chore(deps): update workflows (major) #897
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
forking-renovate
bot
added
the
dependencies
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #897 +/- ##
==========================================
- Coverage 64.27% 63.72% -0.56%
==========================================
Files 146 146
Lines 9294 11958 +2664
==========================================
+ Hits 5974 7620 +1646
- Misses 2853 3874 +1021
+ Partials 467 464 -3 ☔ View full report in Codecov by Sentry. |
renovate-bot
force-pushed
the
renovate/major-workflows
branch
2 times, most recently
from
2b8e19f to
83c4a21
Compare
renovate-bot
force-pushed
the
renovate/major-workflows
branch
from
83c4a21 to
02cde87
Compare
renovate-bot
changed the title
|
Note that Codecov requires some other changes before it can be landed, and it sounds like |
renovate-bot
force-pushed
the
renovate/major-workflows
branch
3 times, most recently
from
6e565bd to
1cf52cc
Compare
renovate-bot
force-pushed
the
renovate/major-workflows
branch
3 times, most recently
from
0677dcc to
fb8fbaa
Compare
another-rex
pushed a commit
that referenced
this pull request
May 6, 2024
Cherry-picked from #897 --- We can drop the `skip-pkg-cache` option now as caching has been removed in favor of `actions/setup-go`s caching
renovate-bot
changed the title
renovate-bot
changed the title
renovate-bot
force-pushed
the
renovate/major-workflows
branch
from
fb8fbaa to
26e0844
Compare
renovate-bot
force-pushed
the
renovate/major-workflows
branch
from
26e0844 to
efcfabc
Compare
another-rex
approved these changes
May 27, 2024
josieang
pushed a commit
to josieang/osv-scanner
that referenced
this pull request
Jun 6, 2024
Cherry-picked from google#897 --- We can drop the `skip-pkg-cache` option now as caching has been removed in favor of `actions/setup-go`s caching
josieang
pushed a commit
to josieang/osv-scanner
that referenced
this pull request
Jun 6, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | action | major | `v5.3.0` -> `v6.0.1` | | [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) | action | major | `v1.10.0` -> `v2.0.0` | --- ### Release Notes <details> <summary>golangci/golangci-lint-action (golangci/golangci-lint-action)</summary> ### [`v6.0.1`](https://github.com/golangci/golangci-lint-action/compare/v6.0.0...v6.0.1) [Compare Source](https://github.com/golangci/golangci-lint-action/compare/v6.0.0...v6.0.1) ### [`v6.0.0`](https://github.com/golangci/golangci-lint-action/releases/tag/v6.0.0) [Compare Source](https://github.com/golangci/golangci-lint-action/compare/v5.3.0...v6.0.0) <!-- Release notes generated using configuration in .github/release.yml at v6.0.0 --> #### What's Changed This version removes `annotations` option (because it was useless), and removes the default output format (`github-actions`). The annotations are still produced but with another approach. ##### Changes - feat: rewrite format handling by [@​ldez](https://github.com/ldez) in [https://github.com/golangci/golangci-lint-action/pull/1038](https://github.com/golangci/golangci-lint-action/pull/1038) ##### Dependencies - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/eslint-plugin) from 7.7.1 to 7.8.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1034](https://github.com/golangci/golangci-lint-action/pull/1034) - build(deps): bump [@​types/node](https://github.com/types/node) from 20.12.7 to 20.12.8 by [@​dependabot](https://github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1036](https://github.com/golangci/golangci-lint-action/pull/1036) - build(deps-dev): bump [@​typescript-eslint/parser](https://github.com/typescript-eslint/parser) from 7.7.1 to 7.8.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1035](https://github.com/golangci/golangci-lint-action/pull/1035) **Full Changelog**: golangci/golangci-lint-action@v5.3.0...v6.0.0 </details> <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v2.0.0`](https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v200) [Compare Source](https://github.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0) ##### v2.0.0: Breaking Change: upload-artifact and download-artifact - Our workflows now use the new `@v4`s of `actions/upload-artifact` and `actions/download-artifact`, which are incompatiblle with the prior `@v3`. See Our docs on the [generic generator](./internal/builders/generic/README.md#compatibility-with-actionsdownload-artifact) for more information and how to upgrade. ##### v2.0.0: Breaking Change: attestation-name Workflow Input and Output - `attestation-name` as a workflow input to `.github/workflows/generator_generic_slsa3.yml` is now removed. Use `provenance-name` instead. ##### v2.0.0: DSSE Rekor Type - When uploading signed provenance to the log, the entry created in the log is now a DSSE Rekor type. This fixes a bug where the current intoto type does not persist provenance signatures. The attestation will no longer be persisted in Rekor ([#​3299](https://github.com/slsa-framework/slsa-github-generator/issues/3299)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM0MC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v5.3.0->v6.0.1v1.10.0->v2.0.0Release Notes
golangci/golangci-lint-action (golangci/golangci-lint-action)
v6.0.1Compare Source
v6.0.0Compare Source
What's Changed
This version removes
annotationsoption (because it was useless), and removes the default output format (github-actions).The annotations are still produced but with another approach.
Changes
Dependencies
Full Changelog: golangci/golangci-lint-action@v5.3.0...v6.0.0
slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)
v2.0.0Compare Source
v2.0.0: Breaking Change: upload-artifact and download-artifact
@v4s ofactions/upload-artifactandactions/download-artifact, which are incompatiblle with the prior@v3. See Our docs on the generic generator for more information and how to upgrade.v2.0.0: Breaking Change: attestation-name Workflow Input and Output
attestation-nameas a workflow input to.github/workflows/generator_generic_slsa3.ymlis now removed. Useprovenance-nameinstead.v2.0.0: DSSE Rekor Type
a DSSE Rekor type. This fixes a bug where the current intoto type does not
persist provenance signatures. The attestation will no longer be persisted
in Rekor (#3299)
Configuration
📅 Schedule: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.