From 25338c8334e14ad4b74ed5c128e703828efe65c5 Mon Sep 17 00:00:00 2001 From: cpanato Date: Wed, 14 Dec 2022 16:03:07 +0100 Subject: [PATCH 1/2] uses git hashes instead of tags and update to latest Signed-off-by: cpanato --- .github/workflows/codeql-analysis.yml | 50 +++++++++++++-------------- .github/workflows/goreleaser.yml | 6 ++-- .github/workflows/lint.yaml | 7 ++-- .github/workflows/scorecards.yml | 6 ++-- 4 files changed, 35 insertions(+), 34 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3955a9eb5f..dea69dbe9f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,34 +37,34 @@ jobs: # Learn more about CodeQL language support at https://git.io/codeql-language-support steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language - #- run: | - # make bootstrap - # make release + #- run: | + # make bootstrap + # make release - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index fb2b22b196..9f5e01f17f 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -17,17 +17,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.3.4 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: 1.19 check-latest: true - name: Run GoReleaser id: run-goreleaser - uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # v2.5.0 + uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0 with: version: latest args: release --rm-dist diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 216b22502a..215fdc186a 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -24,10 +24,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: '>=1.18.0' + go-version: '1.19' + check-latest: true - name: Run go vet run: ./run_lints.sh diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 974578206c..8a5961eab0 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: persist-credentials: false @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27 + uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 with: sarif_file: results.sarif From 0c8ced266d5c443f3fdb6d1ca1d5c751785b3a80 Mon Sep 17 00:00:00 2001 From: cpanato Date: Wed, 14 Dec 2022 16:03:45 +0100 Subject: [PATCH 2/2] format json and udpate .sh files Signed-off-by: cpanato --- renovate.json | 45 ++++++++++++++++++++++----------------------- run_lints.sh | 4 ++-- run_tests.sh | 2 +- 3 files changed, 25 insertions(+), 26 deletions(-) diff --git a/renovate.json b/renovate.json index 39371603f9..9e683b7776 100644 --- a/renovate.json +++ b/renovate.json @@ -1,24 +1,23 @@ { - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "config:base" - ], - "timezone": "Australia/Sydney", - "schedule": ["before 6am on monday"], - "packageRules": [ - { - "matchUpdateTypes": ["major"], - "groupName": "Major Updates", - "enabled": true - }, - { - "matchLanguages": ["golang"], - "groupName": "osv-scanner minor" - }, - { - "matchPaths": [".github/"], - "groupName": "workflows" - } - ] - } - \ No newline at end of file + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ], + "timezone": "Australia/Sydney", + "schedule": ["before 6am on monday"], + "packageRules": [ + { + "matchUpdateTypes": ["major"], + "groupName": "Major Updates", + "enabled": true + }, + { + "matchLanguages": ["golang"], + "groupName": "osv-scanner minor" + }, + { + "matchPaths": [".github/"], + "groupName": "workflows" + } + ] +} diff --git a/run_lints.sh b/run_lints.sh index f960060785..5e11a4f7f9 100755 --- a/run_lints.sh +++ b/run_lints.sh @@ -1,5 +1,5 @@ -#!/bin/bash +#!/usr/bin/env bash set -ex -go vet ./... \ No newline at end of file +go vet ./... diff --git a/run_tests.sh b/run_tests.sh index eabf582447..afbe1c7c65 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e go test ./...