke Heath
bc2c6e59f5
Update node-sass frontend dependency ( #9954 )
...
Due to the update in https://github.com/fleetdm/fleet/pull/9950 we need
to update our version of `node-sass` to support Node 19.
2023-02-20 14:23:19 -06:00
Zach Wasserman
4669d8c474
Generate Nudge targets in CI ( #9845 )
...
Tooling to generate targets in CI for #9798 .
---------
Co-authored-by: Roberto Dip <me@roperzh.com>
2023-02-20 09:23:56 -08:00
Luke Heath
13e821d059
Prepare for 4.27.1 ( #9885 )
2023-02-17 19:19:02 -08:00
Zach Wasserman
991858d6d5
Pull go version from GitHub variables for Fleet release builds ( #9883 )
2023-02-16 11:52:09 -06:00
Lucas Manuel Rodriguez
d4a1b4d218
Add CIS checks for 2.9.X and add pmset table to fleetd ( #9470 )
...
#9253
- ~[ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.~
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
2023-02-08 13:08:17 -03:00
Luke Heath
b3daf3d715
Prepare for 4.27.0 ( #9683 )
2023-02-03 17:03:06 -08:00
Zach Wasserman
7299879365
Generate targets for osqueryd 5.7.0 ( #9115 )
...
5.7.0 is now released.
2023-01-30 17:29:19 -08:00
Eric
4fd1efe98a
Website: Add API to send signed CSR emails ( #8408 )
...
This pull request relies on the `mdm-gen-cert` command from
https://github.com/fleetdm/fleet/pull/8884 .
Closes: https://github.com/fleetdm/fleet/issues/8223
Changes:
- Updated the deploy Fleet website workflow to:
- Add Go as a dependency
- Build the mdm-gen-cert binary in `/website/.tools/`
- add the `/.tools/` folder to the Heroku app
- Added `deliver-apple-csr.js` - an API that:
- can be called by making a `POST` request to
`/api/v1/deliver-apple-csr`
- accepts `csr` as an input
- runs the `mdm-gen-cert` command with the `csr` set as an environment
variable
- returns an `invalidEmailDomain` response if the user's email domain is
in the array of banned email domains.
- saves the users organization and email address to the website's
database
- Sends an email to the requesting user's email address with the signed
CSR attached as a text file named `apple-apns-request.txt`
- Posts a message to a channel in the Fleet Slack.
- Added a new model: `CertificateSigningRequests` that contains two
required attributes: `emailAddress` and `organization`
- Added a new email template `email-signed-csr-for-apns`
- Updated routes, policies, eslintrc, and rebuilt cloud-sdk
Before this can be merged, we will need to:
- [x] Add new config variables in Heroku
- [x] `sails.config.custom.mdmVendorCertPem`
- [x] `sails.config.custom.mdmVendorKeyPem`
- [x] `sails.config.custom.mdmVendorKeyPassphrase`
- [x] `sails.config.custom.slackWebhookUrlForMDMSignups`
- [x] Add the `CertificateSigningRequests` model to the website's
database
2023-01-19 14:43:14 -06:00
Luke Heath
b6a6ac454f
Prepare for 4.26.0 ( #9326 )
2023-01-13 16:26:22 -08:00
Eric
47d43d5307
Website: fix failing GitHub workflows ( #9285 )
...
Changes:
- Updated the `build-static-content` script to use a GitHub API token
for requests if one is provided e.g., `sails run build-static-content
--githubAccessToken="foo"`
- Updated the `build-for-prod` npm script to run the
`build-static-content` script with a variable named `BUILD_SCRIPT_ARGS`.
- Updated the "Deploy Fleet website" and "Test Fleet website" workflows
to run the `build-for-prod` script with a GitHub API token
. .
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
2023-01-11 13:31:20 -06:00
Lucas Manuel Rodriguez
ac22aadc13
Fleet server and tooling to use NETWORK_TEST_GITHUB_TOKEN when environment variable is set. ( #9143 )
...
* WIP
* Add more logging
* Check rate limit at end of action
* Add github client in more places
* Add new published firefox 93 vulnerabilities to tests
* Remove fmt printfs
* Restore CI check settings
* Readd newline
2023-01-03 14:56:11 -03:00
Zach Wasserman
33c0cb990d
Test larger runner for E2E test action ( #9066 )
2022-12-23 09:37:03 -08:00
Luke Heath
54e8b3e250
Prepare for 4.25.0 ( #9113 )
2022-12-22 15:13:24 -08:00
Zach Wasserman
e941adfaaa
Use ubuntu-20.04 runner for Fleet build ( #9114 )
...
A customer had a seccomp profile that seemed to be incompatible with the
changes in glibc in ubuntu-22.04. Setting the builder back to 20.04
explicitly to resolve this issue.
2022-12-22 14:48:41 -08:00
Eric
98c2ef98f7
Update test-website.yml ( #9042 )
2022-12-21 10:29:56 -06:00
Marcos Oviedo
605ae861c9
Windows installer now ensures that legacy osquery installations gets removed during clean install ( #9048 )
...
This relates to #8891 .
This PR introduces Wix custom actions usage.
2022-12-19 16:06:44 -08:00
Tomas Touceda
45e0a14700
Add quay push ( #8967 )
...
