dependabot[bot]
3a02f268b7
build(deps): bump actions/dependency-review-action from 1.0.0 to 1.0.1 ( #5396 )
2022-05-23 15:31:30 +02:00
dependabot[bot]
f2b7003d57
build(deps): bump github/codeql-action from 2.1.10 to 2.1.11 ( #5395 )
2022-05-23 15:31:22 +02:00
dependabot[bot]
90d4a39c71
build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #5397 )
2022-05-23 15:30:59 +02:00
Naveen
c1d6386a2d
chore(deps): Included dependency review ( #5378 )
...
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com >
2022-05-16 09:52:26 -07:00
dependabot[bot]
8200bed5b7
build(deps): bump github/codeql-action from 2.1.9 to 2.1.10 ( #5385 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...2f58583a1bsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 09:37:52 -04:00
dependabot[bot]
368b276f41
build(deps): bump actions/setup-go from 3.0.0 to 3.1.0 ( #5384 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634asupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 09:37:30 -04:00
dependabot[bot]
900167881d
build(deps): bump github/codeql-action from 2.1.8 to 2.1.9 ( #5360 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-02 07:29:18 -07:00
dependabot[bot]
93addfc70b
build(deps): bump reviewdog/action-suggester from 1.5.2 to 1.6 ( #5339 )
...
Bumps [reviewdog/action-suggester](https://github.com/reviewdog/action-suggester ) from 1.5.2 to 1.6.
- [Release notes](https://github.com/reviewdog/action-suggester/releases )
- [Commits](ecf27b2b88...8f83d27e74support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 07:42:03 -07:00
dependabot[bot]
b4e0620bde
build(deps): bump codecov/codecov-action from 3.0.0 to 3.1.0 ( #5338 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 07:41:52 -07:00
dependabot[bot]
107ad75c02
build(deps): bump actions/checkout from 3.0.1 to 3.0.2 ( #5340 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](dcd71f6466...2541b1294dsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 07:41:40 -07:00
dependabot[bot]
11f5bc2e64
build(deps): bump actions/checkout from 3.0.0 to 3.0.1 ( #5324 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a12a3943b4...dcd71f6466support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-18 06:36:06 -07:00
Chris O'Haver
068af64b19
inactive PRs awaiting info from author for > 30 days should go stale ( #5319 )
...
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
2022-04-13 13:03:27 -04:00
dependabot[bot]
83021637b3
build(deps): bump github/codeql-action from 2.1.6 to 2.1.8 ( #5316 )
2022-04-11 06:34:10 -07:00
dependabot[bot]
05f0262e4d
build(deps): bump codecov/codecov-action from 2.1.0 to 3 ( #5315 )
2022-04-11 06:33:52 -07:00
dependabot[bot]
5b87abb6f0
build(deps): bump github/codeql-action from 1.1.5 to 2.1.6 ( #5303 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.5 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8834766498...28eead2408support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-05 08:48:08 -04:00
dependabot[bot]
24643ca94c
build(deps): bump github/codeql-action from 1.1.4 to 1.1.5 ( #5280 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f5d822707e...8834766498support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-21 06:40:14 -07:00
Yong Tang
d89f899dc4
Bump golang version to 1.18 ( #5270 )
2022-03-18 03:37:51 -07:00
Yong Tang
571efd9cb3
Fix yaml lint warning introduced by cifuzz ( #5261 )
...
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-03-16 12:27:30 -04:00
dependabot[bot]
4da9439e3a
build(deps): bump github/codeql-action from 1.1.3 to 1.1.4 ( #5259 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1.1.3...f5d822707ee6e8fb81b04a5c0040b736da22e587 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 07:59:57 -07:00
dependabot[bot]
e8d01e122c
build(deps): bump reviewdog/action-suggester from 1.5.0 to 1.5.2 ( #5258 )
...
