Alex Goodman
62e54030ae
add logging
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-14 13:29:20 -05:00
Alex Goodman
2c195d5e5f
Merge remote-tracking branch 'origin/main' into feature/migrate-to-runs-on
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-14 10:25:27 -05:00
dependabot[bot]
6480c8a425
chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 ( #4366 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.2 to 4.31.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0499de31b9...014f16e7ab
2025-11-14 09:25:08 -05:00
Alex Goodman
91f612069d
simpler artifacts
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-12 08:45:35 -05:00
Alex Goodman
ece3179655
add sboms
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-11 16:02:46 -05:00
Alex Goodman
a70e89b2ed
use action to get artifacts working
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-11 15:34:56 -05:00
Alex Goodman
34b9533f22
better artifact filters
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-11 15:25:14 -05:00
Alex Goodman
f6cb65f5d7
change asset names and remove extras
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-11 14:54:07 -05:00
Alex Goodman
30324e9a9f
attempt to replicate layout
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-11 14:36:10 -05:00
Alex Goodman
5f823b97ba
fix deps
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-11 14:03:08 -05:00
Alex Goodman
800c345b6b
disable magic cache
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-11 13:53:01 -05:00
Alex Goodman
42c7848016
troubleshoot artifact upload
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-11 13:39:03 -05:00
Alex Goodman
e857ff3a52
download individual artifacts
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-10 20:40:08 -05:00
Alex Goodman
c729a179d0
use artifacts api between jobs
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-10 15:02:34 -05:00
Alex Goodman
e5bb10b56a
bust cache
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-10 15:02:34 -05:00
Alex Goodman
3335b85d61
correct ubuntu arm refs
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-10 15:02:34 -05:00
Alex Goodman
b16a401226
keep validations on x64
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-10 15:02:34 -05:00
Alex Goodman
178d38bc73
migrate to runs-on runners
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-10 15:02:34 -05:00
Alex Goodman
e5711e9b42
Update CPE processing to use NVD API ( #4332 )
...
* update NVD CPE dictionary processor to use API
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* pass linting with exceptions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-06 16:02:26 -05:00
Alex Goodman
7c154e7c37
use official action for token generation ( #4331 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-03 13:08:42 -05:00
dependabot[bot]
793b0a346f
chore(deps): bump github/codeql-action from 4.31.1 to 4.31.2 ( #4325 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.1 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5fe9434cd2...0499de31b9
2025-11-03 09:11:20 -05:00
dependabot[bot]
774b1e97b9
chore(deps): bump github/codeql-action from 4.31.0 to 4.31.1 ( #4321 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.0 to 4.31.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e94bd11f7...5fe9434cd2
2025-10-30 13:19:57 -04:00
Alex Goodman
5db3a9bf55
add workflow to create PR for spdx license list updates ( #4319 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-30 12:14:13 -04:00
Will Murphy
728feea620
ci: use apple creds before pushing tags ( #4313 )
...
We have had a few releases fail because the Apple credentials needed
some sort of fix. These release were operationally more interesting
because they failed after pushing a git tag (which effectively releases
the golagn package). Therefore, try to use these creds early, before
there's a tag pushed.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-10-29 10:07:47 -04:00
dependabot[bot]
bee78c0b16
chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 ( #4310 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.30.9 to 4.31.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16140ae1a1...4e94bd11f7
2025-10-27 10:43:04 -04:00
dependabot[bot]
88bbcbe9c6
chore(deps): bump anchore/sbom-action from 0.20.8 to 0.20.9 ( #4305 )
2025-10-27 02:03:09 -04:00
dependabot[bot]
675075e882
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 ( #4299 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.30.8 to 4.30.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f443b600d9...16140ae1a1
2025-10-20 10:08:39 -04:00
dependabot[bot]
07029ead8a
chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 ( #4296 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.10.0 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d7543c93d8...faadad0cce
2025-10-17 10:22:20 -04:00
dependabot[bot]
f4de1e863c
chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 ( #4297 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.7 to 0.20.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](d8a2c01300...aa0e114b2e
2025-10-17 10:22:10 -04:00
