Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates go mod toolchain version to 1.22.4 #577

Closed
wants to merge 244 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
244 commits
Select commit Hold shift + click to select a range
39b9455
Adds v2 branch
Dec 7, 2021
c810215
Fixes import statement for v2 module
Dec 7, 2021
5bda788
Removes syft replace directive to use upstream
Dec 9, 2021
8ae6429
Bump github.com/anchore/syft from 0.32.0 to 0.32.1
dependabot[bot] Dec 14, 2021
4f67806
Updates expectations to match new Syft output
ForestEckhardt Dec 14, 2021
592fec7
Bump github.com/anchore/syft from 0.32.1 to 0.32.2
dependabot[bot] Dec 14, 2021
0f61b71
Bump github.com/anchore/syft from 0.32.2 to 0.33.0 (#270)
dependabot[bot] Dec 21, 2021
6bec663
streamline sbom test assertions
Dec 23, 2021
5b4d81b
extract SBOM output structs; share across tests
Jan 3, 2022
56c823a
remove unused structs
Jan 3, 2022
14956ac
Bump github.com/anchore/syft from 0.33.0 to 0.34.0 (#271)
dependabot[bot] Jan 4, 2022
b0348e1
Add a WithLevel function to scribe.Emitter
Jan 7, 2022
98052d2
fix(servicebindings): trim provider/type whitespace
noamichael Jan 8, 2022
c6f84d7
Bump github.com/anchore/syft from 0.34.0 to 0.35.0
dependabot[bot] Jan 10, 2022
bbd6771
Update input to syft.CatalogPackages
Jan 10, 2022
f1329b1
Bump github.com/anchore/syft from 0.35.0 to 0.35.1
dependabot[bot] Jan 11, 2022
f498877
Bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0 (#279)
dependabot[bot] Jan 13, 2022
56ac668
Bump github.com/onsi/gomega from 1.17.0 to 1.18.0
dependabot[bot] Jan 24, 2022
3790bd4
Bump github.com/anchore/syft from 0.35.1 to 0.36.0
dependabot[bot] Jan 25, 2022
8a2660d
Fixes breaking changes in syft sbom package
Jan 26, 2022
ebf2e8a
Bump github.com/onsi/gomega from 1.18.0 to 1.18.1
dependabot[bot] Jan 28, 2022
246b9c4
Bump github.com/anchore/syft from 0.36.0 to 0.37.5 (#285)
dependabot[bot] Feb 7, 2022
8f080ea
Bump github.com/anchore/syft from 0.37.5 to 0.37.10
dependabot[bot] Feb 8, 2022
02183b6
make logger writers public (#284)
Feb 9, 2022
82fbf79
Bump github.com/anchore/syft from 0.37.10 to 0.38.0
dependabot[bot] Feb 16, 2022
07ce8a2
add SBOM logging to scribe.Emitter
Feb 16, 2022
99c168f
Fixes error interpolation case where err is nil (#289)
ryanmoran Feb 23, 2022
fb8c35f
Bump github.com/anchore/syft from 0.38.0 to 0.39.3
dependabot[bot] Feb 28, 2022
06a914f
Trims whitespace around dependency-mapping values (#291)
ryanmoran Mar 2, 2022
e3ed2b9
Bump github.com/anchore/syft from 0.39.3 to 0.40.0
dependabot[bot] Mar 3, 2022
01b7e94
assert that syft SBOM schema major version is fixed
Mar 3, 2022
8117a8c
Bump github.com/anchore/syft from 0.40.0 to 0.40.1
dependabot[bot] Mar 7, 2022
8bb42ef
Bump github.com/anchore/syft from 0.40.1 to 0.41.0
dependabot[bot] Mar 8, 2022
cf9981d
Fixes format references for SBOM
Mar 8, 2022
e0511eb
Bump github.com/anchore/syft from 0.41.0 to 0.41.1
dependabot[bot] Mar 9, 2022
d2001eb
Updates README and adds top level blurb
ForestEckhardt Mar 10, 2022
68f1252
Adds missing description lines
ForestEckhardt Mar 10, 2022
ed29b63
Fixes docs badge
ForestEckhardt Mar 10, 2022
5ff9d3b
Fixes line continuations in indented writer streams
Mar 16, 2022
306103e
Use a file source for SBOM when applicable
Mar 18, 2022
d176542
Add "application/octet-stream" as an allowed file type
joshuatcasey Mar 23, 2022
545e8c0
Fix: application/x-executable should use NewExecutable decompression …
joshuatcasey Mar 23, 2022
1d7e9a9
Update create-release.yml
ryanmoran Mar 24, 2022
cbf7ba2
consolidate PR autolabeler (#314)
Mar 24, 2022
6ff09da
Bump github.com/onsi/gomega from 1.18.1 to 1.19.0 (#316)
