Michal Nicpon
9056b22874
set default shell in workflows ( #8108 )
...
* wait for mysql in workflows
2022-10-07 09:43:56 -06:00
dependabot[bot]
200ddfaaff
Bump actions/checkout from 2 to 3.0.2 ( #7301 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...2541b1294d2704b0964813337f33b291d3f8596b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-31 07:44:22 -03:00
dependabot[bot]
fda99bf3ca
Bump github/codeql-action from 2.1.17 to 2.1.21 ( #7400 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.17 to 2.1.21.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0c670bbf04...c7f292ea4f
2022-08-31 07:42:53 -03:00
dependabot[bot]
a8a41fce31
Bump github/codeql-action from 2.1.16 to 2.1.17 ( #6952 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3e7e3b32d0...0c670bbf04
2022-08-02 09:18:44 -03:00
dependabot[bot]
f30a31012e
Bump github/codeql-action from 2.1.15 to 2.1.16 ( #6646 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3f62b754e2...3e7e3b32d0
2022-07-18 14:23:31 -03:00
dependabot[bot]
c90b4b8d50
Bump github/codeql-action from 2.1.11 to 2.1.15 ( #6416 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.11 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a3a6c128d7...3f62b754e2
2022-06-28 18:26:55 -07:00
dependabot[bot]
ade929bc90
Bump github/codeql-action ( #5779 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.11. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](75b4f1c466...a3a6c128d7
2022-05-17 16:36:47 -03:00
dependabot[bot]
85013e87a4
Bump github/codeql-action from 2.1.9 to 2.1.10 ( #5668 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...75b4f1c466
2022-05-10 18:18:15 -07:00
dependabot[bot]
86c62a6cc4
Bump github/codeql-action from 2.1.8 to 2.1.9 ( #5419 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991
2022-04-27 11:57:42 -07:00
dependabot[bot]
63df041ecc
Update github/codeql-action requirement to 1ed1437484560351c5be56cf73a48a279d116b78 ( #5213 )
...
Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action ) to permit the latest version.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484
2022-04-19 16:52:17 -07:00
Zach Wasserman
7cb71bc5a8
Run CodeQL on every commit to main ( #4794 )
...
Practically, we were scanning enough previously (at least once a day, plus any commit that changed source files), but this will help check the box in CII Best Practices.
2022-04-11 11:53:08 -07:00
Zach Wasserman
025d6c7b96
Run CodeQL on all pushes ( #4960 )
...
Even when Go and JS files aren't changed, just to keep the security scanners happy.
2022-04-05 18:10:12 -07:00
Zach Wasserman
7d68f69ab4
Update CodeQL action version and exclude paths ( #4930 )
2022-04-04 12:14:21 -07:00
Guillaume Ross
b94972351f
Adding permissions to some workflows ( #4698 )
...
* Adding permissions to docs.yml and integration.yml
* Update codeql-analysis.yml
Adding top level read permissions to codeql workflow
* Update codeql-analysis.yml
Adding manual dispatch to codeql - to be able to test it easier
* Update deploy-fleet-website.yml
Adding top level read permission + write in the job so it can push the website
* Update test-website.yml
test-website should only need read permissions on content.
* Update fleet-and-orbit.yml
Testing Fleet and Orbit should be fine with top level read access
* Update fleetctl-preview.yml
fleetctl-preview should be fine with just read access at top level
* Update push-osquery-perf-to-ecr.yml
ECR is out of github so read permissions should be enough
* Update semgrep-analysis.yml
semgrep should only need read
* Update test-packaging.yml
Should only need read permission - setting on top
* Update test.yml
Should not need any write access - setting to READ on top.
* Update deploy-fleet-website.yml
Removing git write permission - since this pushes to Heroku not GitHub
* Tweaked as per Zach's comments
Removed some useless restrictions (contents none on a public repo for example)
* Removed meaningless permissions
contents: none - this does not have any security advantage on a public repo
2022-03-25 14:19:42 -04:00
Guillaume Ross
62d3b9145f
4620 pin action dependencies ( #4622 )
...
* Update build-binaries.yaml
Pin action versions + add read only token to build-binaries.yaml
* Update codeql-analysis.yml
Pin dependencies with hash for codeql-analysis.yml
* Update deploy-fleet-website.yml
Pin dependencies in deploy-fleet-website.yml
* Update docs.yml
Pin dependencies for docs.yml
* Update fleet-and-orbit.yml
Pinning dependencies for fleet-and-orbit.yml
* Update generate-osqueryd-app-tar-gz.yml
Pin dependencies for generate-osqueryd-app-tar-gz.yml
* Pin dependencies in goreleaser workflows
Pinned dependencies in the 3 goreleaser workflows
* Update integration.yml
Pinned dependencies with hash
* Update pr-helm.yaml
Pinned dependencies with hash
* Update push-osquery-perf-to-ecr.yml
Pinned dependencies with a hash
* Update release-helm.yaml
Pinned one dependency with a hash
* Update semgrep-analysis.yml
Pinned dependencies with hashes
* Update test-go.yaml
Pinned dependencies with hash
* Update test-packaging.yml
Pinned dependencies with hashes
* Update test-website.yml
Pinned dependencies with hashes
* Update test.yml
Pinned dependencies with hashes
2022-03-16 15:42:28 -04:00
Zach Wasserman
850d36543d
Filter GitHub actions triggers on file types ( #3009 )
...
Reduce the total amount of Actions running by only running actions
relevant to the changes.
2021-11-18 15:14:29 -08:00
Zach Wasserman
bd68c52a52
Configure CodeQL to target appropriate files ( #1357 )
...
Excludes vendored dependencies in fleetdm.com.
2021-07-13 12:27:09 -07:00
Zach Wasserman
00ebf5dcd3
Configure CodeQL Action ( #1355 )
...
Adds code quality checks via GitHub's built in CodeQL engine.
2021-07-12 10:25:49 -07:00
