caddy

Cutlery/caddy

Fork 0

mirror of https://github.com/caddyserver/caddy.git synced 2026-04-03 15:51:48 -04:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
dependabot[bot]	5bc2afbbb6	build(deps): bump the actions-deps group with 6 updates (#7142 ) Bumps the actions-deps group with 6 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [step-security/harden-runner](https://github.com/step-security/harden-runner) \| `2.12.1` \| `2.13.0` \| \| [actions/upload-artifact](https://github.com/actions/upload-artifact) \| `4.6.1` \| `4.6.2` \| \| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) \| `e9a05e6d32d7ed22b5656cd874ef31af58d05bfa` \| `d58896d6a1865668819e1d91763c7751a165e159` \| \| [anchore/sbom-action](https://github.com/anchore/sbom-action) \| `0.20.1` \| `0.20.4` \| \| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) \| `2.4.1` \| `2.4.2` \| \| [github/codeql-action](https://github.com/github/codeql-action) \| `3.29.0` \| `3.29.4` \| Updates `step-security/harden-runner` from 2.12.1 to 2.13.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](`002fdce3c6...ec9f2d5744`) Updates `actions/upload-artifact` from 4.6.1 to 4.6.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...ea165f8d65b6e75b540449e92b4886f43607fa02) Updates `sigstore/cosign-installer` from e9a05e6d32d7ed22b5656cd874ef31af58d05bfa to d58896d6a1865668819e1d91763c7751a165e159 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](`e9a05e6d32...d58896d6a1`) Updates `anchore/sbom-action` from 0.20.1 to 0.20.4 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`9246b90769...7b36ad622f`) Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`f49aabe0b5...05b42c6244`) Updates `github/codeql-action` from 3.29.0 to 3.29.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`ce28f5bb42...4e828ff8d4`) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/upload-artifact dependency-version: 4.6.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: sigstore/cosign-installer dependency-version: d58896d6a1865668819e1d91763c7751a165e159 dependency-type: direct:production dependency-group: actions-deps - dependency-name: anchore/sbom-action dependency-version: 0.20.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: ossf/scorecard-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 3.29.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-01 04:34:14 +03:00
Mohammed Al Sahaf	2f0fc62b34	chore: apply security best practices for CI (#7066 ) Some checks failed Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Failing after 3m9s Details Tests / test (s390x on IBM Z) (push) Has been skipped Details Tests / goreleaser-check (push) Has been skipped Details Cross-Build / build (~1.24.1, 1.24, aix) (push) Successful in 1m37s Details Cross-Build / build (~1.24.1, 1.24, darwin) (push) Successful in 1m32s Details Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Successful in 1m42s Details Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Successful in 1m47s Details Cross-Build / build (~1.24.1, 1.24, illumos) (push) Successful in 1m44s Details Cross-Build / build (~1.24.1, 1.24, linux) (push) Successful in 1m46s Details Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Successful in 1m32s Details Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Successful in 1m27s Details Cross-Build / build (~1.24.1, 1.24, solaris) (push) Successful in 1m26s Details Cross-Build / build (~1.24.1, 1.24, windows) (push) Successful in 1m30s Details Lint / lint (ubuntu-latest, linux) (push) Successful in 2m18s Details Lint / govulncheck (push) Successful in 1m24s Details Lint / dependency-review (push) Failing after 1m1s Details OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 2s Details Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Has been cancelled Details Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Has been cancelled Details Lint / lint (macos-14, mac) (push) Has been cancelled Details Lint / lint (windows-latest, windows) (push) Has been cancelled Details * chore: apply security best practices for CI Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * remove redundant codeql job Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * run scorecard flow on PRs Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2025-06-16 20:14:09 +00:00
Mohammed Al Sahaf	7a33f481f1	ci: add dep review, OSSF scorecard actions (#7063 ) * ci: add dep review action Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * sprinkle permissions on Actions jobs Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * README: add OpenSSF best practices badge Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * add draft OpenSSF Scorecard workflow Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2025-06-12 23:40:51 +00:00

dependabot[bot]

5bc2afbbb6

build(deps): bump the actions-deps group with 6 updates (#7142 )

Bumps the actions-deps group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.12.1` | `2.13.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.1` | `4.6.2` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `e9a05e6d32d7ed22b5656cd874ef31af58d05bfa` | `d58896d6a1865668819e1d91763c7751a165e159` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.1` | `0.20.4` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.2` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.0` | `3.29.4` |


Updates `step-security/harden-runner` from 2.12.1 to 2.13.0
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](002fdce3c6...ec9f2d5744)

Updates `actions/upload-artifact` from 4.6.1 to 4.6.2
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...ea165f8d65b6e75b540449e92b4886f43607fa02)

Updates `sigstore/cosign-installer` from e9a05e6d32d7ed22b5656cd874ef31af58d05bfa to d58896d6a1865668819e1d91763c7751a165e159
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](e9a05e6d32...d58896d6a1)

Updates `anchore/sbom-action` from 0.20.1 to 0.20.4
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](9246b90769...7b36ad622f)

Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](f49aabe0b5...05b42c6244)

Updates `github/codeql-action` from 3.29.0 to 3.29.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ce28f5bb42...4e828ff8d4)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: actions/upload-artifact
  dependency-version: 4.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: sigstore/cosign-installer
  dependency-version: d58896d6a1865668819e1d91763c7751a165e159
  dependency-type: direct:production
  dependency-group: actions-deps
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: github/codeql-action
  dependency-version: 3.29.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

2025-08-01 04:34:14 +03:00

Mohammed Al Sahaf

2f0fc62b34

chore: apply security best practices for CI (#7066 )

Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Failing after 3m9s

Details

Tests / test (s390x on IBM Z) (push) Has been skipped

Details

Tests / goreleaser-check (push) Has been skipped

Details

Cross-Build / build (~1.24.1, 1.24, aix) (push) Successful in 1m37s

Details

Cross-Build / build (~1.24.1, 1.24, darwin) (push) Successful in 1m32s

Details

Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Successful in 1m42s

Details

Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Successful in 1m47s

Details

Cross-Build / build (~1.24.1, 1.24, illumos) (push) Successful in 1m44s

Details

Cross-Build / build (~1.24.1, 1.24, linux) (push) Successful in 1m46s

Details

Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Successful in 1m32s

Details

Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Successful in 1m27s

Details

Cross-Build / build (~1.24.1, 1.24, solaris) (push) Successful in 1m26s

Details

Cross-Build / build (~1.24.1, 1.24, windows) (push) Successful in 1m30s

Details

Lint / lint (ubuntu-latest, linux) (push) Successful in 2m18s

Details

Lint / govulncheck (push) Successful in 1m24s

Details

Lint / dependency-review (push) Failing after 1m1s

Details

OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 2s

Details

Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Has been cancelled

Details

Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Has been cancelled

Details

Lint / lint (macos-14, mac) (push) Has been cancelled

Details

Lint / lint (windows-latest, windows) (push) Has been cancelled

Details

* chore: apply security best practices for CI

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* remove redundant codeql job

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* run scorecard flow on PRs

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

2025-06-16 20:14:09 +00:00

Mohammed Al Sahaf

7a33f481f1

ci: add dep review, OSSF scorecard actions (#7063 )

* ci: add dep review action

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* sprinkle permissions on Actions jobs

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* README: add OpenSSF best practices badge

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* add draft OpenSSF Scorecard workflow

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

2025-06-12 23:40:51 +00:00

3 Commits