dependabot[bot]
d77ab75a4e
build(deps): bump pypa/gh-action-pypi-publish ( #2706 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.10.1 to 1.10.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](0ab0b79471...897895f1e1 )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-30 16:24:52 +03:00
dependabot[bot]
5971b09ac2
build(deps): bump theupdateframework/tuf-conformance ( #2704 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 1.0.0 to 1.1.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](5ae68349ec...d8ab40ba95 )
---
updated-dependencies:
- dependency-name: theupdateframework/tuf-conformance
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-17 13:04:14 +03:00
Jussi Kukkonen
8b2578274e
Merge pull request #2684 from jku/update-tuf-conformance-to-1.0
...
Update tuf conformance to 1.0
2024-09-17 12:46:08 +03:00
Jussi Kukkonen
9b2a931c78
Update permissions
...
This does not really change the default much but it's a decent practice
and makes the SSF Scorecard look better.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-09-12 12:58:12 +03:00
dependabot[bot]
26bcacf1d7
build(deps): bump pypa/gh-action-pypi-publish ( #2696 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.10.0 to 1.10.1
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](8a08d61689...0ab0b79471 )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 10:12:31 +03:00
dependabot[bot]
dc004e7d2b
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/setup-python` from 5.1.1 to 5.2.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](39cd14951b...f677139bbe )
Updates `actions/upload-artifact` from 4.3.6 to 4.4.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7 )
Updates `pypa/gh-action-pypi-publish` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](ec4db0b4dd...8a08d61689 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-09-02 21:33:56 +00:00
dependabot[bot]
7a47f23872
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.3.5 to 4.3.6
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-12 21:52:40 +00:00
Jussi Kukkonen
3a429984bd
workflows: Enable tuf-conformance for PRs
...
tuf-conformance workflow now pins a release tag so we can enable this
on PRs.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-08-08 15:50:14 +03:00
Jussi Kukkonen
ce560215bf
Update tuf-conformance action to 1.0
...
Also update the client-under-test script
(this is a direct copy from tuf-conformance).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-08-08 15:48:13 +03:00
dependabot[bot]
e74205280d
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.3.4 to 4.3.5
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-05 21:51:28 +00:00
dependabot[bot]
ad69f71181
build(deps): bump ossf/scorecard-action in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7ed )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-29 21:04:16 +00:00
dependabot[bot]
ab6dbf790b
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 5.1.0 to 5.1.1
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](82c7e631bb...39cd14951b )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-15 21:42:17 +00:00
Jussi Kukkonen
40f72b1f14
workflows: Change conformance workflow name
...
Otherwise you can't tell them apart in the UI...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-11 18:41:32 +03:00
Jussi Kukkonen
b14452dac6
workflows: Tweak conformance step name
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-11 18:26:58 +03:00
Jussi Kukkonen
0b85ed570d
Add a conformance test workflow
...
* The conformance test suite is likely to still change quite a bit so
the workflow is not enabled on PRs yet
* The actual conformance client is copied from the tuf-conformance project
* This is mostly a test to see how things should work out, and a
demonstration of how the tuf-conformance project should be used
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-10 16:15:36 +03:00
dependabot[bot]
970dd075f1
build(deps): bump the action-dependencies group with 2 updates ( #2666 )
...
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 09:21:13 +03:00
dependabot[bot]
31e8eeb3f6
build(deps): bump the action-dependencies group with 2 updates ( #2660 )
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9 )
Updates `pypa/gh-action-pypi-publish` from 1.8.14 to 1.9.0
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](81e9d935c8...ec4db0b4dd )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 10:56:02 +03:00
dependabot[bot]
c5c81dd885
---
...
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-20 21:18:03 +00:00
dependabot[bot]
02464e9a74
build(deps): bump ossf/scorecard-action in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510 )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-13 21:52:50 +00:00
dependabot[bot]
dd9bf7410a
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-06 21:50:18 +00:00
dependabot[bot]
8607c56000
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fada )
Updates `actions/download-artifact` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9c19ed7fe5...65a9edc588 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-29 21:42:06 +00:00
Jussi Kukkonen
f50693c625
workflows: Add awk magic to GH changelog generation
...
* Create a changelog file with awk
* Add both "dist" and "changelog" to artifact
* This changes the artifact handling: Now the dist
directory is inside the artifact (instead of the contents
of the directory being in the directory): this means the
default path now works for `download-artifact`
* Dump changelog into the release body
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 10:40:47 +03:00
Jussi Kukkonen
5f854b6440
workflows: Only test old Pythons on linux
...
* This fixes current CI (new mac runners do not have old pythons)
* This is also sensible: running the complete matrix seems wasteful
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-24 20:57:49 +03:00
dependabot[bot]
0e5833afb8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1 )
Updates `actions/upload-artifact` from 4.3.1 to 4.3.3
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fd )
Updates `actions/download-artifact` from 4.1.4 to 4.1.6
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](c850b930e6...9c19ed7fe5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-22 21:40:01 +00:00
Jussi Kukkonen
7d57ab65d2
workflows: Simplify testing
...
