547 Commits

Author SHA1 Message Date
dependabot[bot]
832d96c1dd
chore(deps): bump actions/cache in /.github/actions/bootstrap (#5035)
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.5 to 6.1.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](27d5ce7f10...55cc834586)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-03 13:26:37 +00:00
dependabot[bot]
5a7a72b53e
chore(deps): bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7 (#5030)
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.5.6 to 0.5.7.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](5f14fd08f7...192e21d79a)

---
updated-dependencies:
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-03 13:26:27 +00:00
dependabot[bot]
df1fc98e7a
chore(deps): bump anchore/workflows/.github/workflows/codeql.yaml (#5032)
Bumps [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows) from 0.7.2 to 0.8.0.
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](b0c30a8040...7212994dc8)

---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-03 13:26:04 +00:00
Alex Goodman
506ad5d6a7
refactor release pipeline: TAG_TOKEN, skip-checks gate, dependabot/zizmor cleanup (#5003)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 14:04:48 -04:00
dependabot[bot]
6a27678036
chore(deps): bump the actions-minor-patch group across 2 directories with 6 updates (#4975)
Bumps the actions-minor-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows) | `0.7.0` | `0.7.2` |
| [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows) | `0.7.0` | `0.7.2` |
| [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows) | `0.7.0` | `0.7.2` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |
| [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows) | `0.7.0` | `0.7.2` |

Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [anchore/go-make](https://github.com/anchore/go-make).


Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](b3e328b5ae...b0c30a8040)

Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](b3e328b5ae...b0c30a8040)

Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](b3e328b5ae...b0c30a8040)

Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](de0fac2e45...df4cb1c069)

Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](b3e328b5ae...b0c30a8040)

Updates `anchore/go-make` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/anchore/go-make/releases)
- [Commits](9de27be11e...39fe5f7111)

---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
  dependency-version: 0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
  dependency-version: 0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
  dependency-version: 0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml
  dependency-version: 0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: anchore/go-make
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-12 13:29:23 +00:00
Will Murphy
9673f867e5
Pass contents: read to check-gate (#4951)
Otherwise check-gate doesn't have enough permissions to do its job and
fails.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-06-02 16:05:42 -04:00
dependabot[bot]
524a44b70d
chore(deps): bump the actions-minor-patch group across 1 directory with 6 updates (#4946)
Bumps the actions-minor-patch group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.0` |
| [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.0` |
| [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |
| [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.0` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.5` | `0.5.6` |



Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](15122524ce...b3e328b5ae)

Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](15122524ce...b3e328b5ae)

Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](15122524ce...b3e328b5ae)

Updates `docker/login-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](4907a6ddec...650006c6eb)

Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](15122524ce...b3e328b5ae)

Updates `zizmorcore/zizmor-action` from 0.5.5 to 0.5.6
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](a16621b09c...5f14fd08f7)

---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-29 16:35:04 +00:00
dependabot[bot]
58ddf74140
chore(deps): bump the actions-minor-patch group across 2 directories with 2 updates (#4936)
Bumps the actions-minor-patch group with 1 update in the / directory: [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).
Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [anchore/go-make](https://github.com/anchore/go-make).


Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.5
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](b1d7e1fb5d...a16621b09c)

Updates `anchore/go-make` from 0.4.0 to 0.5.0
- [Release notes](https://github.com/anchore/go-make/releases)
- [Commits](88c3650598...9de27be11e)

---
updated-dependencies:
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: anchore/go-make
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-22 13:42:36 +00:00
Alex Goodman
d97216ff70
Remediate audit (#4929)
* remove slack notification on release

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* restrict cache usage

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-05-18 15:01:37 -04:00
dependabot[bot]
c09a009bda
chore(deps): bump the actions-minor-patch group across 1 directory with 4 updates (#4927)
Bumps the actions-minor-patch group with 4 updates in the / directory: [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows), [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows), [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows) and [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows).


Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.5.0 to 0.6.0
- [Commits](e8cee3a591...15122524ce)

Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.4.0 to 0.6.0
- [Commits](8b2b1caf40...15122524ce)

Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.4.0 to 0.6.0
- [Commits](8b2b1caf40...15122524ce)

Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.4.0 to 0.6.0
- [Commits](8b2b1caf40...15122524ce)

---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 16:13:54 +00:00
Alex Goodman
d61af0abab
Port to go-make (#4923)
* port to go-make

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* refresh fixtures on running unit tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* address refresh cache issues with old now-gitignored files

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-05-18 11:59:55 -04:00
dependabot[bot]
ee6ace36d1
chore(deps): bump the actions-minor-patch group across 1 directory with 2 updates (#4920)
Bumps the actions-minor-patch group with 2 updates in the / directory: [runs-on/action](https://github.com/runs-on/action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).