* Add quay push to the snapshot pusher to start
* Tags need to be just the tag part in this one
* Put the tag in a variable
* Fix typos
* Switch up how we define registry to see if it finds the image like this
* Add quay push everywhere else
2022-12-12 14:15:06 -03:00
Tomas Touceda
71dbb71df4
Update go to 1.19.4 ( #8945 )
...
* Update go to 1.19.4
* Comment out failing package test
* Comment out ALL the packaging tests for windows for the moment
* Update go to 1.19.4
* Comment out failing package test
* Comment out ALL the packaging tests for windows for the moment
* Update changelog
* Bump versions
* Update changelog to reflect this being a security release
2022-12-09 11:47:17 -03:00
Robert Fairburn
41feacad4d
Fix confusion with tags on dogfood deploy workflow ( #8964 )
...
* Fix confusion with tags on dogfood deploy workflow
* Update .github/workflows/dogfood-deploy.yml
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
2022-12-08 12:11:33 -06:00
Michal Nicpon
10b3179b63
Add fleetctl generate mdm-apple ( #8812 )
2022-12-07 18:24:42 +01:00
Roberto Dip
743ac46a09
disable fleetctl preview tests on macos ( #8911 )
2022-12-02 11:29:38 -03:00
Marcos Oviedo
ff9206655a
Fixing UninstallString to properly include msiexec /x call ( #8857 )
...
* Fixing UninstallString to properly include msiexec /x call
2022-11-28 20:18:28 -03:00
Zach Wasserman
efbe4c0777
Update Go to 1.19.3 ( #8525 ) ( #8614 )
...
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2022-11-08 13:03:23 -03:00
Zach Wasserman
875df496b1
Generate targets for osqueryd 5.6.0 ( #8355 )
2022-11-07 15:15:52 -08:00
Zach Wasserman
1920e64b93
Update Desktop version to 1.3.1 ( #8397 )
2022-11-07 15:15:21 -08:00
Luke Heath
8fb57d365b
Remove cypress dashboard ( #8518 )
2022-11-01 10:32:30 -05:00
Roberto Dip
e5f38f0015
fix integration.yml CI workflow by setting a Go version ( #8516 )
...
We don't have a `matrix.go-version` defined, so the task was using
`go1.17.13` as the default.
This explicitly sets the version to `go1.19.1`, I didn't use a `matrix`
definition because at least for now, we only want to run this test using a
single Go version.
Since I was there, I also updated test-native-tooling-packaging.yml to
use `go1.19.1` too.
2022-11-01 09:34:52 -03:00
Eric
a5ba469e41
update build-storybook step ( #8503 )
2022-10-31 14:02:29 -05:00
Guillaume Ross
75a9419412
8241 trivy ignore file action ( #8345 )
...
* Create .trivyignore
Adding original trivy ignore file. Working to resolve/document more of the findings, especially around go.mod. Will add a github action as well.
* Adding default trivy scan for testing
* Update trivy_scan.yml
Making it manual + daily for now
* Update trivy_scan.yml
updating name
* Renamed + configured Trivy scan
2022-10-31 10:50:29 -04:00
Eric
149a908b82
move build-storybook step ( #8492 )
2022-10-31 09:19:20 -05:00
Roberto Dip
96014148a8
run apt update before installing packages in golangci-lint ( #8487 )
2022-10-31 09:43:26 -03:00
Eric
c6698e242f
Website: Add storybook to Fleet website ( #8203 )
...
* Add build storybook to deploy website workflow
* add assets/storybook folder to .gitignore & .eslintIgnore
* Revert changes to website/.gitignore
* revert whitespace change
* Update deploy-fleet-website.yml
2022-10-28 19:48:14 -05:00
Marcos Oviedo
131cc7eeec
Orbit MSI installer now includes the necessary manifest file to use windows_event_log as a logger_plugin. ( #8343 )
...
* Orbit MSI installer now includes the necessary manifest file to use windows_event_log as a logger_plugin
2022-10-27 10:19:30 -03:00
Marcos Oviedo
8b77939494
Fixed an Orbit MSI installer bug that caused Orbit files not to be removed during uninstallation ( #8333 )
2022-10-25 09:00:37 -03:00
Michal Nicpon
56f3cb62ef
add concurrency to ci ( #8271 )
...
* add concurrency to ci
* add readme for workflows
2022-10-24 14:01:00 -06:00
Lucas Manuel Rodriguez
2bb7661b91
Update Fleet Desktop version to 1.3.0 ( #8202 )
2022-10-21 09:58:03 -07:00
Marcos Oviedo
ec3f49881f
8009 fleet desktop icon duplication ( #8017 )
...
* Adding a new synchronization mechanism between fleet-desktop app and Orbit service. Improved windows service teardown to ensure that fleet-desktop does not get force killed without getting signaled. Improved windows process enumeration to avoid unnecessary delays during windows service start and windows service teardown. Updating windows service to reflect service teardown extra time due to synchronization.
2022-10-13 10:58:37 -03:00
Lucas Manuel Rodriguez
bec3824ddb
Update mk-ca-bundle.pl tool in repository ( #8184 )
...
* Update mk-ca-bundle.pl in repository
* Update certs.pem with new version of mk-ca-bundle.pl
* Add extra check against curl.se site
2022-10-12 12:01:18 -03:00
Roberto Dip
174f894b53
fix migration order check by only checking additions ( #8172 )
...
this modifies the migration order CI check to only check for added files
by:
1. Escaping the blob we give to git, so bash doesn't perform expansion,
this lets git handle the blob matching, which for reasons I don't
fully understand allows to find file renames.
