dependabot[bot]
90d4a39c71
build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #5397 )
2022-05-23 15:30:59 +02:00
Naveen
c1d6386a2d
chore(deps): Included dependency review ( #5378 )
...
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com >
2022-05-16 09:52:26 -07:00
dependabot[bot]
8200bed5b7
build(deps): bump github/codeql-action from 2.1.9 to 2.1.10 ( #5385 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...2f58583a1bsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 09:37:52 -04:00
dependabot[bot]
368b276f41
build(deps): bump actions/setup-go from 3.0.0 to 3.1.0 ( #5384 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634asupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 09:37:30 -04:00
dependabot[bot]
900167881d
build(deps): bump github/codeql-action from 2.1.8 to 2.1.9 ( #5360 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-02 07:29:18 -07:00
dependabot[bot]
93addfc70b
build(deps): bump reviewdog/action-suggester from 1.5.2 to 1.6 ( #5339 )
...
Bumps [reviewdog/action-suggester](https://github.com/reviewdog/action-suggester ) from 1.5.2 to 1.6.
- [Release notes](https://github.com/reviewdog/action-suggester/releases )
- [Commits](ecf27b2b88...8f83d27e74support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 07:42:03 -07:00
dependabot[bot]
b4e0620bde
build(deps): bump codecov/codecov-action from 3.0.0 to 3.1.0 ( #5338 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 07:41:52 -07:00
dependabot[bot]
107ad75c02
build(deps): bump actions/checkout from 3.0.1 to 3.0.2 ( #5340 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](dcd71f6466...2541b1294dsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 07:41:40 -07:00
dependabot[bot]
11f5bc2e64
build(deps): bump actions/checkout from 3.0.0 to 3.0.1 ( #5324 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a12a3943b4...dcd71f6466support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-18 06:36:06 -07:00
Chris O'Haver
068af64b19
inactive PRs awaiting info from author for > 30 days should go stale ( #5319 )
...
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
2022-04-13 13:03:27 -04:00
dependabot[bot]
83021637b3
build(deps): bump github/codeql-action from 2.1.6 to 2.1.8 ( #5316 )
2022-04-11 06:34:10 -07:00
dependabot[bot]
05f0262e4d
build(deps): bump codecov/codecov-action from 2.1.0 to 3 ( #5315 )
2022-04-11 06:33:52 -07:00
dependabot[bot]
5b87abb6f0
build(deps): bump github/codeql-action from 1.1.5 to 2.1.6 ( #5303 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.5 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8834766498...28eead2408support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-05 08:48:08 -04:00
dependabot[bot]
24643ca94c
build(deps): bump github/codeql-action from 1.1.4 to 1.1.5 ( #5280 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f5d822707e...8834766498support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-21 06:40:14 -07:00
Yong Tang
d89f899dc4
Bump golang version to 1.18 ( #5270 )
2022-03-18 03:37:51 -07:00
Yong Tang
571efd9cb3
Fix yaml lint warning introduced by cifuzz ( #5261 )
...
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-03-16 12:27:30 -04:00
dependabot[bot]
4da9439e3a
build(deps): bump github/codeql-action from 1.1.3 to 1.1.4 ( #5259 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1.1.3...f5d822707ee6e8fb81b04a5c0040b736da22e587 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 07:59:57 -07:00
dependabot[bot]
e8d01e122c
build(deps): bump reviewdog/action-suggester from 1.5.0 to 1.5.2 ( #5258 )
...
Bumps [reviewdog/action-suggester](https://github.com/reviewdog/action-suggester ) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/reviewdog/action-suggester/releases )
- [Commits](650721aae7...ecf27b2b88support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 07:59:46 -07:00
nathannaveen
78f12b4815
Enabling cifuzz ( #5221 )
...
Enabling cifuzz.
Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com >
2022-03-11 11:36:29 -08:00
dependabot[bot]
267ce8a820
build(deps): bump actions/checkout from 2.4.0 to 3 ( #5238 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ec3a7ce113...a12a3943b4support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 07:05:33 -08:00
Yong Tang
4b864a97d1
Removed decoupled version comments in github actions ( #5240 )
...