dependabot[bot]
6627c5214c
chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 ( #4293 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.6 to 0.20.7.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f8bdd1d8ac...d8a2c01300
2025-10-16 13:57:17 -04:00
dependabot[bot]
5056c7f861
chore(deps): bump github/codeql-action from 4.30.7 to 4.30.8 ( #4277 )
2025-10-13 10:47:50 -04:00
dependabot[bot]
3b82a3724a
chore(deps): bump github/codeql-action from 3.30.6 to 4.30.7 ( #4262 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.6 to 4.30.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](64d10c1313...e296a93559
2025-10-08 16:44:21 -04:00
dependabot[bot]
b96d3d20af
chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 ( #4253 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.5 to 3.30.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3599b3baa1...64d10c1313
2025-10-03 12:07:20 -04:00
dependabot[bot]
605a275dd3
chore(deps): bump github/codeql-action from 3.30.4 to 3.30.5 ( #4246 )
2025-09-30 17:06:10 -04:00
dependabot[bot]
f0998de717
chore(deps): bump github/codeql-action from 3.30.3 to 3.30.4 ( #4239 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.3 to 3.30.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](192325c861...303c0aef88
2025-09-25 12:06:49 -04:00
dependabot[bot]
261ab7c1fd
chore(deps): bump actions/cache from 4.2.4 to 4.3.0 ( #4240 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.4 to 4.3.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0400d5f644...0057852bfa
2025-09-25 12:02:41 -04:00
dependabot[bot]
8232f5bd1b
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #4241 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.4 to 4.3.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0400d5f644...0057852bfa
2025-09-25 12:02:30 -04:00
dependabot[bot]
3abbd940e3
chore(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6 ( #4222 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.5 to 0.20.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](da167eac91...f8bdd1d8ac
2025-09-18 10:58:53 -04:00
dependabot[bot]
333b951be3
chore(deps): bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 ( #4216 )
...
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.2 to 0.2.0.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](5ca5fc7a47...e673c3917a
2025-09-15 14:30:16 -04:00
dependabot[bot]
90c733d24d
chore(deps): bump 8398a7/action-slack from 3.18.0 to 3.19.0 ( #4217 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.18.0 to 3.19.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](1750b5085f...77eaa4f1c6
2025-09-15 14:30:03 -04:00
dependabot[bot]
dacc2f61f9
chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 ( #4218 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.2 to 3.10.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d58896d6a1...d7543c93d8
2025-09-15 14:29:53 -04:00
dependabot[bot]
1fcdb67698
chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 ( #4210 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.1 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f1f6e5f6af...192325c861
2025-09-11 12:50:41 -04:00
dependabot[bot]
8e78fd57b8
chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 ( #4188 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.5.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582
2025-09-08 02:35:22 -04:00
dependabot[bot]
b503690889
chore(deps): bump actions/setup-go in /.github/actions/bootstrap ( #4189 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.5.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582
2025-09-08 02:35:08 -04:00
dependabot[bot]
2b8f4bc028
chore(deps): bump github/codeql-action from 3.30.0 to 3.30.1 ( #4191 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.0 to 3.30.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d92b76c45...f1f6e5f6af
2025-09-08 02:05:35 -04:00
dependabot[bot]
98c97e24a2
chore(deps): bump actions/github-script from 7 to 8 ( #4192 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v7...v8 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 02:05:27 -04:00
dependabot[bot]
7e4bf7f8c2
chore(deps): bump github/codeql-action from 3.29.11 to 3.30.0 ( #4181 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.11 to 3.30.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3c3833e0f8...2d92b76c45
2025-09-02 00:26:33 -04:00
dependabot[bot]
26792fc12d
chore(deps): bump github/codeql-action from 3.29.10 to 3.29.11 ( #4149 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.10 to 3.29.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](96f518a34f...3c3833e0f8
2025-08-21 10:43:25 -04:00
dependabot[bot]
8e51e8d995
chore(deps): bump github/codeql-action from 3.29.9 to 3.29.10 ( #4145 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.9 to 3.29.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df559355d5...96f518a34f
2025-08-18 15:29:36 -04:00
dependabot[bot]
0e669faecd
chore(deps): bump anchore/sbom-action from 0.20.4 to 0.20.5 ( #4141 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](7b36ad622f...da167eac91
2025-08-15 10:22:24 -04:00
