Commit Graph

59 Commits (f6afa2b95f15feb31bf6621ca83ee996b6bb1467)

Author SHA1 Message Date
Gabriela Gutierrez f6afa2b95f
Ref actions by commit SHA in release.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Gabriela Gutierrez 0f90ed4833
Ref actions by commit SHA in lint.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/setup-go/releases/tag/v4.0.1
fac708d667

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/golangci/golangci-lint-action/releases/tag/v3.5.0
5f1fec7010


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Gabriela Gutierrez 2d8c888a00
Ref actions by commit SHA in labeler.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/labeler/releases/tag/v4.1.0
9fcb2c2f55


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Gabriela Gutierrez 7865eebd82
Ref actions by commit SHA in build_test.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/setup-go/releases/tag/v4.0.1
fac708d667

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/actions/cache/releases/tag/v3.3.1
88522ab9f3


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Gabriela Gutierrez 2d2db8fee9
Create SECURITY.md
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
dependabot[bot] d6ee47e5dc
chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...v3.1.2)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
shirou 755bcab7b9
Update branch of sbom_generator.yml
shirou 90f9165482 Merge branch 'master' of github.com:shirou/gopsutil into feature/add_sbom_github_actions
shirou 68a3b4210c fix: remove ubuntu-18.04, add macos-12, windows-2022
ubuntu-18.04 has been deprecated:
https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
shirou d7f65a84ca Add github SBOM Generator
See this GitHub blog post
https://github.blog/2023-03-28-introducing-self-service-sboms/
dependabot[bot] 0f0223064d
chore(deps): bump actions/setup-go from 3 to 4
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] 3ece2bff78
chore(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Lomanic 2553c620ed [ci] Remove deprecated macos-10.15 virtual environment in tests
Ref https://github.com/actions/virtual-environments/issues/5583
shirou 37a0bf3fa1 feat: add github release.yml
shirou 4f1f5b314d fix(actions): add write permission to release action
shirou a91ea95c78 feat(actions): go-version will be latest two version automatically on CI
nathannaveen 3a2c8dd4f8 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
shirou ea6bed829b add a GitHub action to auto release
dependabot[bot] b5592414b5
Bump actions/setup-go from 2 to 3
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] b68e0acc74
Bump actions/cache from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
shirou 8717edb669 remove Windows 2016 from tests.
see https://github.com/actions/virtual-environments/issues/5238
Lomanic c0f6ce3804
Merge pull request #1264 from shirou/dependabot/github_actions/actions/labeler-4
Bump actions/labeler from 3.0.2 to 4
dependabot[bot] ff016751b6
Bump actions/labeler from 3.0.2 to 4
Bumps [actions/labeler](https://github.com/actions/labeler) from 3.0.2 to 4.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v3.0.2...v4)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] aa9aca7d12
Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] a22a057761
Bump golangci/golangci-lint-action from 2 to 3
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 2 to 3.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
shirou 59e366d674 remove codecov
Matthieu MOREL fe2fab4938
Update test.yml
Matthieu MOREL 2252055b93
enable codecoverage
Matthieu MOREL f8c685e717
enable caching in workflows
Matthieu MOREL 08a73c90a6
Delete run-commit.yml
Matthieu MOREL 5eac39f418
Update run-commit.yml
Matthieu MOREL 3664dbb362
Update run-commit.yml
Matthieu MOREL 04c870cb3d
Update run-commit.yml
Matthieu MOREL fbdbfec158
Update run-commit.yml
Matthieu MOREL a2420eab64
Create run-commit.yml
shirou d2e27c1712 fix dependabot v2 deletion.
shirou 0969c9436b delete v2 directory, move v3 to top #1078
Matthieu MOREL 15ce718263
Update lint.yml
Matthieu MOREL ae6d769a24
setup golangci-lint
shirou 4db4dc09a0 [v3] fix Signal import on dragonfly OS in fallback
shirou ed7efd5d01 fix path on build_test
shirou a4ec7a2e77 fix build_test workflow
shirou 63210193c2 add build_test to github action
shirou bf37f4d1ec Update github action virtual environments and golang version
Golang: 15,16 -> 16, 17
Ubuntu: 1604, 1804 -> 1804, 2004
Mac: 10.14, 11.0 -> 10.15, 11
shirou ff3e668a6d
Create FUNDING.yml
shirou 1273f2cffb change test support version to 1.15 and 1.16.
dependabot[bot] 0f84c89cb4
Bump actions/labeler from 2 to 3.0.2
Bumps [actions/labeler](https://github.com/actions/labeler) from 2 to 3.0.2.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v2...v3.0.2)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Matthieu MOREL 0e9c4d3b85
Update dependabot.yml
Matthieu MOREL 26442de1b3
Create dependabot.yml
shirou 92aa11e80a use ludeeus/action-shellcheck for shellcheck.