dependabot[bot] Mar 28, 2022
580c283
Add commands.PopulateExecDCommands to move bin/* commands into an exe…
joshuatcasey Mar 15, 2022
7484d77
Move "exec.d" into the Layer
joshuatcasey Mar 21, 2022
3735008
Use matcher BeARegularFile
joshuatcasey Mar 23, 2022
579f71a
use err from fs.Copy
joshuatcasey Mar 24, 2022
c7fa1a6
Upgrades actions to go 1.18
ForestEckhardt Mar 31, 2022
1c5ad2f
Complete comment block to pacify linter
ForestEckhardt Mar 31, 2022
e050758
approve and enable auto-merge on bot PRs (#323)
Apr 4, 2022
6954a42
Bump github.com/BurntSushi/toml from 1.0.0 to 1.1.0 (#324)
dependabot[bot] Apr 5, 2022
1baf032
add cyclonedx13 and syft2 implementations of Syft sbom.Format
Mar 24, 2022
23a81a1
address linter complaints
Mar 24, 2022
776ba7a
add syft 3.0.1; unit tests passing
Apr 4, 2022
80341f5
register syft3.0.1 format, update default schema versions
Apr 4, 2022
610f3b8
remove dead code; get tests passing with upgraded syft 0.43.0
Apr 4, 2022
29abfed
adjust FormattedReader implementation to preserve test compatibility
Apr 7, 2022
e3745cd
upgrade to latest syft
Apr 7, 2022
e6b2701
Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#326)
dependabot[bot] Apr 11, 2022
b5dff77
Adds sbom.NewSBOM (#327)
ryanmoran Apr 12, 2022
67120d3
Bump github.com/anchore/syft from 0.43.2 to 0.44.0 (#328)
dependabot[bot] Apr 13, 2022
53a23cf
Bump github.com/anchore/syft from 0.44.0 to 0.44.1 (#332)
dependabot[bot] Apr 18, 2022
fe74309
update auto-label workflow trigger
Apr 18, 2022
2247967
rebase instead of squash on auto-merge
Apr 18, 2022
0ff8008
Bump github.com/pelletier/go-toml from 1.9.4 to 1.9.5
dependabot[bot] Apr 22, 2022
733d098
API 0.8: Allows for process specific working directory (#336)
ForestEckhardt Apr 25, 2022
a8d191f
Bump github.com/google/go-cmp from 0.5.7 to 0.5.8
dependabot[bot] Apr 27, 2022
f95ee58
API 0.8: Uses environment variables over postional args when availabl…
ForestEckhardt Apr 27, 2022
5fa7790
Fallback to id if idLike doesn't exist
Apr 28, 2022
e9bd6e2
Bump github.com/anchore/syft from 0.44.1 to 0.45.0
dependabot[bot] May 2, 2022
dd5868f
Bump github.com/anchore/syft from 0.45.0 to 0.45.1
dependabot[bot] May 4, 2022
bf5a320
Remove deprecated ioutil package.
robdimsdale May 11, 2022
22b1ca9
Bump github.com/anchore/syft from 0.45.1 to 0.46.0
dependabot[bot] May 13, 2022
7b9a5b0
Bump github.com/anchore/syft from 0.46.0 to 0.46.1
dependabot[bot] May 17, 2022
5d38995
Bump github.com/anchore/syft from 0.46.1 to 0.46.2
dependabot[bot] May 24, 2022
5022b00
Bump github.com/anchore/syft from 0.46.2 to 0.46.3
dependabot[bot] May 26, 2022
5d8cd20
Bump github.com/stretchr/testify from 1.7.1 to 1.7.2
dependabot[bot] Jun 7, 2022
10340fb
Bump github.com/anchore/syft from 0.46.3 to 0.47.0
dependabot[bot] Jun 10, 2022
f9813db
Bump github.com/anchore/syft from 0.47.0 to 0.48.1
dependabot[bot] Jun 17, 2022
8f861ec
Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
dependabot[bot] Jun 21, 2022
115372f
Adds scribe.WithPrefix option for scribe.Writer
Jun 22, 2022
95719da
Bump github.com/stretchr/testify from 1.7.4 to 1.7.5
dependabot[bot] Jun 24, 2022
63415bf
Bump github.com/anchore/syft from 0.48.1 to 0.49.0
dependabot[bot] Jun 27, 2022
0536aa9
Bump github.com/stretchr/testify from 1.7.5 to 1.8.0
dependabot[bot] Jun 30, 2022
795b1b9
Bump github.com/anchore/syft from 0.49.0 to 0.50.0
dependabot[bot] Jul 7, 2022
5add877
Bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1
dependabot[bot] Jul 8, 2022
429f8e4
Bump github.com/anchore/syft from 0.50.0 to 0.51.0
dependabot[bot] Jul 12, 2022
4a6b6e9
Bump github.com/onsi/gomega from 1.19.0 to 1.20.0