The dependenabot is correctly updating the version of
the github actions with commit hash. However,
the version comments that was placed initially
is not updated. As such the version has been decoupled.
For example, the checkout action
ec3a7ce113134d7a93b817d10a8272cb61118579
is actually on v3.0 yet the comment is still on v2.4.0.
This PR removes the decoupled version comments to avoid
confusion.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-03-07 06:49:39 -08:00
dependabot[bot]
ca4073da67
build(deps): bump actions/stale from 4.1.0 to 5 ( #5236 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 4.1.0 to 5.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](7fb802b307...3cc1237663support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:38:46 -08:00
dependabot[bot]
8730862bf3
build(deps): bump actions/upload-artifact from 2.3.1 to 3 ( #5237 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052csupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:38:14 -08:00
dependabot[bot]
eaf5570dc7
build(deps): bump actions/setup-go from 2.2.0 to 3 ( #5239 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](bfdd3570ce...f6164bd8c8support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:37:59 -08:00
dependabot[bot]
acc5ffcf36
build(deps): bump ossf/scorecard-action from 1.0.2 to 1.0.4 ( #5235 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.2 to 1.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](c8416b0b2b...c1aec4ac82support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:37:26 -08:00
Yong Tang
d40d224271
Add additional permissions ( #5217 )
...
* Add additional permissions
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Fix yamllint warning
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-03-02 07:01:45 -08:00
nathannaveen
f5acb9d12a
Updated workflow permissions. ( #5216 )
2022-03-02 04:47:08 -08:00
Yong Tang
6c26446bb7
Fix pinning of github actions ( #5213 )
...
It is recommended to pin github actions with hash so that an action
is not posing an unknown security risk (as the actions itself is not
written by us).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-03-01 11:32:00 -08:00
Yong Tang
402c08fea0
Add OSSF Security Scoreboard Scan ( #5208 )
...
* Add OSSF Security Scoreboard Scan
This PR adds OSSF's Security Scoreboard Scan, to help tighten CoreDNS's security practice.
OSSF Scoreboard is recommended by GitHub. The result will show up in project's "Code Scanning Alerts" (together with existing CodeQL scan we already have).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-02-28 12:02:03 -05:00
Yong Tang
5bb8947309
Add Reviewdog to suggestion gofmt and whitespace changes in pull request ( #5155 )
...
use reviewdog to automatically suggest whitespace corrections in PRs
so that code will be clean before committing into master branch.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-02-17 15:12:03 -05:00
Yong Tang
40a526b27f
Stale-bot: Do not mark issues stale when pending maintainer action ( #5156 )
...
Only adds stale with labels 'answered,needs info' in issues and 'needs update' in PRs
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-02-09 08:41:05 -05:00
Yong Tang
8509fb569d
Add github actions for docker release. ( #5146 )
...
* Add github actions for docker release.
Once a release/tag shown up in GitHub,
an GitHub Action will be automatically triggered
for docker release.
This will help avoid additional steps when releasing.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Update to address the review
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Address review comment
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-02-03 10:23:39 -08:00
Ben Kochie
7d9ad0872c
Cleanup yaml formatting ( #5151 )
...
* Add yamllint config.
* Add yamllint workflow.
* Cleanup linting issues.
* Remove unnecessary `set -x -e` from workflows.
Signed-off-by: SuperQ <superq@gmail.com >
2022-02-02 18:11:08 +01:00
Yong Tang
52c057f86f
Add enhancement label to the whitelist of issues. ( #5129 )
2022-01-26 19:16:54 -08:00
Yong Tang
97d6ec2d39
Add stale github action ( #5128 )
...
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-01-26 16:32:04 -05:00
Miek Gieben
6496b19ea4
docker: test makefile and Dockerfile change ( #4866 )
...
The fix in 4b9bc138d9miek@miek.nl >
2021-09-16 15:51:10 -04:00
dependabot[bot]
9a3e4f6685
build(deps): bump codecov/codecov-action from 2.0.3 to 2.1.0 ( #4860 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.0.3 to 2.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.3...v2.1.0 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-13 07:15:08 -07:00
Miek Gieben
df92e8a8ca
Spun out docker ( #4859 )
...
