Joyce Brum
10b8a247e4
fix: upgrade scorecard action to 2.0.6
...
Signed-off-by: Joyce Brum <joycebrum@google.com>
2023-08-18 18:16:42 +00:00
Joyce Brum
7723935626
chore: enable scorecard action and badge
...
Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>
2023-08-18 18:16:38 +00:00
Milos Gajdos
0e18af15f8
Merge pull request #3741 from sashashura/patch-1
...
GitHub Workflows security hardening
2023-08-14 19:21:28 +01:00
Milos Gajdos
b3ca53dfe6
Update OCI conformance workflow check
...
Pin the OCI conformance check workflow GHA to v1.0.1
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2023-08-02 18:02:23 +01:00
Ben Manuel
36dd5b79ca
Update to golang 1.19.10
...
This addresses CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405
which were patched in 1.19.10.
Signed-off-by: Ben Manuel <ben.manuel@procore.com>
2023-06-29 15:49:27 -05:00
Sebastiaan van Stijn
322eb4eecf
update to go1.19.9
...
Added back minor versions in these, so that we have a somewhat more
reproducible state in the repository when tagging releases.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-09 17:29:31 +02:00
Sora Morimoto
165fd5f9ac
Update fossa-contrib/fossa-action action to v2
...
Signed-off-by: Sora Morimoto <sora@morimoto.io>
2023-02-14 01:43:23 +09:00
CrazyMax
b91c9a22f4
ci: add concurrency check
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-11-26 16:09:46 +01:00
CrazyMax
2400718d81
ci: update github actions
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-11-26 16:09:46 +01:00
Gábor Lipták
8cc5b4f5aa
Add Go 1.19 to GHA
...
Signed-off-by: Gábor Lipták gliptak@gmail.com
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
2022-10-09 16:52:41 -04:00
Alex
10975deab8
build: harden codeql-analysis.yml permissions
...
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:57:02 +02:00
Alex
e09a9f2dc2
build: harden e2e.yml permissions
...
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:56:40 +02:00
Alex
c26fe145ca
build: harden conformance.yml permissions
...
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:56:30 +02:00
Alex
1ca9af0184
build: harden fossa.yml permissions
...
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:53:15 +02:00
Alex
feaa75c529
build: harden validate.yml permissions
...
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:52:57 +02:00
Alex
1667a66856
build: harden build.yml permissions
...
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:52:44 +02:00
CrazyMax
7e546784a4
ci: move test step to build workflow and remove ci workflow
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-07-20 14:18:27 +02:00
CrazyMax
1a905ab966
ci: git validation target
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-07-20 14:18:27 +02:00
CrazyMax
8b2c54bf57
ci: remove dco check (dco bot already does this)
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-07-20 14:10:24 +02:00
Sebastiaan van Stijn
6e8dd268a8
update to go 1.18 (continue testing against 1.17)
...
Go 1.16 reached end of life, so update to the current version of Go, but also
run CI on the previous version (which is still supported).
We should probably also decide wether or not we want the Dockerfiles to pin to
a specific minor version; this makes the releases more deterministic.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-05 10:36:28 +02:00
CrazyMax
7548c315f8
cleanup old check behavior
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-05-04 11:12:19 +02:00
CrazyMax
26a586cf39
lint target and workflow job
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-05-04 11:12:19 +02:00
CrazyMax
87f93ede9e
Dockerfile: switch to xx
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-05-03 20:07:07 +02:00
CrazyMax
de240721ff
cleanup old vendor validation behavior
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-04-22 16:24:54 +02:00
CrazyMax
ffa3019c1f
validate and update vendor target
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-04-22 15:32:01 +02:00
CrazyMax
ea65fe2ea4
update build workflow
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-01-21 20:07:08 +01:00
CrazyMax
936d7eda01
ci: upload conformance test results
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-01-11 16:41:16 +01:00
CrazyMax
6332e9631e
ci: fix conformance and e2e workflows
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-01-11 16:41:16 +01:00
CrazyMax
4941d83cc7
ci: build workflow to release artifacts and multi-platform image
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-01-11 16:41:15 +01:00
Wang Yan
3f4c558dac
bump up golang v1.17
...