Updates `runs-on/action` from 2.1.0 to 2.1.2
- [Release notes](https://github.com/runs-on/action/releases)
- [Commits](742bf56072...d141ef83eb)

Updates `sigstore/cosign-installer` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](cad07c2e89...6f9f177880)

---
updated-dependencies:
- dependency-name: runs-on/action
  dependency-version: 2.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-15 13:34:58 +00:00
Alex Goodman
997a486e22
use released shared workflow (#4914)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-05-11 16:21:41 -04:00
Alex Goodman
87d6a288d7
Tighten workflow permissions and update release shape (#4899)
* Rework release workflow to canonical shape

Replace the custom quality-gate job with the reusable check-version-available
and check-gate workflows from anchore/workflows. Remove the phase
workflow_dispatch input; the install-script-only path is now a standalone
workflow (release-install-script.yaml) that can be triggered independently.

- add version-available and check-gate jobs using pinned anchore/workflows SHA
- remove phase input and quality-gate job
- release job now needs [check-gate, version-available]
- release-install-script job no longer conditionally skips based on phase
- add release-install-script.yaml for standalone install script runs
- set permissions: {} at workflow level (contents pushed to release job)
- add concurrency: group: release

Signed-off-by: wagoodman <wagoodman@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* Tighten workflow-level permissions to {}

Change top-level permissions from contents: read to {} in validations.yaml
and validate-github-actions.yaml, pushing the needed contents: read down
to each job that performs a checkout.

Signed-off-by: wagoodman <wagoodman@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* keep install script phase, remove workflow

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove schema detection workflow

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: wagoodman <wagoodman@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-05-08 17:16:31 -04:00
dependabot[bot]
20987d30d0
chore(deps): bump the actions-minor-patch group across 1 directory with 2 updates (#4897)
Bumps the actions-minor-patch group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action).


Updates `github/codeql-action` from 4.35.2 to 4.35.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](95e58e9a2c...e46ed2cbd0)

Updates `slackapi/slack-github-action` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md)
- [Commits](03ea5433c1...45a88b9581)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: slackapi/slack-github-action
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 13:38:31 +00:00
dependabot[bot]
47cda2b5ef
chore(deps): bump the actions-minor-patch group across 2 directories with 5 updates (#4846)
Bumps the actions-minor-patch group with 4 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action), [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment), [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).
Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [actions/cache](https://github.com/actions/cache).


Updates `github/codeql-action` from 4.35.1 to 4.35.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c10b8064de...95e58e9a2c)

Updates `marocchino/sticky-pull-request-comment` from 3.0.3 to 3.0.4
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](d4d6b09364...0ea0beb66e)

Updates `slackapi/slack-github-action` from 3.0.1 to 3.0.2
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md)
- [Commits](af78098f53...03ea5433c1)

Updates `zizmorcore/zizmor-action` from 0.5.2 to 0.5.3
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](71321a20a9...b1d7e1fb5d)

Updates `actions/cache` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](668228422a...27d5ce7f10)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: slackapi/slack-github-action
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-05 11:42:04 -04:00
Alex Goodman
f878197150
chore: remove common workflows (#4881)
Removes deprecated common workflows now centralized elsewhere.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-05-04 14:31:07 -04:00
dependabot[bot]
66ba575ae2
chore(deps): bump the actions-minor-patch group across 1 directory with 2 updates (#4790)
Bumps the actions-minor-patch group with 2 updates in the / directory: [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `marocchino/sticky-pull-request-comment` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](70d2764d1a...d4d6b09364)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

---
updated-dependencies:
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-20 10:13:26 -04:00
anchore-oss-update-bot
5b58ec96b7
chore(deps): update Go version (#4773)
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-04-15 10:01:39 -04:00
dependabot[bot]
f4290cb876
chore(deps): bump the actions-minor-patch group across 2 directories with 7 updates (#4763)
Bumps the actions-minor-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.1.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.23.0` | `0.24.0` |
| [runs-on/action](https://github.com/runs-on/action) | `2.0.3` | `2.1.0` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.0.0` | `4.1.1` |

Bumps the actions-minor-patch group with 2 updates in the /.github/actions/bootstrap directory: [actions/setup-go](https://github.com/actions/setup-go) and [actions/cache](https://github.com/actions/cache).


