Commit graph

56 commits

Author SHA1 Message Date
James Hewitt
1a3e73cb84
Handle rand deprecations in go 1.20
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
2023-08-28 09:33:12 +01:00
James Hewitt
0eb8fee87e
Update to go 1.20
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
2023-08-27 10:32:00 +01:00
Joyce Brum
10b8a247e4 fix: upgrade scorecard action to 2.0.6
Signed-off-by: Joyce Brum <joycebrum@google.com>
2023-08-18 18:16:42 +00:00
Joyce Brum
7723935626 chore: enable scorecard action and badge
Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>
2023-08-18 18:16:38 +00:00
Milos Gajdos
0e18af15f8
Merge pull request #3741 from sashashura/patch-1
GitHub Workflows security hardening
2023-08-14 19:21:28 +01:00
Milos Gajdos
b3ca53dfe6
Update OCI conformance workflow check
Pin the OCI conformance check workflow GHA to v1.0.1

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2023-08-02 18:02:23 +01:00
Ben Manuel
36dd5b79ca
Update to golang 1.19.10
This addresses CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405
which were patched in 1.19.10.

Signed-off-by: Ben Manuel <ben.manuel@procore.com>
2023-06-29 15:49:27 -05:00
Sebastiaan van Stijn
322eb4eecf
update to go1.19.9
Added back minor versions in these, so that we have a somewhat more
reproducible state in the repository when tagging releases.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-09 17:29:31 +02:00
Sora Morimoto
165fd5f9ac Update fossa-contrib/fossa-action action to v2
Signed-off-by: Sora Morimoto <sora@morimoto.io>
2023-02-14 01:43:23 +09:00
CrazyMax
b91c9a22f4
ci: add concurrency check
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-11-26 16:09:46 +01:00
CrazyMax
2400718d81
ci: update github actions
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-11-26 16:09:46 +01:00
Gábor Lipták
8cc5b4f5aa
Add Go 1.19 to GHA
Signed-off-by: Gábor Lipták gliptak@gmail.com
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
2022-10-09 16:52:41 -04:00
Alex
10975deab8 build: harden codeql-analysis.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:57:02 +02:00
Alex
e09a9f2dc2 build: harden e2e.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:56:40 +02:00
Alex
c26fe145ca build: harden conformance.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:56:30 +02:00
Alex
1ca9af0184 build: harden fossa.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:53:15 +02:00
Alex
feaa75c529 build: harden validate.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:52:57 +02:00
Alex
1667a66856 build: harden build.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-24 08:52:44 +02:00
CrazyMax
7e546784a4
ci: move test step to build workflow and remove ci workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-07-20 14:18:27 +02:00
CrazyMax
1a905ab966
ci: git validation target
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-07-20 14:18:27 +02:00
CrazyMax
8b2c54bf57
ci: remove dco check (dco bot already does this)
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-07-20 14:10:24 +02:00
Sebastiaan van Stijn
6e8dd268a8
update to go 1.18 (continue testing against 1.17)
Go 1.16 reached end of life, so update to the current version of Go, but also
run CI on the previous version (which is still supported).