dependabot[bot] Jul 21, 2022
15857fd
Bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0
dependabot[bot] Jul 21, 2022
e6a8364
Bump github.com/anchore/syft from 0.51.0 to 0.52.0
dependabot[bot] Jul 22, 2022
b8f20b3
add logging for layer flags and env var configuration
Jul 26, 2022
05348af
test NewFormattedMapFromEnvironment with non-packit.Environment map
Jul 26, 2022
43dbd22
Bump github.com/anchore/syft from 0.52.0 to 0.53.0
dependabot[bot] Aug 1, 2022
548b1e3
Validate env var names before writing env var files (#365)
Aug 2, 2022
7cc181e
Bump github.com/anchore/syft from 0.53.0 to 0.53.2
dependabot[bot] Aug 3, 2022
3b843c5
Makes CycloneDX SBOM Reproducible (#369)
ForestEckhardt Aug 3, 2022
3d5da08
Adds a reproducibility verification check (#371)
ForestEckhardt Aug 3, 2022
3e01d1e
Bump github.com/anchore/syft from 0.53.2 to 0.53.4
dependabot[bot] Aug 4, 2022
ba6658c
Add support for wild-card stacks in dependencies
sambhav Aug 4, 2022
aade3bb
Makes SPDX SBOM Reproducible
ForestEckhardt Aug 3, 2022
d8bc1a6
Update sbom/formatted_reader.go
ForestEckhardt Aug 3, 2022
f027902
Makes SPDX test with SOURCE_DATE_EPOCH run in seires and adds a failu…
ForestEckhardt Aug 3, 2022
602660a
Update sbom/formatted_reader.go
ForestEckhardt Aug 3, 2022
1434903
compare SBOM output as strings
Aug 3, 2022
341fa34
assert that output SPDX is valid SPDX
Aug 3, 2022
fec3ba5
Removes unnecesary loops
ForestEckhardt Aug 4, 2022
4e304e4
Removes use of third party hashing library
ForestEckhardt Aug 4, 2022
32d5998
variable rename; typo fix
Aug 4, 2022
444cccb
GenerateFromDependency without CPE or PURL (#373)
Aug 5, 2022
c773010
add CPEs to buildpack.toml dependency schema
Aug 5, 2022
49787b5
test that CPEs are included in parsed postal dependency
Aug 5, 2022
8b897da
deprecate CPE in buildpack.toml
Aug 5, 2022
2ecad07
Update lint.yml (#380)
ForestEckhardt Aug 9, 2022
5c8e862
Marshal CycloneDX/SPDX SBOM with indentation (#379)
Aug 9, 2022
8bb254b
Adds strip-components field to cargo
ForestEckhardt Aug 23, 2022
a9983c8
Bump github.com/onsi/gomega from 1.20.0 to 1.20.1
dependabot[bot] Aug 29, 2022
56d7667
Bump github.com/anchore/syft from 0.53.4 to 0.54.0
dependabot[bot] Aug 29, 2022
7dfd95a
Update test expectation
ForestEckhardt Aug 29, 2022
1224515
Standardize workflows to appear more similar to github-config
joshuatcasey Aug 30, 2022
56b3d48
Bump github.com/anchore/syft from 0.54.0 to 0.55.0
dependabot[bot] Aug 30, 2022
8f76e7a
Bump github.com/onsi/gomega from 1.20.1 to 1.20.2
dependabot[bot] Sep 1, 2022
9c33469
Bump github.com/google/go-cmp from 0.5.8 to 0.5.9
dependabot[bot] Sep 9, 2022
54dcc85
Add update-github-config workflow to sync from github-config/library
joshuatcasey Sep 8, 2022
998393f
Open github-config updates against v2 branch
ryanmoran Sep 12, 2022
d991581
Bump github.com/anchore/syft from 0.55.0 to 0.56.0
dependabot[bot] Sep 13, 2022
3f5210f
rename RpmdbMetadata --> RpmMetadata to match upstream
Sep 13, 2022
7f7eaad
Adds checksum and source-checksum field in dependencies
ForestEckhardt Sep 12, 2022
de1bc36
Deprecates sha256 and source_sha256
ForestEckhardt Sep 12, 2022
b5e27ef
Allow checksum field usage in legacy SBOM
Sep 16, 2022
bc31d56
switch to using Checksum in new SBOM tests
Sep 16, 2022
9339a24
Update postal/service.go
Sep 20, 2022
8a63129
Bump github.com/anchore/syft from 0.56.0 to 0.57.0
dependabot[bot] Sep 20, 2022
190426a
Fixes sbom.AllCoordinates references
Sep 20, 2022
cd69bd3
Add AreChecksumsEqual (#398)
joshuatcasey Sep 21, 2022
246a747
Refactors out common Checksum concept (#399)
ryanmoran Sep 27, 2022
fe14322
Bump github.com/anchore/syft from 0.57.0 to 0.58.0
