From 5ad4d096b8a5af2521d14d724d26dd3821501596 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 3 Aug 2024 18:29:30 +0900
Subject: [PATCH] Bump gitleaks/gitleaks from 8.18.2 to 8.18.4 (#138)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from
3 to 4.
Release notes
Sourced from anchore/scan-action's
releases.
v4.0.0
New in scan-action v4.0.0
v3.6.4
New in scan-action v3.6.4
v3.6.3
New in scan-action v3.6.3
- chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x
(#278)
[spiffcs]
v3.6.2
New in scan-action v3.6.2
v3.6.1
New in scan-action v3.6.1
v3.6.0
New in scan-action v3.6.0
v3.5.0
New in scan-action v3.5.0
v3.4.0
New in scan-action v3.4.0
v3.3.8
New in scan-action v3.3.8
... (truncated)
Changelog
Sourced from anchore/scan-action's
changelog.
Release Notes
Version 2.0.2 - 2020-11-11
Version 2.0.1 - 2020-02-11
Fixes:
- Removes unnecessary constraint in deduplication for SARIF
reporting
- Allows defining and referencing the location of the SARIF report
file
- Fixes multiple instances where undefined items in the reporting
would break scanning
Commits
d43cc1d
chore(deps): update Grype to v0.79.3 (#341)a2c96d3
chore(deps-dev): bump tslib from 2.6.2 to 2.6.3 (#325)7e49a1e
chore(deps-dev): bump prettier from 3.3.0 to 3.3.2 (#327)f207359
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#330)9b502f2
chore(deps-dev): bump lint-staged from 15.2.2 to 15.2.7 (#329)29a085a
chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0
(#334)7f46fbf
chore(deps-dev): bump eslint from 8.57.0 to 9.6.0 (#335)04b73ec
chore(deps): update Grype to v0.79.2 (#338)69a534f
fix: download Grype directly on Windows (#336)d09e278
chore(deps-dev): bump prettier from 3.2.5 to 3.3.0 (#323)- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
---------
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: fabasoad
---
.github/labels.yml | 78 ----------------------------
.github/workflows/release.yml | 30 ++---------
.github/workflows/security.yml | 47 +++--------------
.github/workflows/sync-labels.yml | 19 ++-----
.github/workflows/update-license.yml | 27 ++--------
.pre-commit-config.yaml | 31 +++++++----
action.yml | 11 ++--
7 files changed, 45 insertions(+), 198 deletions(-)
delete mode 100644 .github/labels.yml
diff --git a/.github/labels.yml b/.github/labels.yml
deleted file mode 100644
index ff8ca8d..0000000
--- a/.github/labels.yml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-- name: "breaking-change"
- color: ee0701
- description: "A breaking change for existing users."
-- name: "bugfix"
- color: ee0701
- description: "Inconsistencies or issues which will cause a problem for users or implementors."
-- name: "documentation"
- color: 0052cc
- description: "Solely about the documentation of the project."
-- name: "enhancement"
- color: 1d76db
- description: "Enhancement of the code, not introducing new features."
-- name: "refactor"
- color: 1d76db
- description: "Improvement of existing code, not introducing new features."
-- name: "performance"
- color: 1d76db
- description: "Improving performance, not introducing new features."
-- name: "new-feature"
- color: 0e8a16
- description: "New features or options."
-- name: "maintenance"
- color: 2af79e
- description: "Generic maintenance tasks."
-- name: "ci"
- color: 1d76db
- description: "Work that improves the continue integration."
-- name: "dependencies"
- color: 1d76db
- description: "Upgrade or downgrade of project dependencies."
-
-- name: "in-progress"
- color: fbca04
- description: "Issue is currently being resolved by a developer."
-- name: "stale"
- color: fef2c0
- description: "There has not been activity on this issue or PR for quite some time."
-- name: "no-stale"
- color: fef2c0
- description: "This issue or PR is exempted from the stable bot."
-
-- name: "security"
- color: ee0701
- description: "Marks a security issue that needs to be resolved asap."