2. Applying `--diff-filter=A`, which makes git only list file additions.
2022-10-11 16:31:40 -03:00
Roberto Dip
2bb4ec2e6d
add script to check for migration order ( #7803 )
...
Related to #6142 , this adds a CI check for the order of migrations.
As I noted in a comment on the workflow file, it's important to keep in mind that some migrations might still go unnoticed even with this check, example:
1. PR1 adds a migration, CI check pass
2. PR2 adds a migration, CI pass, gets merged
3. PR1 can still be merged because the CI checks aren't run again
The check will fail in `main` however, so if we find the current script to be reliable, we could setup a Slack ping or something similar, to make sure somebody takes a look
2022-10-11 15:36:15 -03:00
dependabot[bot]
35ae71502f
Bump actions/setup-go from 3.2.1 to 3.3.0 ( #7470 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](84cbf80943...268d8c0ca0
2022-10-10 18:55:13 -03:00
Michal Nicpon
9056b22874
set default shell in workflows ( #8108 )
...
* wait for mysql in workflows
2022-10-07 09:43:56 -06:00
Lucas Manuel Rodriguez
127d18642d
Run TUF CI checks on ubuntu-latest ( #8088 )
...
* Run TUF CI checks on ubuntu-latest
* Add itself to path
2022-10-05 19:59:11 -03:00
Martin Angers
ec75fb10b2
Fix CI tests for Go ( #8079 )
2022-10-04 15:48:14 -04:00
Eric
fba863f1e1
Update test-website.yml ( #8076 )
2022-10-04 12:52:00 -05:00
Zach Wasserman
44dc5ab175
Add handling for Apple Team ID in Notarization ( #7991 )
...
Fleet's Notarization workflows no longer work without this argument, so this is added as an optional argument for Notarization.
2022-10-04 09:48:21 -07:00
Guillaume Ross
e48fbad3ac
Adding the schema path to the fleet website deployment workflow ( #8063 )
2022-10-03 12:20:30 -04:00
Zachary Winnerman
7e69a34f51
Make the github action fail if used on the main branch ( #7967 )
2022-09-29 17:30:47 +00:00
Martin Angers
7356378d0f
Update hashicorp/aws provider version for loadtesting and add CI validation ( #7937 )
...
* Update hashicorp/aws provider version for loadtesting and add CI validation
* Update name of the new workflow
2022-09-28 09:38:56 -05:00
Zach Wasserman
a106e1af83
Update Fleet Desktop version ( #7961 )
2022-09-27 19:22:40 -07:00
Zach Wasserman
855cca9368
Update notarization to use notarytool ( #7962 )
...
Updating from github.com/mitchellh/gon (old API) to the newer xcrun notarytool.
See https://github.com/fleetdm/fleet/actions/runs/3132173324/jobs/5084249006 for example run.
2022-09-27 08:25:42 -07:00
Marcos Oviedo
381f628be7
Bug 7874: Adding SCM calls to register Orbit as a windows service ( #7934 )
...
* Bug 7874: Adding SCM calls to register Orbit as a windows service
2022-09-27 11:52:41 -03:00
Martin Angers
84903deffb
Remove gotestfmt formatting on CI ( #7939 )
2022-09-26 11:37:21 -04:00
Gabriel Hernandez
fca5ad3158
add edit agent options activity text ( #7695 )
2022-09-23 12:05:07 -04:00
Luke Heath
a6dd4c3d0c
Add Cypress dashboard to CI ( #7899 )
2022-09-22 13:52:22 -05:00
Lucas Manuel Rodriguez
1a6380d590
Fix deprecated virtual runner and golangci-lint deprecated checkers ( #7716 )
2022-09-13 10:48:21 -03:00
Tomas Touceda
8457e55b53
Bump go to 1.19.1 ( #7690 )
...
* Bump go to 1.19.1
* Bump remaining go-version to the 1.19.1
* Add extra paths for test-go
* Oops, putting the right path in the right place
* gofmt file
* gofmt ALL THE THINGS
* Moar changes
* Actually, go.mod doesn't like minor versions
2022-09-12 20:32:43 -03:00
Roberto Dip
2397d744a2
fix conditional clauses to run workflows ( #7580 )
...
In https://github.com/fleetdm/fleet/pull/7399 we accidentally:
1. added a condition to `.github/workflows/fleet-and-orbit.yml` that always evaluates to `false` making this workflow always fail
2. modified the condition of `.github/workflows/fleetctl-preview-latest.yml`
This reverts those changes.
2022-09-06 10:20:45 -03:00
Roberto Dip
43785428fb
add workflow to test for uncommited schema changes ( #7467 )
...
This adds a new workflow to CI in order to test that the PR doesn't contain uncommited schema changes, which are the source of many merge conflicts and developer frustration.