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-10-27 15:51:30 +08:00
Sebastiaan van Stijn
a07b54eb68
Update to go 1.16, and run CI on 1.15.x and 1.16.x
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-10 12:12:28 +02:00
Milos Gajdos
351b260774
Fix OCI conformance workflow report and README badge
...
Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>
2021-06-30 15:37:18 +01:00
Milos Gajdos
21ffbdbedd
Change GH workflows job names
...
Make workflow jobs unique soe we can manage which ones are required to
pass the build.
Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>
2021-06-30 08:20:39 +01:00
Wang Yan
aaca79bfcf
add oci conformance test gitaction
...
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-06-04 12:09:30 +08:00
Ihor Dvoretskyi
df39a779dd
FOSSA scan enabled
...
Signed-off-by: Ihor Dvoretskyi <ihor@linux.com>
2021-05-20 13:02:28 +03:00
Wang Yan
6affafd1f0
Merge pull request #3386 from milosgajdos/release-tag
...
Add docker image release workflow
2021-03-30 11:30:24 +08:00
Milos Gajdos
1b3c5c71ef
Merge pull request #3341 from distribution/add-codeql-security
...
Add CodeQL Security Scanning
2021-03-29 18:49:07 +01:00
Chris Aniszczyk
62fc5c8a33
Remove autobuild
...
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
2021-03-29 12:39:10 -05:00
Milos Gajdos
a0aad57208
Make workflow name shorter.
...
Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>
2021-03-25 10:24:30 +00:00
Milos Gajdos
23b570272b
Add docker image release workflow
...
Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>
2021-03-23 19:25:58 +00:00
Wang Yan
68ce15863a
fix CI dependency error
...
Fix the failure reported by git action
Package python-minimal is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
python2-minimal
E: Package 'python-minimal' has no installation candidate
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-03-23 18:04:17 +08:00
Derek McGowan
1c65757158
Merge pull request #3348 from wy65701436/e2e
...
Add a basic e2e test for CI
2021-03-01 09:34:29 -08:00
olegburov
49f7426dcb
Bump Golang to 1.15
and Alpine to 3.12
.
...
Signed-off-by: olegburov <oleg.burov@outlook.com>
2021-02-21 14:56:54 -08:00
Sebastiaan van Stijn
1d33874951
go.mod: change imports to github.com/distribution/distribution/v3
...
Go 1.13 and up enforce import paths to be versioned if a project
contains a go.mod and has released v2 or up.
The current v2.x branches (and releases) do not yet have a go.mod,
and therefore are still allowed to be imported with a non-versioned
import path (go modules add a `+incompatible` annotation in that case).
However, now that this project has a `go.mod` file, incompatible
import paths will not be accepted by go modules, and attempting
to use code from this repository will fail.
This patch uses `v3` for the import-paths (not `v2`), because changing
import paths itself is a breaking change, which means that the
next release should increment the "major" version to comply with
SemVer (as go modules dictate).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-08 18:30:46 +01:00
Wang Yan
9886800868
Add a basic e2e test for CI
...
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-02-01 16:15:45 +08:00
Chris Patterson
402d3c943a
Fixing push workflow
...
Signed-off-by: Chris Patterson <chrispat@github.com>
2021-01-29 15:48:07 -05:00
Chris Patterson
b659eb060f
Update ci.yml
2021-01-29 15:42:19 -05:00
Chris Patterson
da9a88bc97
Fixing push workflow
...
Signed-off-by: Chris Patterson <chrispat@github.com>
2021-01-29 15:38:04 -05:00
Chris Patterson
64874d17b1
First draft of actions based ci
...
Signed-off-by: Chris Patterson <chrispat@github.com>
2021-01-29 14:40:09 -05:00
Chris Aniszczyk
a63bd4d3f1
Add CodeQL Security Scanning
...
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
2021-01-28 11:38:29 -06:00