-- name: "incomplete"
- color: fef2c0
- description: "Marks a PR or issue that is missing information."
-- name: "invalid"
- color: fef2c0
- description: "Marks a PR or issue that is missing information."
-
-- name: "beginner-friendly"
- color: 0e8a16
- description: "Good first issue for people wanting to contribute to the project."
-- name: "help-wanted"
- color: 0e8a16
- description: "We need some extra helping hands or expertise in order to resolve this."
-
-- name: "priority-critical"
- color: ee0701
- description: "This should be dealt with ASAP. Not fixing this issue would be a serious error."
-- name: "priority-high"
- color: b60205
- description: "After critical issues are fixed, these should be dealt with before any further issues."
-- name: "priority-medium"
- color: 0e8a16
- description: "This issue may be useful, and needs some attention."
-- name: "priority-low"
- color: e4ea8a
- description: "Nice addition, maybe... someday..."
-
-- name: "major"
- color: b60205
- description: "This PR causes a major version bump in the version number."
-- name: "minor"
- color: 0e8a16
- description: "This PR causes a minor version bump in the version number."
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5b3ce3c..88c77ed 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,30 +7,6 @@ on: # yamllint disable-line rule:truthy
- "v*.*.*"
jobs:
- create-release:
- name: Create release
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- with:
- fetch-depth: 0
- - name: Get changelog
- id: changelog
- uses: simbo/changes-since-last-release-action@v1
- - name: Create release
- uses: softprops/action-gh-release@v2
- with:
- tag_name: ${{ github.ref }}
- name: ${{ github.ref_name }}
- token: ${{ secrets.GITHUB_TOKEN }}
- body: |
- # Changelog
-
- ${{ steps.changelog.outputs.log }}
- draft: false
- prerelease: false
- - name: Bump tags
- uses: fischerscode/tagger@v0
- with:
- prefix: v
+ github:
+ name: GitHub
+ uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index c56f0ac..debd32b 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -7,45 +7,10 @@ on: # yamllint disable-line rule:truthy
branches:
- main
-defaults:
- run:
- shell: sh
-
jobs:
- code-scanning:
- name: Code scanning
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v3
- with:
- languages: "javascript"
- - name: Perform CodeQL Analysis
- id: codeql-analysis
- uses: github/codeql-action/analyze@v3
- - name: Upload to GHAS
- if: always()
- uses: github/codeql-action/upload-sarif@v3
- with:
- category: "code-scanning"
- sarif_file: "${{ steps.codeql-analysis.outputs.sarif-output }}"
- directory-scanning:
- name: Directory scanning
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- - name: Scan current project
- id: scan-directory
- uses: anchore/scan-action@v3
- with:
- by-cve: "true"
- path: "."
- - name: Upload to GHAS
- if: always()
- uses: github/codeql-action/upload-sarif@v3
- with:
- category: "directory-scanning"
- sarif_file: "${{ steps.scan-directory.outputs.sarif }}"
+ sast:
+ name: SAST
+ permissions:
+ contents: read
+ security-events: write
+ uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
index 0955b73..42caa8b 100644
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -1,22 +1,13 @@
---
-name: Sync labels
+name: Labels
on: # yamllint disable-line rule:truthy
push:
branches:
- main
- paths:
- - .github/labels.yml
- workflow_dispatch:
+ workflow_dispatch: {}
jobs:
- sync-labels:
- name: Sync labels
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- - name: Run Label Syncer
- uses: micnncim/action-label-syncer@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ maintenance:
+ name: Maintenance
+ uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main