2022-08-31 10:47:58 -03:00
dependabot[bot]
74839bc134
Bump dawidd6/action-download-artifact from 2.22.0 to 2.23.0 ( #7471 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.22.0 to 2.23.0.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](ea71f332a9...7847792dd4
2022-08-31 07:49:57 -03:00
dependabot[bot]
200ddfaaff
Bump actions/checkout from 2 to 3.0.2 ( #7301 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...2541b1294d2704b0964813337f33b291d3f8596b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-31 07:44:22 -03:00
dependabot[bot]
fda99bf3ca
Bump github/codeql-action from 2.1.17 to 2.1.21 ( #7400 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.17 to 2.1.21.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0c670bbf04...c7f292ea4f
2022-08-31 07:42:53 -03:00
dependabot[bot]
9e18a33eff
Bump actions/cache ( #7344 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 to 3.0.8. This release includes the previously tagged commit.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](661fd3eb7f...fd5de65bc8
2022-08-31 07:41:09 -03:00
Roberto Dip
715f320be1
reduce scope in which packaging and preview actions are run ( #7429 )
2022-08-29 15:38:30 -03:00
Roberto Dip
3d75ddcdc2
increase the CI timeout to install Docker on macOS ( #7430 )
...
in #7399 we reduced the timeout to 10 minutes, however there are multiple timing out and failing on main on the install docker step.
2022-08-29 12:50:16 -03:00
Michal Nicpon
f7b394b1a3
fix brew install warning ( #7399 )
2022-08-25 15:26:02 -06:00
Zach Wasserman
ecb428a904
Prepare for Orbit 1.1.0 ( #7315 )
2022-08-19 08:27:50 -07:00
Zach Wasserman
abe76968f7
Generate targets for osquery 5.5.1 ( #7290 )
2022-08-19 08:15:24 -07:00
Zach Wasserman
c3ab51bea5
Generate targets for osquery 5.5.0 ( #7265 )
2022-08-18 15:00:58 +00:00
Roberto Dip
05ddeade90
add back-end implementation for SSO JIT provisioning ( #7182 )
...
Related to #7053 , this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 14:42:33 -03:00
dependabot[bot]
6f0e0873ca
Bump golang from 1.18.4-bullseye to 1.19.0-bullseye ( #7039 )
...
* Bump golang from 1.18.4-bullseye to 1.19.0-bullseye
Bumps golang from 1.18.4-bullseye to 1.19.0-bullseye.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update other golang deps as well
* Update missing go mods
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2022-08-10 17:00:01 -03:00
dependabot[bot]
56ea9ee1b3
Bump dawidd6/action-download-artifact from 2.21.1 to 2.22.0 ( #7132 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.21.1 to 2.22.0.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](6765a42d86...ea71f332a9
2022-08-09 16:02:11 -03:00
Roberto Dip
bfd98557f9
update golangci-lint version ( #7115 )
2022-08-09 15:42:35 -03:00
Roberto Dip
e40c5b02c1
lock Docker version to 4.10.0 on macOS runners ( #7082 )
...
The macOS runners installing Docker are having problems initializing the new Docker version (4.11.0) which effectively blocks PRs with Go code.
This locks the Docker version we install to 4.10.0, which works until we figure out a solution or a new Docker version goes out.
2022-08-05 14:21:54 -03:00
dependabot[bot]
a8a41fce31
Bump github/codeql-action from 2.1.16 to 2.1.17 ( #6952 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3e7e3b32d0...0c670bbf04
2022-08-02 09:18:44 -03:00
Zach Wasserman
b3a575b023
Remove semgrep from Actions ( #6847 )
...
Sadly, this never saw the love it needed to bring value. No opposition
to bringing it back later, but removing it for now.
2022-07-25 10:53:06 -07:00
dependabot[bot]
90e3838134
Bump returntocorp/semgrep-action ( #6828 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from 1c1ab0c45ee0495c4ce90cee74ee548e177e054b to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](1c1ab0c45e...ec5cff3867
2022-07-25 08:45:15 -07:00
dependabot[bot]
ff2afa8be0
Bump returntocorp/semgrep-action ( #6483 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from 177d02a2d1c3f89e977083f7d979dc946b12323d to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](177d02a2d1...1c1ab0c45e
2022-07-21 18:47:13 -07:00
Eric
47a80ad483
Update deploy fleet website to run when an article has been updated ( #6545 )
2022-07-21 19:01:43 -05:00
Robert Fairburn
126fedfcd3
Allow VPN Access into Dogfood ( #6805 )
2022-07-21 13:38:50 -05:00
Zach Wasserman
a87736de5d
Bump Fleet Desktop version to 1.0.0 ( #6691 )
2022-07-19 08:01:28 -03:00
Lucas Manuel Rodriguez
2d3fff7f59
Do not use deprecated macos-10.15 runner ( #6724 )
2022-07-19 08:00:27 -03:00
Zach Wasserman
c9d173e974
Make targets for osquery 5.4.0 ( #6536 )
2022-07-18 14:25:55 -03:00
dependabot[bot]
ec31f523eb
Bump actions/setup-go from 3.2.0 to 3.2.1 ( #6590 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](b22fbbc292...84cbf80943
2022-07-18 14:24:51 -03:00
dependabot[bot]
f30a31012e
Bump github/codeql-action from 2.1.15 to 2.1.16 ( #6646 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3f62b754e2...3e7e3b32d0
2022-07-18 14:23:31 -03:00
Roberto Dip
86366b2ed8
add a new S3 datastore to retrieve pre-built packages ( #6631 )
...
Related to #6365 , this extends the datastore/s3 package to retrieve installers from S3 according to the conventions listed in the parent issue. This also includes:
- A minor refactor to decouple Carves-related functionality from the core S3 functionality
- Set-up to run tests using minio (only enabled via the FILE_STORAGE_TEST env flag)
2022-07-14 14:14:24 -03:00
Benjamin Edwards
dc40c80e2e
add tf vars for cloudwatch log retention & rds snapshot backup retention ( #6532 )
...
