mirror of
https://github.com/caddyserver/caddy.git
synced 2026-04-28 03:30:40 -04:00
967de13598
Bumps the actions-deps group with 6 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.15.0` | `2.16.1` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` | `6.4.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.3` | `4.9.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.10.0` | `4.1.1` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.23.0` | `0.24.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.4` | `4.35.1` | Updates `step-security/harden-runner` from 2.15.0 to 2.16.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](a90bcbc653...fe10465874) Updates `actions/setup-go` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](4b73464bb3...4a3601121d) Updates `actions/dependency-review-action` from 4.8.3 to 4.9.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](05fe457637...2031cfc080) Updates `sigstore/cosign-installer` from 3.10.0 to 4.1.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](d7543c93d8...cad07c2e89) Updates `anchore/sbom-action` from 0.23.0 to 0.24.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](17ae174017...e22c389904) Updates `github/codeql-action` from 4.32.4 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](89a39a4e59...c10b8064de) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.16.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/dependency-review-action dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: sigstore/cosign-installer dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: anchore/sbom-action dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>
106 lines
3.0 KiB
YAML
106 lines
3.0 KiB
YAML
name: Lint
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
- 2.*
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
- 2.*
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
env:
|
|
# https://github.com/actions/setup-go/issues/491
|
|
GOTOOLCHAIN: local
|
|
|
|
jobs:
|
|
# From https://github.com/golangci/golangci-lint-action
|
|
golangci:
|
|
permissions:
|
|
contents: read # for actions/checkout to fetch code
|
|
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
|
|
name: lint
|
|
strategy:
|
|
matrix:
|
|
os:
|
|
- linux
|
|
- mac
|
|
- windows
|
|
|
|
include:
|
|
- os: linux
|
|
OS_LABEL: ubuntu-latest
|
|
|
|
- os: mac
|
|
OS_LABEL: macos-14
|
|
|
|
- os: windows
|
|
OS_LABEL: windows-latest
|
|
|
|
runs-on: ${{ matrix.OS_LABEL }}
|
|
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
|
|
with:
|
|
go-version: '~1.26'
|
|
check-latest: true
|
|
|
|
- name: golangci-lint
|
|
uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
|
|
with:
|
|
version: latest
|
|
|
|
# Windows times out frequently after about 5m50s if we don't set a longer timeout.
|
|
args: --timeout 10m
|
|
|
|
# Optional: show only new issues if it's a pull request. The default value is `false`.
|
|
# only-new-issues: true
|
|
|
|
govulncheck:
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: govulncheck
|
|
uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
|
|
with:
|
|
go-version-input: '~1.26.0'
|
|
check-latest: true
|
|
|
|
dependency-review:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: 'Checkout Repository'
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: 'Dependency Review'
|
|
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
|
|
with:
|
|
comment-summary-in-pr: on-failure
|
|
# https://github.com/actions/dependency-review-action/issues/430#issuecomment-1468975566
|
|
base-ref: ${{ github.event.pull_request.base.sha || 'master' }}
|
|
head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
|