dependabot[bot] Sep 30, 2022
11cf297
Deprioritize wildcard stacks when resolving dependency.
robdimsdale Sep 30, 2022
77b6938
Updating github-config
paketo-bot Sep 14, 2022
53d7bd7
Updating github-config
paketo-bot Oct 4, 2022
881a73d
Bump github.com/onsi/gomega from 1.20.2 to 1.21.1
dependabot[bot] Oct 7, 2022
57021e5
Bump github.com/onsi/gomega from 1.21.1 to 1.22.1
dependabot[bot] Oct 12, 2022
0e95819
Bump github.com/anchore/syft from 0.58.0 to 0.59.0
dependabot[bot] Oct 18, 2022
bfefb95
Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
dependabot[bot] Oct 24, 2022
37dbc35
Bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
dependabot[bot] Oct 24, 2022
ec2329c
Bump github.com/onsi/gomega from 1.22.1 to 1.23.0
dependabot[bot] Oct 27, 2022
9bfc1d4
Bump github.com/anchore/syft from 0.59.0 to 0.60.0
dependabot[bot] Nov 1, 2022
054c1ca
Bump github.com/anchore/syft from 0.60.0 to 0.60.1
dependabot[bot] Nov 2, 2022
181d2b3
Bump github.com/onsi/gomega from 1.23.0 to 1.24.0
dependabot[bot] Nov 3, 2022
6a7f27d
Bump github.com/anchore/syft from 0.60.1 to 0.60.2
dependabot[bot] Nov 3, 2022
0ce9f56
Converts all present strip-componets keys to integers (#417)
ForestEckhardt Nov 3, 2022
85db596
Bump github.com/anchore/syft from 0.60.2 to 0.60.3
dependabot[bot] Nov 3, 2022
e7bd30a
enable support for checksum in postal dependency mappings (#422)
Nov 4, 2022
7d3ea90
Updating github-config
paketo-bot Nov 9, 2022
86b7e87
Bump github.com/onsi/gomega from 1.24.0 to 1.24.1
dependabot[bot] Nov 10, 2022
1820200
Return a typed error when no dependencies are found during resolution.
robdimsdale Nov 10, 2022
d53b6dd
Bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.2.0
dependabot[bot] Nov 29, 2022
ffd6402
Bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
dependabot[bot] Dec 13, 2022
7946103
Bump github.com/onsi/gomega from 1.24.1 to 1.24.2
dependabot[bot] Dec 15, 2022
ac9385b
Bump github.com/sergi/go-diff from 1.2.0 to 1.3.1
dependabot[bot] Jan 16, 2023
f959f31
Bump Syft from 0.60.3 to 0.66.1 (#440)
Jan 17, 2023
e89d955
Bump github.com/apex/log from 1.1.4 to 1.9.0
dependabot[bot] Jan 18, 2023
f58bd8e
Bump github.com/onsi/gomega from 1.24.2 to 1.25.0
dependabot[bot] Jan 18, 2023
5b6af78
Updating github-config
paketo-bot Jan 18, 2023
cc22b52
Updating github-config
paketo-bot Jan 21, 2023
42a0269
Bump github.com/anchore/syft from 0.66.1 to 0.68.0
dependabot[bot] Jan 23, 2023
531c596
Fix sbom syft tests
Jan 23, 2023
663a970
Bump github.com/onsi/gomega from 1.25.0 to 1.26.0
dependabot[bot] Jan 24, 2023
13b0ecc
Bump github.com/anchore/syft from 0.68.0 to 0.68.1
dependabot[bot] Jan 26, 2023
7fc64d7
fix spdx sbom tests
Jan 26, 2023
c7c3398
Bump github.com/anchore/syft from 0.68.1 to 0.69.0
dependabot[bot] Jan 31, 2023
64169e4
Bump github.com/anchore/syft from 0.69.0 to 0.69.1
dependabot[bot] Feb 1, 2023
1be192e
Fix spdx common references for new library version
Feb 2, 2023
a97c19b
Bump github.com/anchore/syft from 0.69.1 to 0.70.0
dependabot[bot] Feb 6, 2023
1072dbc
Bump github.com/onsi/gomega from 1.26.0 to 1.27.0
dependabot[bot] Feb 17, 2023
aa8161a
Bump github.com/onsi/gomega from 1.27.0 to 1.27.1
dependabot[bot] Feb 20, 2023
e4f7c46
Bump github.com/anchore/syft from 0.70.0 to 0.72.0
dependabot[bot] Feb 20, 2023
e1f6949
Fixe syft formatting issues
Feb 21, 2023
d41178d
Fix confusion in boolean parameter order in tests
pbusko Feb 23, 2023
c40e34d
Bump github.com/anchore/syft from 0.72.0 to 0.73.0
dependabot[bot] Feb 23, 2023
35cf40c
Fixes sbom tests
Feb 23, 2023
dcc1374
Updating github-config
paketo-bot Feb 3, 2023
706743a
Updating github-config