Updates `docker/login-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](b45d80f862...4907a6ddec)

Updates `anchore/sbom-action` from 0.23.0 to 0.24.0
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](17ae174017...e22c389904)

Updates `runs-on/action` from 2.0.3 to 2.1.0
- [Release notes](https://github.com/runs-on/action/releases)
- [Commits](cd2b598b05...742bf56072)

Updates `actions/download-artifact` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](70fc10c6e5...3e5f45b2cf)

Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.1
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](faadad0cce...cad07c2e89)

Updates `actions/setup-go` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](4b73464bb3...4a3601121d)

Updates `actions/setup-go` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](4b73464bb3...4a3601121d)

Updates `actions/cache` from 5.0.3 to 5.0.4
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](cdf6c1fa76...668228422a)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/sbom-action
  dependency-version: 0.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: runs-on/action
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: actions/setup-go
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: actions/setup-go
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: actions/cache
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-13 11:39:21 -04:00
Alex Goodman
2089d086fe
chore: update zizmor workflow triggers (#4732)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-04-02 14:56:46 -04:00
Alex Goodman
b0dc65a4fb
improve automation (#4730)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-04-02 12:44:54 -04:00
Alex Goodman
611a24fcae
(chore): removing automations (#4727)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-04-01 14:27:29 -04:00
dependabot[bot]
d71b747cd1
chore(deps): bump slackapi/slack-github-action from 2.1.1 to 3.0.1 (#4684)
Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 2.1.1 to 3.0.1.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](91efab103c...af78098f53)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-26 11:12:33 -04:00
dependabot[bot]
58a8a95e26
chore(deps): bump marocchino/sticky-pull-request-comment (#4685)
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) from 2.9.4 to 3.0.2.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](773744901b...70d2764d1a)

---
updated-dependencies:
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-25 19:27:59 -04:00
dependabot[bot]
7d3882a425
chore(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 (#4699)
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.2.1 to 3.0.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](29824e69f5...f8d387b68d)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-25 19:27:31 -04:00
Will Murphy
c5114fd745
chore(deps): ignore some dependabot deps (#4696)
Prevent some packages from being updated.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-03-24 08:12:50 -04:00
Weston Steimel
f68a7cc899
ci: further pr target code checkout assurances (#4695)
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
2026-03-24 07:16:16 -04:00
Weston Steimel
f5d318d934
ci: add explicit ref to main and warning for pull_request_target workflow (#4693)
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
2026-03-23 16:45:18 +00:00
dependabot[bot]
59f7725d0d
chore(deps): bump github/codeql-action (#4670)
Bumps the actions-minor-patch group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.32.3 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](9e907b5e64...0d579ffd05)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-16 11:25:27 -04:00
dependabot[bot]
7a6b1575ae
chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#4671)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](c94ce9fb46...b45d80f862)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-16 11:25:16 -04:00
dependabot[bot]
01f0e332c2
chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#4658)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](37930b1c2a...70fc10c6e5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 10:37:33 -04:00
dependabot[bot]
7d3d1c6237
chore(deps): bump the actions-minor-patch group across 2 directories with 2 updates (#4657)
Bumps the actions-minor-patch group with 2 updates in the / directory: [actions/setup-go](https://github.com/actions/setup-go) and [anchore/sbom-action](https://github.com/anchore/sbom-action).
Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/setup-go` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](7a3fe6cf4c...4b73464bb3)

Updates `anchore/sbom-action` from 0.22.2 to 0.23.0
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](28d71544de...17ae174017)

Updates `actions/setup-go` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](7a3fe6cf4c...4b73464bb3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/sbom-action
  dependency-version: 0.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: actions/setup-go
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 10:33:14 -04:00
dependabot[bot]
dcba765d86
chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#4659)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b7c566a772...bbbca2ddaa)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 10:32:22 -04:00
Alex Goodman
b5e85c3ea5
chore: migrate fixtures to testdata (#4651)
* migrate fixtures to testdata

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix: correct broken symlinks after testdata migration

The migration from test-fixtures to testdata broke several symlinks:
- elf-test-fixtures symlinks pointed to old test-fixtures paths
- elf-test-fixtures needed to be renamed to elf-testdata
- image-pkg-coverage symlink pointed to test-fixtures instead of testdata

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix: handle missing classifiers/bin directory in Makefile

The clean-fingerprint target was failing when classifiers/bin doesn't
exist (e.g., on fresh clone without downloaded binaries).

