Commit Graph

2214 Commits

Author SHA1 Message Date
Jamie McCarthy 64be628534 Merge branch 'main' into jm-ci-rubyonrails 2024-04-26 06:13:12 -05:00
Dan Rigby 2435e57601 Merge pull request #2270 from jsoref/bump-actions
Checkout: Update all workflows to use Checkout V4
2024-04-25 12:52:18 -04:00
Dan Rigby 8ff5c7e7bb Merge branch 'main' into bump-actions 2024-04-25 12:51:52 -04:00
mponaws ac9c407320 Add starter-workflows for Policy Validator (#2375)
* Add starter-workflows for Policy Validator

* Add starter-workflows for Policy Validator

* Add starter-workflows for Policy Validator, removed references to GitHub secrets & S3 to keep it simple
2024-04-18 14:39:17 -05:00
Marco Gario 9963e8cd28 Merge pull request #2372 from actions/codeql-packages-read
Update CodeQL workflow to use packages:read permission.
2024-04-11 13:17:21 +02:00
Marco Gario a3194f5b47 Update CodeQL workflow to use packages:read permission.
Co-authored-by: Anders Starcke Henriksen <starcke@github.com>
2024-04-11 09:42:21 +02:00
Rex P ca5bcdc693 Add OSV-Scanner code scanning workflow (#2350)
* Add OSV-Scanner code scanning workflow

* Update code-scanning/osv-scanner.yml

Co-authored-by: Alexis Abril <alexisabril@github.com>

---------

Co-authored-by: Alexis Abril <alexisabril@github.com>
2024-04-09 22:21:33 -05:00
Josh Soref cd4b67d0b4 Checkout: Update all workflows to use Checkout V4 2024-04-05 15:29:37 -04:00
Issy Long 607f368fb0 Merge pull request #2363 from actions/larger-runners-not-ghes
codeql: Clarify that hosted larger runners only exist on GHEC
2024-04-03 16:22:33 +01:00
Issy Long 31a3e00dab codeql: Clarify that hosted larger runners only exist on GHEC
- Part of https://github.com/github/code-scanning/issues/13748.
2024-04-03 10:23:11 +01:00
Charly Garcia b53d05e4b0 ci: use artisan command to run test, because this ci/laravel.yml does not work properly in laravel when uses Pest instead of PHPUnit (#2284)
Co-authored-by: Alexis Abril <alexisabril@github.com>
2024-04-01 15:12:02 -05:00
SOOS-GSteen efd31e5f0f update soos dash action commit hash / sarif action version / logo (#2317)
* Update soos-dast-scan.yml

* Update soos-dast-scan.yml

* Update soos.svg

* Update code-scanning/soos-dast-scan.yml

Co-authored-by: Alexis Abril <alexisabril@github.com>

---------

Co-authored-by: Alexis Abril <alexisabril@github.com>
2024-04-01 15:11:05 -05:00
James M. Greene e4837fa768 Improve step name for Next.js build 2024-03-29 20:19:38 -05:00
James M. Greene eeef7a773c Merge pull request #2360 from actions/configure-pages-v5
Update all Pages workflows to use `actions/configure-pages@v5`
2024-03-29 20:09:51 -05:00
James M. Greene c9a0122a59 Update all Pages workflows to use actions/configure-pages@v5 2024-03-29 19:57:20 -05:00
Cameron Booth e6175cb011 Merge pull request #2359 from actions/alexisabril-patch-1
Update CODEOWNERS
2024-03-29 15:32:18 -07:00
Alexis Abril 87efe4c91d Update CODEOWNERS
Adding @actions/starter-workflows to each category to minimize notification pollution.
2024-03-29 15:20:42 -07:00
Alexis Abril 4ca845b387 Update CODEOWNERS
Simplifying the CODEOWNERS file to allow respective teams the capabilities to manage PRs as responsibilities have been updated recently. In the short term, this will add notifications to folks for each team.
2024-03-29 13:23:28 -07:00
James M. Greene 539cde590c Merge pull request #2351 from cclinet/update-astro-for-yarn
Fix: astro.yml for yarn based project
2024-03-27 22:40:13 -05:00
James M. Greene 0ac8e61930 Merge branch 'main' into update-astro-for-yarn 2024-03-27 22:39:47 -05:00
Spencer Schrock 4620c76b38 update Scorecard Action hashes and version comments (#2348)
* update action hashes and version comments

ossf/scorecard-action v2.1.2 is old and doesnt work after a Sigstore
change. https://blog.sigstore.dev/tuf-root-update/

Signed-off-by: Spencer Schrock <sschrock@google.com>

* downgrade actions/upload-artifact to node20 version of v3

dependabot will suggest upgrade to v4.3.1 for repos that can upgrade.
note: v3.pre.node20 is how dependabot refers to the pinned hash, so
use that so it can upgrade the comment