diff --git a/.github/workflows/update-license.yml b/.github/workflows/update-license.yml
index f630232..77df7c0 100644
--- a/.github/workflows/update-license.yml
+++ b/.github/workflows/update-license.yml
@@ -1,30 +1,11 @@
---
-name: Update license
+name: License
on: # yamllint disable-line rule:truthy
schedule:
- cron: "0 5 1 1 *"
jobs:
- run:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- with:
- fetch-depth: 0
- - name: Update LICENSE file
- uses: FantasticFiasco/action-update-license-year@v3
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- assignees: ${{ github.repository_owner }}
- labels: enhancement
- prTitle: Update license copyright year to {{currentYear}}
- prBody: |
- ## Changelog
-
- - Update license copyright year to {{currentYear}}
-
- ---
-
- Powered by [FantasticFiasco/action-update-license-year](https://github.com/FantasticFiasco/action-update-license-year)
+ maintenance:
+ name: Maintenance
+ uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 069b009..f4aff41 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -5,25 +5,34 @@ minimum_pre_commit_version: 2.18.0
repos:
# Security
- repo: https://github.com/Yelp/detect-secrets
- rev: v1.4.0
+ rev: v1.5.0
hooks:
- id: detect-secrets
- repo: https://github.com/gitleaks/gitleaks
- rev: v8.18.2
+ rev: v8.18.4
hooks:
- id: gitleaks
+ - repo: https://github.com/fabasoad/pre-commit-grype
+ rev: v0.6.0
+ hooks:
+ - id: grype-dir
+ args:
+ - --grype-args=--by-cve --fail-on=low
+ - --hook-args=--log-level debug
+ stages: ["push"]
# Markdown
- repo: https://github.com/igorshubovych/markdownlint-cli
- rev: v0.39.0
+ rev: v0.41.0
hooks:
- id: markdownlint-fix
stages: ["commit"]
# Shell
- - repo: https://github.com/shellcheck-py/shellcheck-py
- rev: v0.10.0.1
+ - repo: https://github.com/openstack/bashate
+ rev: 2.1.1
hooks:
- - id: shellcheck
- stages: ["push"]
+ - id: bashate
+ args: ["-i", "E003,E006"]
+ stages: ["commit"]
# Yaml
- repo: https://github.com/adrienverge/yamllint
rev: v1.35.1
@@ -32,11 +41,11 @@ repos:
stages: ["push"]
# GitHub Actions
- repo: https://github.com/rhysd/actionlint
- rev: v1.6.27
+ rev: v1.7.1
hooks:
- id: actionlint
args: ["-pyflakes="]
- stages: ["push"]
+ stages: ["commit"]
# Other
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v3.1.0
@@ -46,6 +55,10 @@ repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
+ - id: check-executables-have-shebangs
+ stages: ["commit"]
+ - id: check-shebang-scripts-are-executable
+ stages: ["commit"]
- id: check-merge-conflict
- id: check-json
stages: ["push"]
diff --git a/action.yml b/action.yml
index cc5debd..545a1bd 100644
--- a/action.yml
+++ b/action.yml
@@ -21,15 +21,14 @@ runs:
exit 1
- name: Collect info
id: info
- if: ${{ runner.os == 'Linux' }}
shell: sh
run: |
- COBOL_INSTALLED=$(if command -v cobc >/dev/null 2>&1; then echo true; else echo false; fi)
- echo "COBOL_INSTALLED=${COBOL_INSTALLED}" >> "$GITHUB_OUTPUT"
+ cobol_installed=$(if command -v cobc >/dev/null 2>&1; then echo true; else echo false; fi)
+ echo "cobol-installed=${cobol_installed}" >> "$GITHUB_OUTPUT"
mkdir -p "${GITHUB_WORKSPACE}/cobol"
- echo "COBOL_PATH=${GITHUB_WORKSPACE}/cobol" >> "$GITHUB_OUTPUT"
+ echo "cobol-path=${GITHUB_WORKSPACE}/cobol" >> "$GITHUB_OUTPUT"
- name: Install COBOL
- if: ${{ runner.os == 'Linux' && steps.info.outputs.COBOL_INSTALLED == 'false' }}
+ if: ${{ steps.info.outputs.cobol-installed == 'false' }}
env:
INPUT_VERSION: "${{ inputs.version }}"
shell: sh
@@ -46,4 +45,4 @@ runs:
sudo apt-get -y --purge autoremove
echo "/home/cobol" >> "$GITHUB_PATH"
- working-directory: ${{ steps.info.outputs.COBOL_PATH }}
+ working-directory: ${{ steps.info.outputs.cobol-path }}