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix: add gitignore negation for jar/zip fixtures in test/cli

The jar and zip files in test/cli/testdata/image-unknowns were being
gitignored by the root .gitignore patterns. This caused them to be
untracked and not included when building docker images in CI, resulting
in Test_Unknowns failures since the test expects errors from corrupt
archive files that weren't present.

Add a .gitignore in test/cli/testdata to negate the exclusions for
these specific test fixture files.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* switch fixture cache to v2

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* test: update expected versions for rebuilt fixtures

Update test expectations for packages that have been updated in
upstream repositories when docker images are rebuilt:
- glibc: 2.42-r4 → 2.43-r1 (wolfi)
- php: 8.2.29 → 8.2.30 (ubuntu/apache)

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* upgrade go

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix: add go-shlex dependency for testdata manager tool

The manager tool in syft/pkg/cataloger/binary/testdata/ imports
go-shlex, but since it's in a testdata directory, Go doesn't track
its dependencies. This caused CI failures when go.mod didn't
explicitly list the dependency.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* refactor: move binary classifier manager to internal/

Move the manager tool from testdata/manager to internal/manager so
that Go properly tracks its dependencies. Code in testdata directories
is ignored by Go for dependency tracking, which caused CI failures
when go.mod didn't explicitly list transitive dependencies.

This is a cleaner solution than manually adding dependencies to go.mod
for code that happens to live in testdata.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix: add gitignore negations for test fixtures blocked by root patterns

Multiple test fixtures were being blocked by root-level gitignore patterns
like bin/, *.jar, *.tar, and *.exe. This adds targeted .gitignore files with
negation patterns to allow these specific test fixtures to be tracked:

- syft/linux/testdata/os/busybox/bin/busybox (blocked by bin/)
- syft/pkg/cataloger/java/testdata/corrupt/example.{jar,tar} (blocked by *.jar, *.tar)
- syft/pkg/cataloger/binary/testdata/classifiers/snippets/go-version-hint/**/bin/go (blocked by bin/)
- syft/pkg/cataloger/bitnami/testdata/no-rel/.../bin/redis-server (blocked by bin/)

Also updates the bitnami test expectation to include the newly required
.gitignore files in the test fixture.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* test: update glibc version expectation (2.43-r1 -> 2.43-r2)

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add capability drift check as unit step

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* dont clear test observations before drift detection

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump stereoscope commit to main

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-03-06 19:42:04 +00:00
dependabot[bot]
f4fc2d669a
chore(deps): bump github/codeql-action (#4634)
Bumps the actions-minor-patch group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.31.10 to 4.32.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](cdefb33c0f...9e907b5e64)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-20 08:41:46 -05:00
Christopher Angelo Phillips
2fe5f9c7b8
fix: bumps go mod version to 1.25; ci takes latest patch (#4628)
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-02-17 12:04:51 -05:00
dependabot[bot]
0bb3741c87
chore(deps): bump the actions-minor-patch group across 1 directory with 2 updates (#4622)
Bumps the actions-minor-patch group with 2 updates in the / directory: [anchore/sbom-action](https://github.com/anchore/sbom-action) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).


Updates `anchore/sbom-action` from 0.21.1 to 0.22.2
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](0b82b0b1a2...28d71544de)

Updates `zizmorcore/zizmor-action` from 0.4.1 to 0.5.0
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](135698455d...0dce2577a4)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 0.22.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-17 11:16:26 -05:00
dependabot[bot]
1af8b1acaa
chore(deps): bump the actions-minor-patch group across 2 directories with 2 updates (#4607)
Bumps the actions-minor-patch group with 1 update in the / directory: [docker/login-action](https://github.com/docker/login-action).
Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [actions/cache](https://github.com/actions/cache).


