Skip to content

Commit

Permalink
Update workflows (#819)
Browse files Browse the repository at this point in the history 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.0.0` -> `v3.1.0` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.0` -> `v3.1.1` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.0.0` -> `v2.0.6` |
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | digest | `5fb2f04` -> `37f50c2` |

---

### Release Notes

<details>
<summary>actions/checkout</summary>

###
[`v3.1.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v310)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.0.2...v3.1.0)

- [Use @&#8203;actions/core `saveState` and
`getState`](https://togithub.com/actions/checkout/pull/939)
- [Add `github-server-url`
input](https://togithub.com/actions/checkout/pull/922)

###
[`v3.0.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v302)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.0.1...v3.0.2)

- [Add input
`set-safe-directory`](https://togithub.com/actions/checkout/pull/770)

###
[`v3.0.1`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v301)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.0.0...v3.0.1)

- [Fixed an issue where checkout failed to run in container jobs due to
the new git setting
`safe.directory`](https://togithub.com/actions/checkout/pull/762)
- [Bumped various npm package
versions](https://togithub.com/actions/checkout/pull/744)

</details>

<details>
<summary>actions/upload-artifact</summary>

###
[`v3.1.1`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.1)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.0...v3.1.1)

- Update actions/core package to latest version to remove `set-output`
deprecation warning
[#&#8203;351](https://togithub.com/actions/upload-artifact/issues/351)

</details>

<details>
<summary>ossf/scorecard-action</summary>

###
[`v2.0.6`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.6)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6)

#### What's Changed

- Fix - Broken dockerfile by
[@&#8203;naveensrinivasan](https://togithub.com/naveensrinivasan) in
[ossf/scorecard-action#979

**Full Changelog**:
ossf/scorecard-action@v2.0.5...v2.0.6

###
[`v2.0.5`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.5)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.4...v2.0.5)

#### What's Changed

- Remove trailing space from example by
[@&#8203;jamacku](https://togithub.com/jamacku) in
[ossf/scorecard-action#955
- 🌱 Bump actions/cache from 3.0.8 to 3.0.10 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#956
- 🌱 Bump github/codeql-action from 2.1.25 to 2.1.26 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#957
- 🌱 Bump step-security/harden-runner from 1.4.5 to 1.5.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#958
- 🌱 Bump debian from `5cf1d98` to `b46fc4e` by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#959
- 🌱 Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#962
- 🌱 Upgrade to go 1.19 by
[@&#8203;naveensrinivasan](https://togithub.com/naveensrinivasan) in
[ossf/scorecard-action#961
- 🌱 Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#967
- 🌱 Bump golang from `c2a98a5` to `b850621` by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#966
- 🌱 Bump golang from `b850621` to `25de7b6` by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#968
- New release for Scorecard v4.8.0 by
[@&#8203;naveensrinivasan](https://togithub.com/naveensrinivasan) in
[ossf/scorecard-action#969

#### New Contributors

- [@&#8203;jamacku](https://togithub.com/jamacku) made their first
contribution in
[ossf/scorecard-action#955

**Full Changelog**:
ossf/scorecard-action@v2.0.4...v2.0.5

###
[`v2.0.4`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.4)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.3...v2.0.4)

Fixes
[#&#8203;856](https://togithub.com/ossf/scorecard-action/issues/856)

#### What's Changed

- 🌱 Bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#934
- feat: do not run signing on pull requests by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[ossf/scorecard-action#935
- 🌱 Bump debian from 11.4-slim to 11.5-slim by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#936
- 🌱 Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#938
- 🌱 Bump github/codeql-action from 2.1.22 to 2.1.24 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#941
- 🐛 Restore behavior of ignoring scorecard runtime errors by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#948
- 🌱 Bump actions/dependency-review-action from 2.1.0 to 2.4.0
by [@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#950
- 🌱 Bump github.com/sigstore/cosign from 1.12.0 to 1.12.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#947
- 🌱 Bump github/codeql-action from 2.1.24 to 2.1.25 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#949
- 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[ossf/scorecard-action#942
- Create v2.0.4 patch by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#952

#### New Contributors

- [@&#8203;spencerschrock](https://togithub.com/spencerschrock) made
their first contribution in
[ossf/scorecard-action#948

**Full Changelog**:
ossf/scorecard-action@v2.0.3...v2.0.4

###
[`v2.0.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.2...v2.0.3)

Patch for fix in
[#&#8203;898](https://togithub.com/ossf/scorecard-action/issues/898)

###
[`v2.0.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.1...v2.0.2)

Fixes
[ossf/scorecard-action#895

###
[`v2.0.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.0...v2.0.1)

Fix for
[#&#8203;856](https://togithub.com/ossf/scorecard-action/issues/856)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yMy4xIiwidXBkYXRlZEluVmVyIjoiMzQuMjMuMSJ9-->

Co-authored-by: Andrew Pollock <andrewpollock@users.noreply.github.com>
  • Loading branch information
@renovate-bot @andrewpollock
renovate-bot and andrewpollock committed Nov 14, 2022
1 parent 953af71 commit 93d3714
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/publish-to-pypi.yaml
View file
Expand Up @@ -41,7 +41,7 @@ jobs:
build
--sdist --wheel --outdir dist/ .
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@5fb2f047e26679d7846a8370de1642ff160b9025 # v1.5.1
uses: pypa/gh-action-pypi-publish@37f50c210e3d2f9450da2cd423303d6a14a6e29f # v1.5.1
with:
password: ${{ secrets.PYPI_API_TOKEN }}
packages_dir: dist/
6 changes: 3 additions & 3 deletions .github/workflows/scorecards.yml
View file
Expand Up @@ -22,12 +22,12 @@ jobs:
id-token: write
steps:
- name: "Checkout code"
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 # v3.0.0
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@066a051e5c2c336158e3c5728cd80ccb1276afbf # v2.0.0-alpha.2
uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6-alpha.2
with:
results_file: results.sarif
results_format: sarif
Expand All @@ -42,7 +42,7 @@ jobs:

# Upload the results as artifacts (optional).
- name: "Upload artifact"
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.0
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
with:
name: SARIF file
path: results.sarif
Expand Down

0 comments on commit 93d3714

Please sign in to comment.