Commit Graph

70 Commits (faad8060806256ffc4da37f9535160af4e8b0fee)

Author SHA1 Message Date
dependabot[bot] 47860a93c2
chore(deps): bump actions/checkout from 3.5.3 to 3.6.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](c85c95e3d7...f43a0e5ff2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 7e5f28a19a
chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](639cd343e1...3a91952989)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 95d458e650
chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fac708d667...93397bea11)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 9421df8699
chore(deps): bump actions/labeler from 4.2.0 to 4.3.0
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](0967ca812e...ac9175f8a1)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 3a5aa800b7
chore(deps): bump actions/labeler from 4.1.0 to 4.2.0
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](9fcb2c2f55...0967ca812e)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
shirou fb83fb22d6
Merge pull request #1483 from shirou/dependabot/github_actions/golangci/golangci-lint-action-3.6.0
chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0
2 years ago
dependabot[bot] e50406fcca
chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](5f1fec7010...639cd343e1)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 4eccb7db0e
chore(deps): bump actions/checkout from 3.5.2 to 3.5.3
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8e5e7e5ab8...c85c95e3d7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
Gabriela Gutierrez 147902f4cb
Ref actions by commit SHA in test.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/setup-go/releases/tag/v4.0.1
fac708d667

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/actions/cache/releases/tag/v3.3.1
88522ab9f3


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2 years ago
Gabriela Gutierrez 404301103d
Ref actions by commit SHA in shellcheck.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/ludeeus/action-shellcheck/releases/tag/2.0.0
00cae500b0


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2 years ago
Gabriela Gutierrez 346f7bc0fd
Ref actions by commit SHA in sbom_generator.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/advanced-security/sbom-generator-action/releases/tag/v0.0.1
375dee8e61

https://github.com/actions/upload-artifact/releases/tag/v3.1.2
0b7f8abb15


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2 years ago
Gabriela Gutierrez f6afa2b95f
Ref actions by commit SHA in release.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2 years ago
Gabriela Gutierrez 0f90ed4833
Ref actions by commit SHA in lint.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/setup-go/releases/tag/v4.0.1
fac708d667

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/golangci/golangci-lint-action/releases/tag/v3.5.0
5f1fec7010


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2 years ago
Gabriela Gutierrez 2d8c888a00
Ref actions by commit SHA in labeler.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/labeler/releases/tag/v4.1.0
9fcb2c2f55


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2 years ago
Gabriela Gutierrez 7865eebd82
Ref actions by commit SHA in build_test.yml
It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/setup-go/releases/tag/v4.0.1
fac708d667

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/actions/cache/releases/tag/v3.3.1
88522ab9f3


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2 years ago
Gabriela Gutierrez 2d2db8fee9
Create SECURITY.md
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2 years ago
dependabot[bot] d6ee47e5dc
chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...v3.1.2)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
shirou 755bcab7b9
Update branch of sbom_generator.yml 2 years ago
shirou 90f9165482 Merge branch 'master' of github.com:shirou/gopsutil into feature/add_sbom_github_actions 2 years ago
shirou 68a3b4210c fix: remove ubuntu-18.04, add macos-12, windows-2022
ubuntu-18.04 has been deprecated:
https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
2 years ago
shirou d7f65a84ca Add github SBOM Generator
See this GitHub blog post
https://github.blog/2023-03-28-introducing-self-service-sboms/
2 years ago
dependabot[bot] 0f0223064d
chore(deps): bump actions/setup-go from 3 to 4
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2 years ago
dependabot[bot] 3ece2bff78
chore(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
Lomanic 2553c620ed [ci] Remove deprecated macos-10.15 virtual environment in tests
Ref https://github.com/actions/virtual-environments/issues/5583
3 years ago
shirou 37a0bf3fa1 feat: add github release.yml 3 years ago
shirou 4f1f5b314d fix(actions): add write permission to release action 3 years ago
shirou a91ea95c78 feat(actions): go-version will be latest two version automatically on CI 3 years ago
nathannaveen 3a2c8dd4f8 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
3 years ago
shirou ea6bed829b add a GitHub action to auto release 3 years ago
dependabot[bot] b5592414b5
Bump actions/setup-go from 2 to 3
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
dependabot[bot] b68e0acc74
Bump actions/cache from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
shirou 8717edb669 remove Windows 2016 from tests.
see https://github.com/actions/virtual-environments/issues/5238
3 years ago
Lomanic c0f6ce3804
Merge pull request #1264 from shirou/dependabot/github_actions/actions/labeler-4
Bump actions/labeler from 3.0.2 to 4
3 years ago
dependabot[bot] ff016751b6
Bump actions/labeler from 3.0.2 to 4
Bumps [actions/labeler](https://github.com/actions/labeler) from 3.0.2 to 4.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v3.0.2...v4)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
dependabot[bot] aa9aca7d12
Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
dependabot[bot] a22a057761
Bump golangci/golangci-lint-action from 2 to 3
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 2 to 3.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
shirou 59e366d674 remove codecov 3 years ago
Matthieu MOREL fe2fab4938
Update test.yml 3 years ago
Matthieu MOREL 2252055b93
enable codecoverage 3 years ago
Matthieu MOREL f8c685e717
enable caching in workflows 3 years ago
Matthieu MOREL 08a73c90a6
Delete run-commit.yml 3 years ago
Matthieu MOREL 5eac39f418
Update run-commit.yml 3 years ago
Matthieu MOREL 3664dbb362
Update run-commit.yml 3 years ago
Matthieu MOREL 04c870cb3d
Update run-commit.yml 3 years ago
Matthieu MOREL fbdbfec158
Update run-commit.yml 3 years ago
Matthieu MOREL a2420eab64
Create run-commit.yml 3 years ago
shirou d2e27c1712 fix dependabot v2 deletion. 3 years ago
shirou 0969c9436b delete v2 directory, move v3 to top #1078 3 years ago
Matthieu MOREL 15ce718263
Update lint.yml 3 years ago
Matthieu MOREL ae6d769a24
setup golangci-lint 3 years ago