We should probably also decide wether or not we want the Dockerfiles to pin to
a specific minor version; this makes the releases more deterministic.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-05 10:36:28 +02:00
CrazyMax
7548c315f8
cleanup old check behavior
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-05-04 11:12:19 +02:00
CrazyMax
26a586cf39
lint target and workflow job
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-05-04 11:12:19 +02:00
CrazyMax
87f93ede9e
Dockerfile: switch to xx
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-05-03 20:07:07 +02:00
CrazyMax
de240721ff
cleanup old vendor validation behavior
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-04-22 16:24:54 +02:00
CrazyMax
ffa3019c1f
validate and update vendor target
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-04-22 15:32:01 +02:00
Milos Gajdos
dc7f44b613
Merge pull request #3112 from dmcgowan/update-coc 2022-04-01 23:31:22 +01:00
CrazyMax
ea65fe2ea4
update build workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-01-21 20:07:08 +01:00
CrazyMax
936d7eda01
ci: upload conformance test results
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-01-11 16:41:16 +01:00
CrazyMax
6332e9631e
ci: fix conformance and e2e workflows
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-01-11 16:41:16 +01:00
CrazyMax
4941d83cc7
ci: build workflow to release artifacts and multi-platform image
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-01-11 16:41:15 +01:00
Wang Yan
3f4c558dac bump up golang v1.17
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-10-27 15:51:30 +08:00
Sebastiaan van Stijn
a07b54eb68
Update to go 1.16, and run CI on 1.15.x and 1.16.x
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-10 12:12:28 +02:00
Milos Gajdos
351b260774
Fix OCI conformance workflow report and README badge
Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>
2021-06-30 15:37:18 +01:00
Milos Gajdos
21ffbdbedd
Change GH workflows job names
Make workflow jobs unique soe we can manage which ones are required to
pass the build.

Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>
2021-06-30 08:20:39 +01:00
Wang Yan
aaca79bfcf add oci conformance test gitaction
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-06-04 12:09:30 +08:00
Ihor Dvoretskyi
df39a779dd FOSSA scan enabled
Signed-off-by: Ihor Dvoretskyi <ihor@linux.com>
2021-05-20 13:02:28 +03:00
Wang Yan
6affafd1f0
Merge pull request #3386 from milosgajdos/release-tag
Add docker image release workflow
2021-03-30 11:30:24 +08:00
Milos Gajdos
1b3c5c71ef
Merge pull request #3341 from distribution/add-codeql-security
Add CodeQL Security Scanning
2021-03-29 18:49:07 +01:00
Chris Aniszczyk
62fc5c8a33
Remove autobuild
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
2021-03-29 12:39:10 -05:00
Milos Gajdos
a0aad57208
Make workflow name shorter.
Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>
2021-03-25 10:24:30 +00:00
Milos Gajdos
23b570272b
Add docker image release workflow
Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>
2021-03-23 19:25:58 +00:00
Wang Yan
68ce15863a fix CI dependency error
Fix the failure reported by git action

Package python-minimal is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
  python2-minimal

E: Package 'python-minimal' has no installation candidate

Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-03-23 18:04:17 +08:00
Derek McGowan
8ad732972e
Remove duplicate code of conduct
A code of conduct file has already been added to the root which
can replace this

Signed-off-by: Derek McGowan <derek@mcg.dev>
2021-03-01 12:22:06 -08:00
Derek McGowan
1c65757158
Merge pull request #3348 from wy65701436/e2e
Add a basic e2e test for CI
2021-03-01 09:34:29 -08:00
olegburov
49f7426dcb
Bump Golang to 1.15 and Alpine to 3.12.
Signed-off-by: olegburov <oleg.burov@outlook.com>
2021-02-21 14:56:54 -08:00
Sebastiaan van Stijn
1d33874951
go.mod: change imports to github.com/distribution/distribution/v3
Go 1.13 and up enforce import paths to be versioned if a project
contains a go.mod and has released v2 or up.

The current v2.x branches (and releases) do not yet have a go.mod,
and therefore are still allowed to be imported with a non-versioned
import path (go modules add a `+incompatible` annotation in that case).

However, now that this project has a `go.mod` file, incompatible
import paths will not be accepted by go modules, and attempting
to use code from this repository will fail.

This patch uses `v3` for the import-paths (not `v2`), because changing
import paths itself is a breaking change, which means that  the
next release should increment the "major" version to comply with
SemVer (as go modules dictate).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-08 18:30:46 +01:00
Wang Yan
9886800868 Add a basic e2e test for CI
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-02-01 16:15:45 +08:00
Chris Patterson
402d3c943a Fixing push workflow
Signed-off-by: Chris Patterson <chrispat@github.com>
2021-01-29 15:48:07 -05:00