* add tf vars for cloudwatch log retention & rds snapshot backup retention, update github workflow to deploy new dogfood configurations for new tf vars
* typo and tf fmt
2022-07-11 15:30:36 -04:00
dependabot[bot]
b26a5cdb4e
Bump github.com/open-policy-agent/opa from 0.40.0 to 0.42.0 ( #6537 )
...
* Bump github.com/open-policy-agent/opa from 0.40.0 to 0.42.0
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) from 0.40.0 to 0.42.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.40.0...v0.42.0 )
---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
* Include go.* files in tests
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2022-07-11 14:58:27 -03:00
Roberto Dip
78fbf4c35a
tag fleetdm/fleetctl docker image before pushing to Hub ( #6585 )
2022-07-11 14:57:54 -03:00
Roberto Dip
6a1724a474
add a workflow to build and push fleetdm/fleetctl images ( #6533 )
2022-07-11 10:32:40 -03:00
Roberto Dip
f7dd8c86cd
implement a docker image to package orbit natively in Linux ( #6504 )
...
Related to #6364 and #6363 , this:
- Adds a new Docker image, `fleetdm/fleetctl` equipped with all necessary dependencies to build Fleet-osquery binaries for all platforms
- Modifies the package generation logic to special case this scenario via an environment variable `FLEETCTL_NATIVE_TOOLING`
- Adds a new GitHub workflow to test this
There are more details in the README, but part of the special-casing logic is in place to output the binaries to a folder named `build` when they are run with `FLEETCTL_NATIVE_TOOLING`, this is so we can persist the binary generated by the docker container via a bind mount:
```bash
docker run -v "$(pwd):/build" fleetdm/fleetctl package --type=msi
```
To test this changeset, I have generated packages for all platforms, both via the new Docker image and via the classic `fleetctl package`.
2022-07-11 09:49:13 -03:00
Lucas Manuel Rodriguez
a336ed61e5
Add gotestfmt to improve test output and fix flaky tests ( #6528 )
2022-07-11 08:12:33 -03:00
Lucas Manuel Rodriguez
e92ea532b6
Orbit to cleanup extension socket at startup ( #6474 )
...
* Orbit to cleanup extension socket at startup
* Remove extra quote
2022-07-01 16:56:37 -03:00
dependabot[bot]
3da9f6cb38
Bump ossf/scorecard-action from 1.0.4 to 1.1.2 ( #6419 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...ce330fde6b
2022-06-28 18:31:37 -07:00
dependabot[bot]
985eccc442
Bump dawidd6/action-download-artifact from 2.19.0 to 2.21.1 ( #6418 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.19.0 to 2.21.1.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](b2abf17054...6765a42d86
2022-06-28 18:31:16 -07:00
dependabot[bot]
690595f9b3
Bump returntocorp/semgrep-action ( #6417 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from 619fcfc626fd7b93e0f350c46e67671f2c962265 to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](619fcfc626...177d02a2d1
2022-06-28 18:30:50 -07:00
dependabot[bot]
c160588ef3
Bump aws-actions/amazon-ecr-login from 1.3.3 to 1.5.0 ( #6404 )
...
Bumps [aws-actions/amazon-ecr-login](https://github.com/aws-actions/amazon-ecr-login ) from 1.3.3 to 1.5.0.
- [Release notes](https://github.com/aws-actions/amazon-ecr-login/releases )
- [Changelog](https://github.com/aws-actions/amazon-ecr-login/blob/main/CHANGELOG.md )
- [Commits](aaf69d68aa...b874a33292
2022-06-28 18:30:25 -07:00
dependabot[bot]
314afc694b
Bump tfsec/tfsec-sarif-action from 0.1.0 to 0.1.3 ( #6415 )
...
Bumps [tfsec/tfsec-sarif-action](https://github.com/tfsec/tfsec-sarif-action ) from 0.1.0 to 0.1.3.
- [Release notes](https://github.com/tfsec/tfsec-sarif-action/releases )
- [Commits](56bc584a83...5d34a982aa
2022-06-28 18:29:11 -07:00
dependabot[bot]
39192a2b89
Bump docker/login-action from 1.14.1 to 2 ( #5598 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.14.1 to 2.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](dd4fa0671b...49ed152c8e
2022-06-28 18:27:48 -07:00
dependabot[bot]
c90b4b8d50
Bump github/codeql-action from 2.1.11 to 2.1.15 ( #6416 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.11 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a3a6c128d7...3f62b754e2
2022-06-28 18:26:55 -07:00
dependabot[bot]
15873bfbe2
Bump codecov/codecov-action from 3.0.0 to 3.1.0 ( #5310 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814
2022-06-28 18:26:00 -07:00
dependabot[bot]
d317b2792c
Bump returntocorp/semgrep-action ( #5309 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from a9f6c903be5b9bc982d6be6f9312146daa4964b5 to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](a9f6c903be...619fcfc626
2022-06-28 18:25:28 -07:00
dependabot[bot]
3b86836c3f
Bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #5835 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6673cd052c...3cea537223
2022-06-22 16:07:08 -03:00
Zach Wasserman
7cede96089
Generate osqueryd target from DEB package ( #6258 )
...
The DEB packages have a stripped (smaller) binary rather than the
unstripped binary in the tarball.