* Don't try to handle sslib main test within the matrix
* Put it in a separate workflow
* Include the new workflow in CI but not in CD
* Bonus: Make cache-dependency-path more complete
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-16 10:32:08 +03:00
dependabot[bot]
feaaeab865
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3 )
Updates `actions/setup-python` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](0a5c615913...82c7e631bb )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:02:13 +00:00
dependabot[bot]
87d1778c03
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.8.12 to 1.8.14
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](e53eb8b103...81e9d935c8 )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-11 21:41:44 +00:00
dependabot[bot]
20660262a7
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](87c55149d9...c850b930e6 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-04 21:16:03 +00:00
Jussi Kukkonen
d8a43ac376
Merge pull request #2577 from theupdateframework/dependabot/github_actions/action-dependencies-c371c8bcbb
...
build(deps): bump the action-dependencies group with 1 update
2024-02-27 16:09:22 +02:00
Lukas Pühringer
c93c9ff10e
Merge pull request #2570 from jku/lint-use-github-output-format
...
Lint use GitHub output format
2024-02-27 09:13:38 +01:00
dependabot[bot]
62e7221afe
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.8.11 to 1.8.12
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](2f6f737ca5...e53eb8b103 )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-27 08:12:31 +00:00
dependabot[bot]
10917d9cc6
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...87c55149d9 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-26 21:50:43 +00:00
Jussi Kukkonen
d85cde5e8e
lint: Use GitHub output format on GitHub
...
This should enable inline annotations.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-22 15:55:00 +02:00
dependabot[bot]
21061fc239
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312 )
Updates `actions/download-artifact` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](6b208ae046...eaceaf801f )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-12 21:39:13 +00:00
dependabot[bot]
60bb1d6f69
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.2.0 to 4.3.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-29 21:47:11 +00:00
dependabot[bot]
ef913dc364
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/upload-artifact` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b )
Updates `actions/dependency-review-action` from 3 to 4
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-22 21:43:32 +00:00
dependabot[bot]
8c70971dea
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3e )
Updates `actions/download-artifact` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](f44cd7b40b...6b208ae046 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-15 21:46:10 +00:00
dependabot[bot]
a17f6f7c8d
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](7a1cd3216c...f44cd7b40b )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-19 09:36:42 +00:00
dependabot[bot]
0ee4bb14d8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ), [actions/download-artifact](https://github.com/actions/download-artifact ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/upload-artifact` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32e )
Updates `actions/download-artifact` from 3.0.2 to 4.0.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...7a1cd3216c )
Updates `github/codeql-action` from 2 to 3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:37:32 +00:00
Lukas Puehringer
dd9b5e0da2
build: add workaround to auto-update build system
...
Dependabot does not support `build-system.requires`. To get
reproducibility and auto-updates, we pin the version in a regular
requirements file and use it as constraint during build.
fixes : #2529
upstream issue: dependabot/dependabot-core#8465
h/t @jku
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 12:32:00 +01:00
dependabot[bot]
9cb3eb582b
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](65d7f2d534...0a5c615913 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 10:56:23 +00:00
dependabot[bot]
9704d5bb44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.10 to 1.8.11.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](b7f401de30...2f6f737ca5 )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 08:04:44 +00:00
E3E
4e1d8a7ad3
enable python 3.12
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2023-12-02 23:28:34 -05:00
dependabot[bot]
4d6a9310ee
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:13:14 +00:00
Jussi Kukkonen
33778942a3
CI: Run lint on oldest supported Python version
...
* This was suggested as best practice by a pylint developer
* Seems better than CI randomly breaking when GitHub updates
Python version (and pylint starts applying new rules that we
can't follow because that would break old Python versions)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-11-03 12:00:25 +02:00
dependabot[bot]
173fc82ef7
build(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902 )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-24 10:50:14 +00:00
dependabot[bot]
2764851c88
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-18 10:10:55 +00:00
Jussi Kukkonen
d5c953d575
workflows: Partially revert action versions
...
Commit f0058259 started not pinning hashes for actions that are used in
workflows that have no runtime or build security impact.
The change does not work for scorecard as scorecard does not tag "v2":
so we have to pin it. Luckily scorecard does not do that many releases.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-10-09 18:40:56 +03:00
Jussi Kukkonen
00b67c0a67
Merge pull request #2479 from jku/dont-pin-code-scanner-actions
...
workflows: Stop pinning actions that are not security relevant
2023-10-09 11:03:45 +03:00
dependabot[bot]
cf3445c22f
build(deps): bump actions/setup-python from 4.7.0 to 4.7.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.0 to 4.7.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](61a6322f88...65d7f2d534 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-03 11:01:32 +00:00