Shabeeb Khalid
b618394c5b
Removed unwanted variable from matrix
...
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:33:20 -08:00
Shabeeb Khalid
f06fa9d015
Removed unwanted variable from matrix
...
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:33:10 -08:00
Shabeeb Khalid
ccaa98a643
Refactor
...
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:31:57 -08:00
Shabeeb Khalid
ce14451bdc
Pass tox environment via command line
...
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:30:36 -08:00
Shabeeb Khalid
55c8fe0c9d
Removed unwanted env variable
...
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:30:02 -08:00
Shabeeb Khalid
95226edacb
Revert comment
...
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:29:12 -08:00
Shabeeb Khalid
2329e33c9c
Fix: exporting the correct toxenv in lint job
...
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 00:47:08 -08:00
Shabeeb Khalid
482802d030
Moved lint to seperate job. Some refactor as well.
...
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-02 11:02:02 -08:00
Lukas Puehringer
951ce045cd
Adopt securesystemslib branch rename master-> main
...
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-03-02 09:35:14 +01:00
dependabot[bot]
3fd56facb0
build(deps): bump github/codeql-action from 2.2.4 to 2.2.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](17573ee1cc...32dc499307
2023-02-27 11:02:26 +00:00
dependabot[bot]
ed05a2c66c
build(deps): bump github/codeql-action from 2.2.3 to 2.2.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8775e86802...17573ee1cc
2023-02-13 11:05:51 +00:00
dependabot[bot]
15c0b40dce
build(deps): bump github/codeql-action from 2.2.2 to 2.2.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](39d8d7e78f...8775e86802
2023-02-09 10:03:50 +00:00
dependabot[bot]
932d72db3a
build(deps): bump github/codeql-action from 2.2.1 to 2.2.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ebbd71c74...39d8d7e78f
2023-02-07 10:03:56 +00:00
Jussi Kukkonen
b15af9573a
Merge pull request #2290 from jku/release-refactor
...
build: Handle GH release manually
2023-02-06 15:09:25 +02:00
Jussi Kukkonen
70555f6e1b
build: shorten requirements file names
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-06 14:52:07 +02:00
Jussi Kukkonen
33829fdbab
build: Move requirements file to a directory
...
We already have 6 files and I'm planning to add another one: maybe it's
time to move these out of the top level directory.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-06 14:50:47 +02:00
Jussi Kukkonen
707dc49999
build: Handle GH release manually
...
Remove dependency on softprops/action-gh-release: instead do the GitHub
release steps using the GitHub API and github-script.
The only difference should be that release name is not "<tag>-rc" first:
instead the initial release is marked as draft in the API (and shows as
draft in the UI).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-04 17:32:56 +02:00
Jussi Kukkonen
4eea38da42
Merge pull request #2285 from theupdateframework/dependabot/github_actions/actions/github-script-6.4.0
...
build(deps): bump actions/github-script from 6.3.3 to 6.4.0
2023-02-02 12:56:21 +02:00
dependabot[bot]
f2fff33566
build(deps): bump actions/github-script from 6.3.3 to 6.4.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.3 to 6.4.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d556feaca3...98814c53be
2023-01-27 10:05:30 +00:00
dependabot[bot]
49b0385c40
build(deps): bump github/codeql-action from 2.1.39 to 2.2.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...3ebbd71c74
2023-01-27 10:05:26 +00:00
Jussi Kukkonen
d2908c0041
Merge pull request #2269 from theupdateframework/dependabot/github_actions/actions/setup-python-4.5.0
...
build(deps): bump actions/setup-python from 4.4.0 to 4.5.0
2023-01-24 15:06:10 +02:00
dependabot[bot]
2a250df063
build(deps): bump github/codeql-action from 2.1.38 to 2.1.39
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](515828d974...a34ca99b46
2023-01-19 10:04:05 +00:00
dependabot[bot]
4c3df14a50
build(deps): bump actions/setup-python from 4.4.0 to 4.5.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](5ccb29d877...d27e3f3d7c
2023-01-13 10:50:28 +00:00
Lukas Pühringer
fa9761bb8f
Merge pull request #2259 from theupdateframework/dependabot/github_actions/actions/checkout-3.3.0
...
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
2023-01-13 11:49:36 +01:00
Lukas Pühringer
cc6171b1d7
Merge pull request #2258 from theupdateframework/dependabot/github_actions/actions/download-artifact-3.0.2
...
build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2
2023-01-13 11:33:33 +01:00
dependabot[bot]
bfbfb55444
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
2023-01-13 10:32:56 +00:00
Lukas Pühringer
a4a4e1a3f9
Merge pull request #2262 from theupdateframework/dependabot/github_actions/actions/upload-artifact-3.1.2
...
build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2
2023-01-13 11:32:37 +01:00
Lukas Pühringer
7eb2cd0e16
Merge pull request #2261 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.3
...