paketo-bot Feb 24, 2023
2a4b22d
Updating github-config
paketo-bot Feb 25, 2023
814626f
Bump github.com/stretchr/testify from 1.8.1 to 1.8.2
dependabot[bot] Feb 27, 2023
60faaec
Bump github.com/onsi/gomega from 1.27.1 to 1.27.2
dependabot[bot] Feb 28, 2023
8a2fa04
Bump github.com/anchore/syft from 0.73.0 to 0.74.0
dependabot[bot] Mar 3, 2023
c2c06a4
Addstack extension support
phil9909 Dec 7, 2022
34d99ab
Bump github.com/gabriel-vasile/mimetype from 1.4.1 to 1.4.2
dependabot[bot] Mar 9, 2023
be2f594
Updating github-config
paketo-bot Mar 9, 2023
909d039
Bump github.com/onsi/gomega from 1.27.2 to 1.27.3
dependabot[bot] Mar 13, 2023
87586bc
Bump github.com/onsi/gomega from 1.27.3 to 1.27.4
dependabot[bot] Mar 14, 2023
0c723ae
Adds stdin to pexec (#472)
ryanmoran Mar 16, 2023
61144ef
Updating github-config
paketo-bot Mar 21, 2023
73d8bc1
Bump github.com/onsi/gomega from 1.27.4 to 1.27.5
dependabot[bot] Mar 24, 2023
ad03504
Bump github.com/onsi/gomega from 1.27.5 to 1.27.6
dependabot[bot] Mar 30, 2023
9784594
Bump github.com/anchore/syft from 0.74.0 to 0.75.0
dependabot[bot] Mar 30, 2023
c0228c6
Updates documentNamespace expectation
ForestEckhardt Mar 30, 2023
6e01b44
raise error when dependecy download returns http error status code
phil9909 Mar 31, 2023
a9c466f
Bump github.com/anchore/syft from 0.75.0 to 0.76.0
dependabot[bot] Apr 3, 2023
3acbbae
Updating github-config
paketo-bot Apr 6, 2023
60d240d
Bump github.com/Masterminds/semver/v3 from 3.2.0 to 3.2.1
dependabot[bot] Apr 11, 2023
95a690c
Bump github.com/anchore/syft from 0.76.0 to 0.79.0 (#488)
dependabot[bot] Apr 25, 2023
1dd83ed
Adding Extension config (#489)
pacostas May 2, 2023
97dea53
adding hasStack method for ConfigExtension
pacostas May 4, 2023
a65afbb
Bump github.com/anchore/syft from 0.79.0 to 0.80.0 (#491)
dependabot[bot] May 9, 2023
4a226ae
Add support for buildpack API v0.9 (#486)
modulo11 May 11, 2023
74d5f06
Bump github.com/onsi/gomega from 1.27.6 to 1.27.7
dependabot[bot] May 19, 2023
67a71e0
Bump github.com/stretchr/testify from 1.8.2 to 1.8.3
dependabot[bot] May 19, 2023
d94b1ef
Bump github.com/stretchr/testify from 1.8.3 to 1.8.4
dependabot[bot] May 31, 2023
c65a7b7
Bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0
dependabot[bot] May 31, 2023
1d84cfe
Bump github.com/onsi/gomega from 1.27.7 to 1.27.8
dependabot[bot] Jun 7, 2023
6c889fc
Bump github.com/BurntSushi/toml from 1.3.0 to 1.3.1
dependabot[bot] Jun 7, 2023
65e47b8
Bump github.com/BurntSushi/toml from 1.3.1 to 1.3.2
dependabot[bot] Jun 9, 2023
2ef9116
Bump github.com/onsi/gomega from 1.27.8 to 1.27.9
dependabot[bot] Jul 24, 2023
abeb000
Bump github.com/onsi/gomega from 1.27.9 to 1.27.10
dependabot[bot] Jul 25, 2023
de0f00f
Bump github.com/google/uuid from 1.3.0 to 1.3.1
dependabot[bot] Aug 22, 2023
8a7cf8f
Bump github.com/onsi/gomega from 1.27.10 to 1.28.0
dependabot[bot] Sep 29, 2023
7893a5c
Updating github-config
paketo-bot Oct 10, 2023
0ce6d54
Bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3
dependabot[bot] Oct 13, 2023
14ebfa0
Bump github.com/onsi/gomega from 1.28.0 to 1.28.1
dependabot[bot] Oct 23, 2023
fb332c0
Enable Alternative Checksum format of algorithm_hash (#526)
ChuckQuinnIV Oct 23, 2023
7ece65c
Bump github.com/onsi/gomega from 1.28.1 to 1.29.0
dependabot[bot] Oct 26, 2023
42ee8c8
Bump github.com/google/uuid from 1.3.1 to 1.4.0
dependabot[bot] Oct 27, 2023
c8db4ec
Updating github-config
paketo-bot Oct 26, 2023
0649674
Bump github.com/onsi/gomega from 1.29.0 to 1.30.0
dependabot[bot] Nov 9, 2023
c10f263
Updating github-config
paketo-bot Nov 7, 2023
703e4fb
Bump github.com/google/uuid from 1.4.0 to 1.5.0