Bumps [reviewdog/action-suggester](https://github.com/reviewdog/action-suggester ) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/reviewdog/action-suggester/releases )
- [Commits](650721aae7...ecf27b2b88support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 07:59:46 -07:00
nathannaveen
78f12b4815
Enabling cifuzz ( #5221 )
...
Enabling cifuzz.
Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com >
2022-03-11 11:36:29 -08:00
dependabot[bot]
267ce8a820
build(deps): bump actions/checkout from 2.4.0 to 3 ( #5238 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ec3a7ce113...a12a3943b4support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 07:05:33 -08:00
Yong Tang
4b864a97d1
Removed decoupled version comments in github actions ( #5240 )
...
The dependenabot is correctly updating the version of
the github actions with commit hash. However,
the version comments that was placed initially
is not updated. As such the version has been decoupled.
For example, the checkout action
ec3a7ce113134d7a93b817d10a8272cb61118579
is actually on v3.0 yet the comment is still on v2.4.0.
This PR removes the decoupled version comments to avoid
confusion.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-03-07 06:49:39 -08:00
dependabot[bot]
ca4073da67
build(deps): bump actions/stale from 4.1.0 to 5 ( #5236 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 4.1.0 to 5.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](7fb802b307...3cc1237663support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:38:46 -08:00
dependabot[bot]
8730862bf3
build(deps): bump actions/upload-artifact from 2.3.1 to 3 ( #5237 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052csupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:38:14 -08:00
dependabot[bot]
eaf5570dc7
build(deps): bump actions/setup-go from 2.2.0 to 3 ( #5239 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](bfdd3570ce...f6164bd8c8support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:37:59 -08:00
dependabot[bot]
acc5ffcf36
build(deps): bump ossf/scorecard-action from 1.0.2 to 1.0.4 ( #5235 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.2 to 1.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](c8416b0b2b...c1aec4ac82support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:37:26 -08:00
Yong Tang
d40d224271
Add additional permissions ( #5217 )
...
* Add additional permissions
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Fix yamllint warning
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-03-02 07:01:45 -08:00
nathannaveen
f5acb9d12a
Updated workflow permissions. ( #5216 )
2022-03-02 04:47:08 -08:00
Yong Tang
6c26446bb7
Fix pinning of github actions ( #5213 )
...
It is recommended to pin github actions with hash so that an action
is not posing an unknown security risk (as the actions itself is not
written by us).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-03-01 11:32:00 -08:00
Yong Tang
402c08fea0
Add OSSF Security Scoreboard Scan ( #5208 )
...
* Add OSSF Security Scoreboard Scan
This PR adds OSSF's Security Scoreboard Scan, to help tighten CoreDNS's security practice.
OSSF Scoreboard is recommended by GitHub. The result will show up in project's "Code Scanning Alerts" (together with existing CodeQL scan we already have).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-02-28 12:02:03 -05:00
Yong Tang
5bb8947309
Add Reviewdog to suggestion gofmt and whitespace changes in pull request ( #5155 )
...
use reviewdog to automatically suggest whitespace corrections in PRs
so that code will be clean before committing into master branch.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-02-17 15:12:03 -05:00
Yong Tang
40a526b27f
Stale-bot: Do not mark issues stale when pending maintainer action ( #5156 )
...
Only adds stale with labels 'answered,needs info' in issues and 'needs update' in PRs
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-02-09 08:41:05 -05:00
Yong Tang
8509fb569d
Add github actions for docker release. ( #5146 )
...
* Add github actions for docker release.
Once a release/tag shown up in GitHub,
an GitHub Action will be automatically triggered
for docker release.
This will help avoid additional steps when releasing.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Update to address the review
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Address review comment
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-02-03 10:23:39 -08:00
Ben Kochie
7d9ad0872c
Cleanup yaml formatting ( #5151 )
...
* Add yamllint config.
* Add yamllint workflow.
* Cleanup linting issues.
* Remove unnecessary `set -x -e` from workflows.