2022-06-20 11:13:01 -07:00
Zach Wasserman
8228681119
Bump Fleet Desktop version ( #6255 )
2022-06-16 18:34:30 -07:00
Zach Wasserman
12d915531e
Build universal macOS binaries for Orbit ( #6208 )
2022-06-13 19:43:47 -03:00
Zach Wasserman
ca1c8ffd58
Generate targets for osquery 5.3.0 ( #6188 )
2022-06-13 08:04:21 -07:00
Lucas Manuel Rodriguez
4cfeaa1580
Do not use golangci action for better reproducibility (use make lint-go) ( #6175 )
...
* Do not use golangci action for better reproducibility
* Add fix to trigger build
* Fix all reported issues
* fix more lint errors
* Add missing import
* Remove unused method
* Remove change not necessary
2022-06-10 18:52:24 -03:00
Lucas Manuel Rodriguez
33bb7886b6
Add automation for orbit shell (with TUF) ( #5856 )
...
* fix old root dir in orbit
* add changes
* Add automation for orbit shell (with TUF)
* Fix workflow syntax
* Add logging to latest fleetctl preview action
* Add changes to fix workflow
* Use macOS host for TUF server and package generation
* Remove copy/paste if clause
* Fix orbit logs on macOS, Ubuntu
* Simplify TUF and generation of packages
* Set enroll secret instead of getting it
* Increase timeouts
* Add step id
* Fixes to the upload/download of artifacts
* Rearrange steps to not lose the downloads
* Fix copy/paste
* Add fleetctl login step
* Add missing config set
* Fix quotes on Windows
* Increase timeout
* Fix job termination
* Disable FLEET_DESKTOP for now
* Checkout repository on macOS
* Fix logs path
* Enable fleet desktop
* Use cancel, nitpick
Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-06-01 13:54:16 -03:00
dependabot[bot]
e8c61abc92
Bump goreleaser/goreleaser-action from 2.9.1 to 3 ( #5972 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.1 to 3.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b953231f81...68acf3b1ad
2022-05-31 13:24:23 -03:00
dependabot[bot]
de3e19e52f
Bump actions/setup-go from 3.0.0 to 3.2.0 ( #5917 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...b22fbbc292
2022-05-31 10:13:26 -03:00
Lucas Manuel Rodriguez
5527cf3cef
Add --fleet-desktop to linux packaging on test-integration.yml ( #5926 )
...
* Add --fleet-desktop to linux packaging on test-integration.yml
* Fix --fleet-desktop flag
2022-05-31 07:14:59 -03:00
Zach Wasserman
b9161d008f
Use goreleaser v1.1.0 for Orbit build ( #5934 )
2022-05-26 18:03:15 -07:00
Zach Wasserman
087b85a540
Bump Orbit Go version to 1.18.2 ( #5933 )
2022-05-26 17:32:34 -07:00
Zach Wasserman
023a9b4be6
Update Fleet Desktop version to 0.0.2 ( #5932 )
2022-05-26 17:26:00 -07:00
Zach Wasserman
bcaa95e5a2
Explicitly set goreleaser version in Orbit release ( #5931 )
2022-05-26 17:24:57 -07:00
Benjamin Edwards
58d2b66042
add github action deploy via OIDC credentials ( #5339 )
...
* remove unused iam poilcy attributes and remove github action on pull request, only workflow dispatch will be required
* update github.tf, commenting out all resources, but leaving in place in case someone else wants to use ODIC providers & Github actions
2022-05-25 14:03:29 -04:00
gillespi314
4a4e832d3a
Increase minimum password length to 12 characters ( #5712 )
2022-05-18 12:03:00 -05:00
dependabot[bot]
ade929bc90
Bump github/codeql-action ( #5779 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.11. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](75b4f1c466...a3a6c128d7
2022-05-17 16:36:47 -03:00
Lucas Manuel Rodriguez
d50e97d250
Upload logs on fleetctl preview action ( #5745 )
...
* Upload logs on fleetctl preview action
* Group logs
* Avoid hidden folder
2022-05-16 18:39:31 -03:00
Lucas Manuel Rodriguez
74dfdcb882
Kickoff documentation for Orbit Release Process ( #5544 )
...
* Kickoff documentation for Orbit releasing
* Fixes to the github action
* Missing follow redirect on curl
* Run osqueryd --version to verify before uploading artifacts
* Use cmd as shell for windows-latest runner
* Final set of changes to the guide
2022-05-13 07:15:29 -03:00
dependabot[bot]
85013e87a4
Bump github/codeql-action from 2.1.9 to 2.1.10 ( #5668 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...75b4f1c466
2022-05-10 18:18:15 -07:00
Lucas Manuel Rodriguez
fda79a8770
Run network test serially to prevent timeouts on Github CI ( #5557 )
...
* Run network test serially to prevent timeouts on Github CI
* Revert lint changes
* Add simple file lock
* Revert test change
* Clarify error check
2022-05-10 11:52:33 -03:00
Lucas Manuel Rodriguez
b6bbbbe186
Add (beta) support for Fleet Desktop to linux ( #5221 )
...
* Add (beta) support for Fleet Desktop to linux
* Add dependency for linux desktop
* Amend makefile uname check
* Clarify env vars used for linux in execuser
* Add final set of fixes
* Remove -it from docker run
* Add desktop to the update runner for Linux
* Re-arrange tag.gz and fix upgrade check for linux desktop
2022-05-04 11:14:12 -03:00
Mike McNeil
0b7e07a9fb
Website: Ignore top level gitignore when deploying ( #5549 )
...