dependabot[bot] Dec 13, 2023
dbbbbc5
Bump github.com/onsi/gomega from 1.30.0 to 1.31.0
dependabot[bot] Jan 18, 2024
b31dc83
Bump github.com/onsi/gomega from 1.31.0 to 1.31.1
dependabot[bot] Jan 22, 2024
c1b785b
Bump github.com/google/uuid from 1.5.0 to 1.6.0
dependabot[bot] Jan 24, 2024
777a503
Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
dependabot[bot] Mar 4, 2024
95b8056
Bump github.com/onsi/gomega from 1.31.1 to 1.32.0
dependabot[bot] Mar 19, 2024
dd77ec5
Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12
dependabot[bot] Apr 4, 2024
4e9c21d
Bump github.com/onsi/gomega from 1.32.0 to 1.33.0
dependabot[bot] Apr 19, 2024
4c9f338
Allows users to set a dependency mirror (#563)
TisVictress Apr 22, 2024
ce376b7
Fixes mirror bug when originalHost is excluded (#569)
TisVictress Apr 29, 2024
35d8f76
Bump github.com/onsi/gomega from 1.33.0 to 1.33.1
dependabot[bot] Apr 30, 2024
13393ec
Support reading service bindings from VCAP_SERVICES env var (#566)
pbusko May 2, 2024
4ff7347
Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0
dependabot[bot] May 24, 2024
a8ac405
Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4
dependabot[bot] May 27, 2024
e366827
Updating github-config
paketo-bot Jun 4, 2024
ec908a0
Updates go mod toolchain version to 1.22.4
paketo-bot Jun 10, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions .github/.patch_files
Original file line number Diff line number Diff line change
@@ -1,14 +1,18 @@
.github/.patch_files
.github/.syncignore
.github/CODEOWNERS
.github/dependabot.yml
.github/labels.yml
.github/workflows/check-pr-labels.yml
.github/CODEOWNERS
.github/workflows
.github/workflows/approve-bot-pr.yml
.github/workflows/codeql-analysis.yml
.github/workflows/label-pr.yml
.github/workflows/lint.yml
.github/workflows/synchronize-labels.yml
.github/workflows/update-github-config.yml
.github/workflows/create-draft-release.yml
.github/workflows/test-pull-request.yml
.github/workflows/lint-yaml.yml
.github/workflows/synchronize-labels.yml
.github/workflows/label-pr.yml
.github/.syncignore
.github/dependabot.yml
.gitignore
LICENSE
NOTICE
Expand Down
1 change: 1 addition & 0 deletions .github/.syncignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CODEOWNERS
2 changes: 1 addition & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
version: 2
updates:
- package-ecosystem: gomod
directory: "/"
schedule:
interval: daily
open-pull-requests-limit: 10
24 changes: 24 additions & 0 deletions .github/labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,27 @@
- name: documentation
description: This issue relates to writing documentation
color: D4C5F9
- name: help wanted
description: Extra attention is needed
color: 008672
- name: semver:major
description: A change requiring a major version bump
color: 6b230e
- name: semver:minor
description: A change requiring a minor version bump
color: cc6749
- name: semver:patch
description: A change requiring a patch version bump
color: f9d0c4
- name: good first issue
description: A good first issue to get started with
color: d3fc03
- name: "failure:release"
description: An issue filed automatically when a release workflow run fails
color: f00a0a
- name: "failure:update-github-config"
description: An issue filed automatically when a github config update workflow run fails
color: f00a0a
- name: "failure:approve-bot-pr"
description: An issue filed automatically when a PR auto-approve workflow run fails
color: f00a0a
88 changes: 88 additions & 0 deletions .github/workflows/approve-bot-pr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: Approve Bot PRs and Enable Auto-Merge