Signed-off-by: Spencer Schrock <sschrock@google.com>

* upgrade github/codeql-action/upload-sarif to v3.24.9

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Alexis Abril <alexisabril@github.com>
2024-03-27 13:25:03 -07:00
Andreas Deininger 831e9cb8e4 Bump workflow actions of various starter files (#2210) 2024-03-27 10:51:41 -07:00
Marco Gario 4ccc742286 Merge pull request #2306 from actions/update_codeql_template
Code Scanning Update codeql.yml with new build-mode
2024-03-26 14:13:08 +01:00
Marco Gario fdbad9c74f Update codeql.yml
links to docs
2024-03-26 13:45:32 +01:00
Marco Gario 97c6254b5e Merge branch 'main' into update_codeql_template 2024-03-26 13:35:12 +01:00
Marco Gario aad9272438 Update codeql.yml
Limit matrix information in the job name to language by default
2024-03-26 13:18:17 +01:00
카기자판 61cdce264d Updating nextjs.yml for Next.js 14 Support (#2204)
* Update nextjs.yml

* Update nextjs.yml

---------

Co-authored-by: Alexis Abril <alexisabril@github.com>
2024-03-25 16:26:55 -07:00
cclin 0f4d22325b Update astro.yml for yarn based project 2024-03-25 16:05:58 +08:00
Tim Heuer 3fb9f82449 Updating dotnet CI starter workflows (#2333)
* Update dotnet.yml

Updating versions

* Update dotnet-desktop.yml

Bumping versions

* Update ci/dotnet-desktop.yml

Co-authored-by: Alexis Abril <alexisabril@github.com>

---------

Co-authored-by: Alexis Abril <alexisabril@github.com>
2024-03-12 14:08:25 -05:00
Chad Bentz 03277899f0 tfsec latest v0.1.4 (#2318) 2024-03-06 15:46:46 -06:00
Jamie McCarthy f2c131e699 Merge branch 'main' into jm-ci-rubyonrails 2024-03-02 07:08:37 -06:00
Marco Gario 4a8c4e08b0 Update code-scanning/codeql.yml
Co-authored-by: Henry Mercer <henrymercer@github.com>
2024-02-19 15:57:02 +01:00
Marco Gario 8a973982d1 Update code-scanning/codeql.yml
Co-authored-by: Henry Mercer <henrymercer@github.com>
2024-02-19 15:54:06 +01:00
Marco Gario 05e4581159 Update codeql.yml with new build-mode 2024-02-15 09:01:39 +01:00
Jon Janego be552580a6 Merge pull request #2305 from bigdaz/main
Update for `gradle/actions@v3.1.0` release
2024-02-14 10:03:12 -06:00
daz d303234ad7 Update for gradle/actions@v3.1.0 release
- Bump version hashes to use `gradle/actions/setup-gradle@v3.1.0`
- Bump version hash to use `gradle/actions/dependency-submission@v3.1.0`
2024-02-13 14:00:27 -07:00
Jamie McCarthy 4b8ca42dd9 Prefer ruby/setup-ruby@v1
As recommended in https://github.com/ruby/setup-ruby#setup-ruby
2024-02-12 06:59:42 -06:00
Jamie McCarthy e4840c47d0 Spell bundle-audit without the r
Usage as described in https://github.com/rubysec/bundler-audit#readme
2024-02-12 06:57:18 -06:00
Jamie McCarthy f263f7e886 Run ci/rubyonrails with bundle exec 2024-02-12 06:56:37 -06:00
Sam Partington 2b5d980659 Merge pull request #2299 from actions/dependency-review-ownership
Code Scanning shouldn't own `dependency-review.yml`
2024-02-09 17:37:50 +00:00
Sam Partington 813dc76266 Merge branch 'main' into dependency-review-ownership 2024-02-09 17:33:22 +00:00
Jon Janego da7a61e43c Merge pull request #2297 from actions/jonjanego-patch-1
Changing default behavior to include comment summary in PR
2024-02-07 12:19:42 -06:00
Sam Partington c4f5db6260 Code Scanning shouldn't own dependency-review.yml 2024-02-07 17:33:08 +00:00
Jon Janego 8aab15dd49 Update code-scanning/dependency-review.yml
begone, whitespace

Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
2024-02-07 09:06:01 -06:00
Jon Janego ba9d3788e4 Changing default behavior to include comment summary in PR
also gave the workflow the appropriate permissions required, pull-requests: write
2024-02-06 12:55:25 -06:00
SOOS-GSteen 6e4aae97ef soos-dast-scan.yml update (#2240)
* Update soos-dast-scan.yml

* use major version syntax

* code review

* lint

* Update soos-dast-scan.yml
2024-02-06 10:44:04 -06:00
Jon Janego aecd7f349b Merge pull request #2290 from bigdaz/main
Update for `gradle/actions@v3.0.0` release
2024-01-31 16:13:33 -06:00
daz 6c7819814a Fix typo 2024-01-31 15:07:12 -07:00
daz 51848d8b15 Remove trailing whitespace 2024-01-31 13:38:44 -07:00
daz b0b88404ff Improve documentation in starter workflow
- Remove "optional" flag from dependency-submission
- Add example of running without Gradle wrapper
- Link to action docs
2024-01-31 13:29:02 -07:00