Signed-off-by: SuperQ <superq@gmail.com >
2022-02-02 18:11:08 +01:00
Yong Tang
52c057f86f
Add enhancement label to the whitelist of issues. ( #5129 )
2022-01-26 19:16:54 -08:00
Yong Tang
97d6ec2d39
Add stale github action ( #5128 )
...
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-01-26 16:32:04 -05:00
Miek Gieben
6496b19ea4
docker: test makefile and Dockerfile change ( #4866 )
...
The fix in 4b9bc138d9miek@miek.nl >
2021-09-16 15:51:10 -04:00
dependabot[bot]
9a3e4f6685
build(deps): bump codecov/codecov-action from 2.0.3 to 2.1.0 ( #4860 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.0.3 to 2.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.3...v2.1.0 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-13 07:15:08 -07:00
Miek Gieben
df92e8a8ca
Spun out docker ( #4859 )
...
* Spun out docker
Remove docker from Makefile.release so we can actually release.
Unify the mips stuff, now that docker is gone.
Update the docs to reflect this.
See #4858
Signed-off-by: Miek Gieben <miek@miek.nl >
* Update test as well
Signed-off-by: Miek Gieben <miek@miek.nl >
2021-09-13 14:47:46 +02:00
Yong Tang
8016f62771
Update golang version to 1.17 ( #4852 )
...
* Update golang version to 1.17
This PR updates golang version to 1.17 when applicable.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Remove `^` to avoid cache
This commit removes `^` to avoid cache in build system
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
* Change to 1.17.0
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2021-09-08 05:23:14 -07:00
dependabot[bot]
2aba89581f
build(deps): bump codecov/codecov-action from 2.0.2 to 2.0.3 ( #4836 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.2...v2.0.3 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-30 06:35:46 -07:00
Chris O'Haver
5aae49cee5
fix workflow indent ( #4796 )
...
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
2021-08-13 10:39:46 -04:00
Chris O'Haver
486dd900b4
use latest go 1.x available ( #4794 )
...
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
2021-08-10 16:37:58 +08:00
Chris O'Haver
5e7292b6cc
Bump actions use go 1.16 ( #4792 )
...
* use go 1.16
* use ^ to allow latest minor/patch version available
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
2021-08-09 21:50:00 +02:00
dependabot[bot]
ed33f010f3
build(deps): bump codecov/codecov-action from 1 to 2.0.2 ( #4768 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1 to 2.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v2.0.2 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-26 06:20:32 -07:00
Yong Tang
5a8c067258
Enable dependabot scan on github actions ( #4704 )
...
Since we are using GitHub Actions in CoreDNS repo and we are already
using Dependabot for security/version scans on golang code,
it makes sense to enable security/version scans on GitHub Actions as well.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2021-06-21 08:46:56 +02:00
Yong Tang
c3cb6f00ee
Fix timestamp issue for doc generating ( #4683 )
...
This PR will fix the issue of doc is not automated rendered
through GitHub Actions anymore.
It looks the issue is cause by the fact that in `fixup_file_mtime.sh`
is only fixing files on source (.md) side, not on target (man/*.[1|5|7])
side. As a result Makefile will skip the rendering of doc as
it assume everything will be update to date.
This should fix the issue we were facing.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2021-06-08 10:17:17 -07:00
Yong Tang
c996a26364
Add verbose log in GitHub Actions CI for make -f Makefile.doc ( #4681 )
...
Our GitHub Actions CI is having some issues with `make -f Makefile.doc`
as the related changes that should have triggered the build didn't
work for the past 3 months (since march).
This PR adds verbose to GitHub Actions CI to see if we can get more information.
Note this PR just add `set -x` to show detailed step. Will not impact anything else.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2021-06-08 09:26:38 -07:00
milgradesec
76eeae01ec
Enable DependaBot ( #4571 )
...
* Create dependabot.yml
Signed-off-by: milgradesec <38557680+milgradesec@users.noreply.github.com >
* Update dependabot.yml
Signed-off-by: milgradesec <38557680+milgradesec@users.noreply.github.com >
2021-04-21 09:24:16 -07:00