on:
workflow_run:
workflows: ["Test Pull Request"]
types:
- completed

jobs:
download:
name: Download PR Artifact
if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-22.04
outputs:
pr-author: ${{ steps.pr-data.outputs.author }}
pr-number: ${{ steps.pr-data.outputs.number }}
steps:
- name: 'Download artifact'
uses: paketo-buildpacks/github-config/actions/pull-request/download-artifact@main
with:
name: "event-payload"
repo: ${{ github.repository }}
run_id: ${{ github.event.workflow_run.id }}
workspace: "/github/workspace"
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
- id: pr-data
run: |
echo "author=$(cat event.json | jq -r '.pull_request.user.login')" >> "$GITHUB_OUTPUT"
echo "number=$(cat event.json | jq -r '.pull_request.number')" >> "$GITHUB_OUTPUT"

approve:
name: Approve Bot PRs
needs: download
if: ${{ needs.download.outputs.pr-author == 'paketo-bot' || needs.download.outputs.pr-author == 'dependabot[bot]' }}
runs-on: ubuntu-22.04
steps:
- name: Check Commit Verification
id: unverified-commits
uses: paketo-buildpacks/github-config/actions/pull-request/check-unverified-commits@main
with:
token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
repo: ${{ github.repository }}
number: ${{ needs.download.outputs.pr-number }}

- name: Check for Human Commits
id: human-commits
uses: paketo-buildpacks/github-config/actions/pull-request/check-human-commits@main
with:
token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
repo: ${{ github.repository }}
number: ${{ needs.download.outputs.pr-number }}

- name: Checkout
if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
uses: actions/checkout@v3

- name: Approve
if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
uses: paketo-buildpacks/github-config/actions/pull-request/approve@main
with:
token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
number: ${{ needs.download.outputs.pr-number }}

- name: Enable Auto-Merge
if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
run: |
gh pr merge ${{ needs.download.outputs.pr-number }} --auto --rebase
env:
GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}

failure:
name: Alert on Failure
runs-on: ubuntu-22.04
needs: [download, approve]
if: ${{ always() && needs.download.result == 'failure' || needs.approve.result == 'failure' }}
steps:
- name: File Failure Alert Issue
uses: paketo-buildpacks/github-config/actions/issue/file@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
repo: ${{ github.repository }}
label: "failure:approve-bot-pr"
comment_if_exists: true
issue_title: "Failure: Approve bot PR workflow"
issue_body: |
Approve bot PR workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
comment_body: |
Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
24 changes: 0 additions & 24 deletions .github/workflows/check-pr-labels.yml

This file was deleted.