* Website: Ignore top level gitignore when deploying
* Update deploy-fleet-website.yml
2022-05-03 21:05:19 -05:00
Lucas Manuel Rodriguez
a5349672eb
Amend fleetctl package to support /var/lib legacy orbit (legacy would mean <= 0.0.11) ( #5532 )
...
* Add logs to troubleshoot orbit
* Run journalctl on a different step
* Add legacy orbit support to opt version of fleetctl
* Fix macos logs permission error
* Checkout repository
* Compile fleetctl from branch
2022-05-03 16:46:02 -03:00
Lucas Manuel Rodriguez
221232580c
Add fleetctl preview automation for latest changes ( #5485 )
...
* Add fleetctl preview automation for latest changes
* Fix pwd invocation and remove slack notification
* Just run on ubuntu-latest and macos-latest
* Fix path
2022-05-02 13:10:11 -03:00
Lucas Manuel Rodriguez
ed8faa791c
Add slack notification ( #5481 )
...
* Add slack notification
* Fix standard-query-library.yml
2022-05-02 08:42:20 -03:00
Zach Wasserman
26eae438f6
Document supported MySQL versions ( #5421 )
...
- Pin versions in development and CI.
2022-04-27 16:21:16 -07:00
Lucas Manuel Rodriguez
f2e8329e57
Changes to support fleetctl preview with custom TUF server ( #5418 )
2022-04-27 18:17:20 -03:00
dependabot[bot]
86c62a6cc4
Bump github/codeql-action from 2.1.8 to 2.1.9 ( #5419 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991
2022-04-27 11:57:42 -07:00
Lucas Manuel Rodriguez
f806cbc638
Update slack webhook urls to use new channel ( #5373 )
2022-04-26 14:44:46 -03:00
Zach Wasserman
54ab298363
Upgrade osquery version ( #5353 )
...
In preparation to deploy osquery 5.2.3
2022-04-25 10:47:36 -07:00
Lucas Manuel Rodriguez
77f3513020
Add fleet-desktop test to test-packaging.yml ( #5289 )
...
* Add fleet-desktop test to test-packaging.yml
* Add itself to be able to trigger action
* Use stable
* Add --fleet-desktop flag to integration.yml
2022-04-25 10:21:00 -03:00
Lucas Manuel Rodriguez
15636cd760
Add slack notif when integration test fails ( #5332 )
2022-04-22 14:39:55 -03:00
dependabot[bot]
a856d748bd
Bump returntocorp/semgrep-action ( #5259 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from b93bc50eb1bd1a016cf749808608ee465db13f9d to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](b93bc50eb1...a9f6c903be
2022-04-20 16:45:36 -07:00
dependabot[bot]
1cf551be51
Bump akhileshns/heroku-deploy from 3.6.8 to 3.12.12 ( #5217 )
...
Bumps [akhileshns/heroku-deploy](https://github.com/akhileshns/heroku-deploy ) from 3.6.8 to 3.12.12.
- [Release notes](https://github.com/akhileshns/heroku-deploy/releases )
- [Commits](cdd8fc68da...79ef2ae4ff
2022-04-19 17:19:34 -07:00
dependabot[bot]
63df041ecc
Update github/codeql-action requirement to 1ed1437484560351c5be56cf73a48a279d116b78 ( #5213 )
...
Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action ) to permit the latest version.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484
2022-04-19 16:52:17 -07:00
dependabot[bot]
45e9b18b5e
Bump actions/setup-go from 2 to 3 ( #5215 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v2...f6164bd8c8acb4a71fb2791a8b6c4024ff038dab )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-19 16:51:42 -07:00
Lucas Manuel Rodriguez
2e7bbf960a
Add pre and post remove scripts for rpm and deb packages ( #5150 )
2022-04-19 09:32:47 -03:00
dependabot[bot]
11b19e1101
Bump returntocorp/semgrep-action ( #5208 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from b4ae418326a5e8bd4fc3b0b658695aee09ca0e2a to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](b4ae418326...b93bc50eb1
2022-04-18 19:14:39 -07:00
dependabot[bot]
1a0b39fee3
Bump dawidd6/action-download-artifact from 2.16.0 to 2.19.0 ( #5207 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.16.0 to 2.19.0.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](09385b76de...b2abf17054
2022-04-18 19:14:13 -07:00
dependabot[bot]
24bc385ede
Bump codecov/codecov-action from 2.1.0 to 3 ( #5206 )
...
* Bump codecov/codecov-action from 2.1.0 to 3
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
2022-04-18 19:12:18 -07:00
dependabot[bot]
1187a3fcad
Bump tfsec/tfsec-sarif-action ( #5204 )
...
Bumps [tfsec/tfsec-sarif-action](https://github.com/tfsec/tfsec-sarif-action ) from 7ae00b384bff7f14cfa52cc3c73a5e6807a41398 to 0.1.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/tfsec/tfsec-sarif-action/releases )
- [Commits](7ae00b384b...56bc584a83
2022-04-18 19:11:24 -07:00
dependabot[bot]
a6763210c4
Bump gaurav-nelson/github-action-markdown-link-check ( #4639 )
...
