caddy

mirror of https://github.com/caddyserver/caddy.git synced 2026-02-07 11:33:47 -05:00

Author	SHA1	Message	Date
dependabot[bot]	afbdcec08b	build(deps): bump the actions-deps group with 8 updates (#7284 ) Bumps the actions-deps group with 8 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [step-security/harden-runner](https://github.com/step-security/harden-runner) \| `2.13.0` \| `2.13.1` \| \| [actions/setup-go](https://github.com/actions/setup-go) \| `5.5.0` \| `6.0.0` \| \| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) \| `4.7.3` \| `4.8.0` \| \| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) \| `3.9.2` \| `3.10.0` \| \| [anchore/sbom-action](https://github.com/anchore/sbom-action) \| `0.20.5` \| `0.20.6` \| \| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) \| `3.0.0` \| `4.0.0` \| \| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) \| `2.4.2` \| `2.4.3` \| \| [github/codeql-action](https://github.com/github/codeql-action) \| `3.30.0` \| `3.30.5` \| Updates `step-security/harden-runner` from 2.13.0 to 2.13.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](`ec9f2d5744...f4a75cfd61`) Updates `actions/setup-go` from 5.5.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`d35c59abb0...4469467582`) Updates `actions/dependency-review-action` from 4.7.3 to 4.8.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](`595b5aeba7...56339e523c`) Updates `sigstore/cosign-installer` from 3.9.2 to 3.10.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](`d58896d6a1...d7543c93d8`) Updates `anchore/sbom-action` from 0.20.5 to 0.20.6 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`da167eac91...f8bdd1d8ac`) Updates `peter-evans/repository-dispatch` from 3.0.0 to 4.0.0 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](`ff45666b94...5fc4efd1a4`) Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`05b42c6244...4eaacf0543`) Updates `github/codeql-action` from 3.30.0 to 3.30.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`2d92b76c45...3599b3baa1`) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: actions/setup-go dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/dependency-review-action dependency-version: 4.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: sigstore/cosign-installer dependency-version: 3.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: anchore/sbom-action dependency-version: 0.20.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: peter-evans/repository-dispatch dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 3.30.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-01 23:11:09 +00:00
dependabot[bot]	2d0f3f887b	build(deps): bump the actions-deps group with 5 updates (#7237 ) Bumps the actions-deps group with 5 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [actions/checkout](https://github.com/actions/checkout) \| `4.2.2` \| `5.0.0` \| \| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) \| `6.3.0` \| `6.4.0` \| \| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) \| `4.7.1` \| `4.7.3` \| \| [anchore/sbom-action](https://github.com/anchore/sbom-action) \| `0.20.4` \| `0.20.5` \| \| [github/codeql-action](https://github.com/github/codeql-action) \| `3.29.7` \| `3.30.0` \| Updates `actions/checkout` from 4.2.2 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.2.2...08c6903cd8c0fde910a37f88322edcfb5dd907a8) Updates `goreleaser/goreleaser-action` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](`9c156ee8a1...e435ccd777`) Updates `actions/dependency-review-action` from 4.7.1 to 4.7.3 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](`da24556b54...595b5aeba7`) Updates `anchore/sbom-action` from 0.20.4 to 0.20.5 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`7b36ad622f...da167eac91`) Updates `github/codeql-action` from 3.29.7 to 3.30.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`51f77329af...2d92b76c45`) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: goreleaser/goreleaser-action dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/dependency-review-action dependency-version: 4.7.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: anchore/sbom-action dependency-version: 0.20.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 3.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-02 13:05:58 -06:00
dependabot[bot]	5bc2afbbb6	build(deps): bump the actions-deps group with 6 updates (#7142 ) Bumps the actions-deps group with 6 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [step-security/harden-runner](https://github.com/step-security/harden-runner) \| `2.12.1` \| `2.13.0` \| \| [actions/upload-artifact](https://github.com/actions/upload-artifact) \| `4.6.1` \| `4.6.2` \| \| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) \| `e9a05e6d32d7ed22b5656cd874ef31af58d05bfa` \| `d58896d6a1865668819e1d91763c7751a165e159` \| \| [anchore/sbom-action](https://github.com/anchore/sbom-action) \| `0.20.1` \| `0.20.4` \| \| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) \| `2.4.1` \| `2.4.2` \| \| [github/codeql-action](https://github.com/github/codeql-action) \| `3.29.0` \| `3.29.4` \| Updates `step-security/harden-runner` from 2.12.1 to 2.13.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](`002fdce3c6...ec9f2d5744`) Updates `actions/upload-artifact` from 4.6.1 to 4.6.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...ea165f8d65b6e75b540449e92b4886f43607fa02) Updates `sigstore/cosign-installer` from e9a05e6d32d7ed22b5656cd874ef31af58d05bfa to d58896d6a1865668819e1d91763c7751a165e159 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](`e9a05e6d32...d58896d6a1`) Updates `anchore/sbom-action` from 0.20.1 to 0.20.4 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`9246b90769...7b36ad622f`) Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`f49aabe0b5...05b42c6244`) Updates `github/codeql-action` from 3.29.0 to 3.29.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`ce28f5bb42...4e828ff8d4`) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/upload-artifact dependency-version: 4.6.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: sigstore/cosign-installer dependency-version: d58896d6a1865668819e1d91763c7751a165e159 dependency-type: direct:production dependency-group: actions-deps - dependency-name: anchore/sbom-action dependency-version: 0.20.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: ossf/scorecard-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 3.29.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-01 04:34:14 +03:00
Mohammed Al Sahaf	2f0fc62b34	chore: apply security best practices for CI (#7066 ) Some checks failed Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Failing after 3m9s Details Tests / test (s390x on IBM Z) (push) Has been skipped Details Tests / goreleaser-check (push) Has been skipped Details Cross-Build / build (~1.24.1, 1.24, aix) (push) Successful in 1m37s Details Cross-Build / build (~1.24.1, 1.24, darwin) (push) Successful in 1m32s Details Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Successful in 1m42s Details Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Successful in 1m47s Details Cross-Build / build (~1.24.1, 1.24, illumos) (push) Successful in 1m44s Details Cross-Build / build (~1.24.1, 1.24, linux) (push) Successful in 1m46s Details Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Successful in 1m32s Details Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Successful in 1m27s Details Cross-Build / build (~1.24.1, 1.24, solaris) (push) Successful in 1m26s Details Cross-Build / build (~1.24.1, 1.24, windows) (push) Successful in 1m30s Details Lint / lint (ubuntu-latest, linux) (push) Successful in 2m18s Details Lint / govulncheck (push) Successful in 1m24s Details Lint / dependency-review (push) Failing after 1m1s Details OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 2s Details Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Has been cancelled Details Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Has been cancelled Details Lint / lint (macos-14, mac) (push) Has been cancelled Details Lint / lint (windows-latest, windows) (push) Has been cancelled Details * chore: apply security best practices for CI Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * remove redundant codeql job Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * run scorecard flow on PRs Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2025-06-16 20:14:09 +00:00
Mohammed Al Sahaf	7a33f481f1	ci: add dep review, OSSF scorecard actions (#7063 ) * ci: add dep review action Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * sprinkle permissions on Actions jobs Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * README: add OpenSSF best practices badge Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * add draft OpenSSF Scorecard workflow Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2025-06-12 23:40:51 +00:00

5 Commits