build(deps): bump actions/dependency-review-action from 3.0.2 to 3.0.3
2023-01-13 11:31:42 +01:00
dependabot[bot]
373f527de3
build(deps): bump github/codeql-action from 2.1.37 to 2.1.38
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.37 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](959cbb7472...515828d974
2023-01-13 10:04:32 +00:00
dependabot[bot]
d156bdf82f
build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](83fd05a356...0b7f8abb15
2023-01-09 10:10:05 +00:00
dependabot[bot]
f9f9566ad2
build(deps): bump actions/dependency-review-action from 3.0.2 to 3.0.3
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0ff3da6f81...c090f4e553
2023-01-09 10:10:00 +00:00
dependabot[bot]
671df68a6d
build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9782bd6a98...9bc31d5ccc
2023-01-06 10:04:00 +00:00
dependabot[bot]
6c07c7c414
build(deps): bump actions/dependency-review-action from 3.0.1 to 3.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](11310527b4...0ff3da6f81
2022-12-27 08:47:28 +00:00
Jussi Kukkonen
2acea003fc
Merge pull request #2245 from theupdateframework/dependabot/github_actions/ossf/scorecard-action-2.1.2
...
build(deps): bump ossf/scorecard-action from 2.1.0 to 2.1.2
2022-12-23 12:37:01 +02:00
dependabot[bot]
681c134e09
build(deps): bump actions/setup-python from 4.3.1 to 4.4.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](2c3dd9e7e2...5ccb29d877
2022-12-23 10:22:10 +00:00
dependabot[bot]
483d31c7a9
build(deps): bump ossf/scorecard-action from 2.1.0 to 2.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.0 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](937ffa90d7...e38b1902ae
2022-12-22 10:06:51 +00:00
Lukas Pühringer
99b200eff8
Merge pull request #2226 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.37
...
build(deps): bump github/codeql-action from 2.1.36 to 2.1.37
2022-12-16 10:19:00 +01:00
dependabot[bot]
ca67ed9f62
build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...937ffa90d7
2022-12-15 10:04:26 +00:00
dependabot[bot]
8f3f5713c6
build(deps): bump github/codeql-action from 2.1.36 to 2.1.37
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.36 to 2.1.37.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a669cc5936...959cbb7472
2022-12-15 10:04:23 +00:00
dependabot[bot]
98991d8f50
build(deps): bump actions/checkout from 3.1.0 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](93ea575cb5...755da8c3cf
2022-12-13 10:04:50 +00:00
dependabot[bot]
9fd45d923d
build(deps): bump github/codeql-action from 2.1.35 to 2.1.36
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2a92eb56d...a669cc5936
2022-12-12 10:07:12 +00:00
dependabot[bot]
205769d9bf
build(deps): bump actions/setup-python from 4.3.0 to 4.3.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](13ae5bb136...2c3dd9e7e2
2022-12-09 17:50:35 +00:00
Jussi Kukkonen
b6c3b66ca6
build: Change build dependency pinning strategy
...
* don't autoupgrade pip: let's consider pip to be part of platform?
* pin build and tox in new requirements-build.txt: this mostly prevents
tox from going to 4.x before we're ready
* use requirements-build.txt as constraint when installing tox or build
during CI & CD
* use requirements-build.txt in requiremenets-dev.txt
Note that coveralls is not pinned, not sure if it should be.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-12-09 18:10:03 +02:00
dependabot[bot]
7f1ddebb71
build(deps): bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.6.1 to 1.6.4.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](5d1679fa6b...c7f29f7ade
2022-12-07 10:04:26 +00:00
dependabot[bot]
63c384d9d7
build(deps): bump pypa/gh-action-pypi-publish from 1.5.1 to 1.6.1
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.5.1 to 1.6.1.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](37f50c210e...5d1679fa6b
2022-12-05 10:08:50 +00:00
dependabot[bot]
07940a1f92
build(deps): bump github/codeql-action from 2.1.33 to 2.1.35
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.33 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2.1.33...b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-02 10:04:16 +00:00
Jussi Kukkonen
f29d8471c8
workflows: Add Scorecards workflow
...
This is a modifed version of the workflow from the project itself:
* Not using personal access tokens because I believe they are a
security issue (this means Branch-Protection check will be incorrect)
* Not uploading results to actions cache: Maybe there's a point but I
don't see it as the SARIF files are not very human readable
This should give us some code scanning alerts in the security tab on Github.
This is not really what I'm interested in though so I've enabled the upload
to https://api.securityscorecards.dev/ . The results json on there is not
exactly readable but it is good enough to check what the current results
are -- and deps.dev should use those results after some delay I believe.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-11-22 18:15:56 +02:00
Lukas Pühringer
650796ee8d
Merge pull request #2182 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.1
...
build(deps): bump actions/dependency-review-action from 3.0.0 to 3.0.1
2022-11-21 12:10:14 +01:00
dependabot[bot]
10ba3918a7
build(deps): bump actions/dependency-review-action from 3.0.0 to 3.0.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](30d5821115...11310527b4
2022-11-17 10:11:44 +00:00
dependabot[bot]
878b7ff4d9
build(deps): bump github/codeql-action from 2.1.32 to 2.1.33
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.32 to 2.1.33.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4238421316...678fc3afe2
2022-11-17 10:11:41 +00:00
