* ci: enable zizmor to fail PRs
Enable zizmor (gh actions yaml linter) to fail builds in PRs. Fix any
outstanding linting errors found by this tool.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* fix outdated version comments
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: new slack action
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* TEMP: exit 1 to test slack notify
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* new slack integration everywhere
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* group dependabot updates
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use directories key
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate to runs-on runners
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep validations on x64
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct ubuntu arm refs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bust cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use artifacts api between jobs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* download individual artifacts
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* troubleshoot artifact upload
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* disable magic cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix deps
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* attempt to replicate layout
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* change asset names and remove extras
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* better artifact filters
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use action to get artifacts working
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add sboms
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simpler artifacts
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add logging
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove logging
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* make artifacts executable
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* improve workflow dispatch calls
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* attempt to bring down ci times
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update repo path
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use local config instead of shared one
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use runner labels instead of config
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use valid alias
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use compute instances for build
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* small comment on concurrency
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fixes from review
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove parallelism
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add info command from generated capabilities
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct gentoo and arch ecosystems
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename os pkg types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* better binary cataloger description
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* expose metadata and pacakge types in json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* expose json schema types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add completeness tests for metadata types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* latest generation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* improve testing a docs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests and linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore goreleaser config
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* tweak diagram
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix pdm
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: java binary data
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* new capability descriptions for gguf and python
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct poetry lock integrity hash claim
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix compile error
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix: remove purl version from overrides
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* fix lua deps ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep gguf as ai ecosystem
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split packages.yaml to multiple files by go package
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* ensure tests do not use go test cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* sort json output for info command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* docs: fix ocaml, php, and portage capabilities yaml
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: update erlang capabilities
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update java capabilities
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update javascript capabilities
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update linux kernel capabilities
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* remove missing tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix package.yaml references
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* revert license list change
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* check for drift in capability descriptions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate capabilities
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* test cleanup
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use fixture cache in static analysis
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* claim fixtures pre-req for cap generation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update documentation with correct regeneration procedure
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: ruby-gemspec-cataloger finds no dependencies
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: fix python docs and config comment
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: commit re-generated java yaml
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* add cataloger selection to caps command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* re-generate cap yamls
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests for cataloger selection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add missing tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename cmd to `cataloger info`
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] change capability description locations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] continued
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] adjust for import cycles
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct docs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* unpin dependencies for package dedup case
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* prevent make from blocking tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add check
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* ci: output oras path
Some workflows expect bootstrap to output the oras path. This seems like
a reasonable thing for it to do.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* ci: use path to oras from binny
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* update NVD CPE dictionary processor to use API
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* pass linting with exceptions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
We have had a few releases fail because the Apple credentials needed
some sort of fix. These release were operationally more interesting
because they failed after pushing a git tag (which effectively releases
the golagn package). Therefore, try to use these creds early, before
there's a tag pushed.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