20 changes: 12 additions & 8 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,20 @@ name: "CodeQL"

on:
push:
branches: [ main ]
branches:
- main
- v*
pull_request:
branches: [ main ]
branches:
- main
- v*
schedule:
- cron: '0 0 * * *' # Once a day at midnight
- cron: '24 18 * * *' # daily at 18:24 UTC

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

strategy:
fail-fast: false
Expand All @@ -21,15 +25,15 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
name: Create Release
name: Create or Update Draft Release

on:
push:
branches:
- main
- v*
repository_dispatch:
types: [ version-bump ]
workflow_dispatch:
inputs:
version:
Expand All @@ -15,29 +18,30 @@ concurrency: release
jobs:
unit:
name: Unit Tests
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- name: Setup Go
uses: actions/setup-go@v1
uses: actions/setup-go@v3
with:
go-version: 1.16
go-version: 'stable'
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Run Unit Tests
run: go test -v -count=1 ./...
run: ./scripts/unit.sh

release:
name: Release
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: unit
steps:
- name: Setup Go
uses: actions/setup-go@v2.1.3
uses: actions/setup-go@v3
with:
go-version: 1.16.x
go-version: 'stable'
- name: Checkout
uses: actions/checkout@v2
- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
uses: actions/checkout@v3
with:
fetch-tags: true
- name: Reset Draft Release
id: reset
uses: paketo-buildpacks/github-config/actions/release/reset-draft@main
Expand All @@ -51,15 +55,16 @@ jobs:
with:
repo: ${{ github.repository }}
token: ${{ github.token }}
ref-name: ${{ github.ref_name }}
- name: Set Release Tag
id: tag
run: |
tag="${{ github.event.inputs.version }}"
if [ -z "${tag}" ]; then
tag="${{ steps.semver.outputs.tag }}"
fi
echo "::set-output name=tag::${tag}"
- name: Create Draft Release
echo "tag=${tag}" >> "$GITHUB_OUTPUT"
- name: Create Release
uses: paketo-buildpacks/github-config/actions/release/create@main
with:
repo: ${{ github.repository }}
Expand All @@ -68,3 +73,22 @@ jobs:
target_commitish: ${{ github.sha }}
name: v${{ steps.tag.outputs.tag }}
draft: true

failure:
name: Alert on Failure
runs-on: ubuntu-22.04
needs: [ unit, release ]
if: ${{ always() && needs.unit.result == 'failure' || needs.release.result == 'failure' }}
steps:
- name: File Failure Alert Issue
uses: paketo-buildpacks/github-config/actions/issue/file@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
repo: ${{ github.repository }}
label: "failure:release"
comment_if_exists: true
issue_title: "Failure: Create Draft Release workflow"
issue_body: |
Create Draft Release workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
comment_body: |
Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
29 changes: 23 additions & 6 deletions .github/workflows/label-pr.yml
Original file line number Diff line number Diff line change
@@ -1,17 +1,34 @@
name: Auto-label PR
name: Set / Validate PR Labels
on:
pull_request:
pull_request_target:
branches:
- main
- v*
types:
- synchronize
- opened
- reopened
- labeled
- unlabeled

concurrency: pr_labels
concurrency: pr_labels_${{ github.event.number }}

jobs:
semver-label:
name: Semver Auto-Label
runs-on: ubuntu-latest
autolabel:
name: Ensure Minimal Semver Labels
runs-on: ubuntu-22.04
steps:
- name: Check Minimal Semver Labels
uses: mheap/github-action-required-labels@v3
with:
count: 1
labels: semver:major, semver:minor, semver:patch
mode: exactly
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Auto-label Semver
if: ${{ failure() }}
uses: paketo-buildpacks/github-config/actions/pull-request/auto-semver-label@main
env:
GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
30 changes: 30 additions & 0 deletions .github/workflows/lint-yaml.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Lint Workflows

on:
pull_request:
paths:
- '.github/**.yml'
- '.github/**.yaml'

jobs:
lintYaml:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3

- name: Checkout github-config
uses: actions/checkout@v3
with:
repository: paketo-buildpacks/github-config
path: github-config

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.8

- name: Install yamllint
run: pip install yamllint

- name: Lint YAML files
run: yamllint ./.github -c github-config/.github/.yamllint
Loading
Loading