Bumps [gaurav-nelson/github-action-markdown-link-check](https://github.com/gaurav-nelson/github-action-markdown-link-check ) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/gaurav-nelson/github-action-markdown-link-check/releases )
- [Commits](9710f0fec8...58f84fd654
2022-04-18 19:11:01 -07:00
dependabot[bot]
d4c864e691
Bump docker/login-action from 1.10.0 to 1.14.1 ( #4638 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.10.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](f054a8b539...dd4fa0671b
2022-04-18 19:09:41 -07:00
dependabot[bot]
83ffcc4b7d
Bump actions/upload-artifact from 2.3.1 to 3 ( #4637 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052c
2022-04-18 19:09:17 -07:00
dependabot[bot]
5e1da4b28a
Bump actions/download-artifact from 2.1.0 to 3 ( #5205 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 2.1.0 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](f023be2c48...fb598a63ae
2022-04-18 18:59:59 -07:00
dependabot[bot]
3fbd017512
Bump goreleaser/goreleaser-action from 2.6.1 to 2.9.1 ( #4636 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.1 to 2.9.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](ac067437f5...b953231f81
2022-04-18 17:55:55 -07:00
dependabot[bot]
87d96c24e1
Bump stefanprodan/helm-gh-pages from 1.4.1 to 1.5.0 ( #4635 )
...
Bumps [stefanprodan/helm-gh-pages](https://github.com/stefanprodan/helm-gh-pages ) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/stefanprodan/helm-gh-pages/releases )
- [Commits](f1701eb82e...b43a8719cc
2022-04-18 17:52:54 -07:00
Zach Wasserman
7cb71bc5a8
Run CodeQL on every commit to main ( #4794 )
...
Practically, we were scanning enough previously (at least once a day, plus any commit that changed source files), but this will help check the box in CII Best Practices.
2022-04-11 11:53:08 -07:00
Zach Wasserman
025d6c7b96
Run CodeQL on all pushes ( #4960 )
...
Even when Go and JS files aren't changed, just to keep the security scanners happy.
2022-04-05 18:10:12 -07:00
Michal Nicpon
74555e4bf4
fix lint workflow ( #4935 )
...
* use go version 1.17 in golanci-lint workflow
2022-04-04 14:14:05 -06:00
Zach Wasserman
7d68f69ab4
Update CodeQL action version and exclude paths ( #4930 )
2022-04-04 12:14:21 -07:00
Lucas Manuel Rodriguez
c82c580716
Orbit: Add Fleet Desktop support to Windows ( #4873 )
...
* Orbit: Add Fleet Desktop support to Windows
* Rename workflow, fix linux build
* Do not compile systray on linux
* nolint on unused
* Fix lint properly
* nolint both checkers
* Fix monitor logic in desktopRunner
* Fix interrupt and execute order
2022-04-01 17:28:51 -03:00
Guillaume Ross
f87fcb544a
Update generate-desktop-app-tar-gz.yml ( #4893 )
...
Removing PR from this action as it contains secrets.
2022-03-31 16:38:44 -04:00
Guillaume Ross
e6c6b7e840
Added explicit read permissions + tweaked permissions ( #4843 )
...
* Added explicit read permissions + tweaked permissions
As a part of #4698 - this should fix the remaining warnings we get from the OSSF scorecard in relation to github workflows. They now all have explicit read permissions with more granular permissions granted in jobs.
* Update tfsec.yml
New workflow that I had not fixed in this PR.
2022-03-28 16:20:31 -04:00
Guillaume Ross
d0f6c9e32d
Adding tfsec for all *.tf pushes ( #4777 )
...
* Create tfsec.yml
Draft tfsec workflow for #4762
* Update tfsec.yml
* Update tfsec.yml
Fixed identation
2022-03-28 15:15:40 -04:00
Guillaume Ross
b94972351f
Adding permissions to some workflows ( #4698 )
...
* Adding permissions to docs.yml and integration.yml
* Update codeql-analysis.yml
Adding top level read permissions to codeql workflow
* Update codeql-analysis.yml
Adding manual dispatch to codeql - to be able to test it easier
* Update deploy-fleet-website.yml
Adding top level read permission + write in the job so it can push the website
* Update test-website.yml
test-website should only need read permissions on content.
* Update fleet-and-orbit.yml
Testing Fleet and Orbit should be fine with top level read access
* Update fleetctl-preview.yml
fleetctl-preview should be fine with just read access at top level
* Update push-osquery-perf-to-ecr.yml
ECR is out of github so read permissions should be enough
* Update semgrep-analysis.yml
semgrep should only need read
* Update test-packaging.yml
Should only need read permission - setting on top
* Update test.yml
Should not need any write access - setting to READ on top.
* Update deploy-fleet-website.yml
Removing git write permission - since this pushes to Heroku not GitHub
* Tweaked as per Zach's comments
Removed some useless restrictions (contents none on a public repo for example)
* Removed meaningless permissions
contents: none - this does not have any security advantage on a public repo
2022-03-25 14:19:42 -04:00
eashaw
666509e634
Ignore FleetDM GitHub project URLs when checking Markdown links ( #4712 )
...
* Add GitHub projects to link check ignorePatterns
* update pattern to exclude private GitHub projects
2022-03-21 17:21:12 -05:00
Zach Wasserman
cc687d9d1e
Add Notarization for Fleet Desktop ( #4720 )
2022-03-21 15:01:50 -07:00