Updates `docker/login-action` from 3.6.0 to 3.7.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](5e57cd1181...c94ce9fb46)

Updates `actions/cache` from 5.0.1 to 5.0.3
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](9255dc7a25...cdf6c1fa76)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: actions/cache
  dependency-version: 5.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-06 13:20:12 -05:00
dependabot[bot]
e136ebc44f
chore(deps): bump the actions-minor-patch group across 1 directory with 2 updates (#4584)
Bumps the actions-minor-patch group with 2 updates in the / directory: [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).


Updates `peter-evans/create-pull-request` from 8.0.0 to 8.1.0
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](98357b18bf...c0f553fe54)

Updates `zizmorcore/zizmor-action` from 0.3.0 to 0.4.1
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](e639db9933...135698455d)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-30 10:33:32 -05:00
dependabot[bot]
27b1219e98
chore(deps): bump the actions-minor-patch group across 2 directories with 3 updates (#4568)
Bumps the actions-minor-patch group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-go](https://github.com/actions/setup-go) and [github/codeql-action](https://github.com/github/codeql-action).
Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8e8c483db8...de0fac2e45)

Updates `actions/setup-go` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](4dc6199c7b...7a3fe6cf4c)

Updates `github/codeql-action` from 4.31.9 to 4.31.10
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](5d4e8d1aca...cdefb33c0f)

Updates `actions/setup-go` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](4dc6199c7b...7a3fe6cf4c)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: actions/setup-go
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: github/codeql-action
  dependency-version: 4.31.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: actions/setup-go
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-23 10:37:23 -05:00
Will Murphy
3e563d90d5
ci: enable zizmor to fail PRs (#4556)
* ci: enable zizmor to fail PRs

Enable zizmor (gh actions yaml linter) to fail builds in PRs. Fix any
outstanding linting errors found by this tool.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

* fix outdated version comments

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

---------

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-01-16 10:49:00 -05:00
Will Murphy
5987f46353
Chore new slack action (#4553)
* chore: new slack action

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

* TEMP: exit 1 to test slack notify

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

* new slack integration everywhere

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

---------

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-01-16 11:26:40 +00:00
dependabot[bot]
6d206910f0
chore(deps): bump anchore/sbom-action (#4544)
Bumps the actions-minor-patch group with 1 update in the / directory: [anchore/sbom-action](https://github.com/anchore/sbom-action).


Updates `anchore/sbom-action` from 0.21.0 to 0.21.1
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](a930d0ac43...0b82b0b1a2)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 0.21.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-09 13:13:44 -05:00
Alex Goodman
ed339e4fed
fix: ensure java image build failures stop the build (#4531)
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-01-06 11:43:51 -05:00
dependabot[bot]
63273b1b00
chore(deps): bump the actions-minor-patch group across 1 directory with 2 updates (#4525)
Bumps the actions-minor-patch group with 2 updates in the / directory: [docker/login-action](https://github.com/docker/login-action) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).


Updates `docker/login-action` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](184bdaa072...5e57cd1181)

Updates `zizmorcore/zizmor-action` from 0.2.0 to 0.3.0
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](e673c3917a...e639db9933)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-05 12:48:30 -05:00
dependabot[bot]
92e523caa6
chore(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 (#4526)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](018cc2cf5b...37930b1c2a)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-05 12:48:20 -05:00
dependabot[bot]
9b33b8a3d6
chore(deps): bump actions/upload-artifact from 4.4.3 to 6.0.0 (#4527)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.3 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b4b15b8c7c...b7c566a772)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-05 12:48:13 -05:00
Alex Goodman
29a0b19a21
Group dependabot updates (#4522)
* group dependabot updates

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use directories key

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-01-05 16:57:38 +00:00
Alex Goodman
11fed90075
Migrate CI to runs-on (#4351)
* migrate to runs-on runners

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* keep validations on x64

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* correct ubuntu arm refs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bust cache

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use artifacts api between jobs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* download individual artifacts

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* troubleshoot artifact upload

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* disable magic cache

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix deps

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* attempt to replicate layout

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* change asset names and remove extras

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* better artifact filters

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use action to get artifacts working

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add sboms

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* simpler artifacts

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add logging

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove logging

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* make artifacts executable

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* improve workflow dispatch calls

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* attempt to bring down ci times

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update repo path

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use local config instead of shared one

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use runner labels instead of config

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use valid alias

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use compute instances for build

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* small comment on concurrency

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fixes from review

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove parallelism

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-01-05 09:53:06 -05:00