* Spun out docker
Remove docker from Makefile.release so we can actually release.
Unify the mips stuff, now that docker is gone.
Update the docs to reflect this.
See #4858
Signed-off-by: Miek Gieben <miek@miek.nl >
* Update test as well
Signed-off-by: Miek Gieben <miek@miek.nl >
2021-09-13 14:47:46 +02:00
Yong Tang
8016f62771
Update golang version to 1.17 ( #4852 )
...
* Update golang version to 1.17
This PR updates golang version to 1.17 when applicable.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Remove `^` to avoid cache
This commit removes `^` to avoid cache in build system
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Change to 1.17.0
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2021-09-08 05:23:14 -07:00
dependabot[bot]
2aba89581f
build(deps): bump codecov/codecov-action from 2.0.2 to 2.0.3 ( #4836 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.2...v2.0.3 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-30 06:35:46 -07:00
Chris O'Haver
5aae49cee5
fix workflow indent ( #4796 )
...
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
2021-08-13 10:39:46 -04:00
Chris O'Haver
486dd900b4
use latest go 1.x available ( #4794 )
...
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
2021-08-10 16:37:58 +08:00
Chris O'Haver
5e7292b6cc
Bump actions use go 1.16 ( #4792 )
...
* use go 1.16
* use ^ to allow latest minor/patch version available
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
2021-08-09 21:50:00 +02:00
dependabot[bot]
ed33f010f3
build(deps): bump codecov/codecov-action from 1 to 2.0.2 ( #4768 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1 to 2.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v2.0.2 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-26 06:20:32 -07:00
Yong Tang
c996a26364
Add verbose log in GitHub Actions CI for make -f Makefile.doc ( #4681 )
...
Our GitHub Actions CI is having some issues with `make -f Makefile.doc`
as the related changes that should have triggered the build didn't
work for the past 3 months (since march).
This PR adds verbose to GitHub Actions CI to see if we can get more information.
Note this PR just add `set -x` to show detailed step. Will not impact anything else.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2021-06-08 09:26:38 -07:00
Yong Tang
cedf6ffddc
Disable CodeCov on commit push ( #4572 )
...
As commit push holds write access of GITHUB_TOKEN, we may
want to limit the scope of third-party test run.
This PR disable CodeCov on commit push. Pull request is still
ok.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2021-04-16 07:38:42 -07:00
Miek Gieben
1b2f0bef6f
workflow: move committing workflows to schedule ( #4529 )
...
This moves all workflows that commit to a schedule, so that it _doesn't_
push into peoples PRs as that enlarges them and is just non-obvious.
They run throughout the week.
Also change the "user" we use for this, so that DCO believes it a real
email address (DCO is pretty stupid here). Update the authors target to
filter out this bot as well.
Signed-off-by: Miek Gieben <miek@miek.nl >
2021-03-18 09:53:46 +01:00
Miek Gieben
5457cdcd4b
workflow: sign commits ( #4526 )
...
This doesn't do much, but at least it doesn't litter PRs with non-signed
commits. This should keep the DCO clean(er)
Signed-off-by: Miek Gieben <miek@miek.nl >
2021-03-17 14:16:17 +01:00
Miek Gieben
a2b34a233d
workflow: guard against faillint failing ( #4524 )
...
So there is (and will always) be a disconnect between latest Go in the
workflow and the actual latest Go used by other utils. Faillint move to
go 1.16 features and for some reason this now borkes.
Add ||true to allow failling to not compile, this will skip that
particular test (so be it)
Signed-off-by: Miek Gieben <miek@miek.nl >
2021-03-16 11:11:12 +01:00
Miek Gieben
c27605797b
Use latest Go version ( #4505 )
...
Update go.mod to 1.16 and make the workflows default to the latest
available.
Signed-off-by: Miek Gieben <miek@miek.nl >
2021-03-09 09:16:05 -08:00
