Merge branch 'main' into fix_usage

.github/workflows/codeql-analysis.yml

@@ -57,7 +57,7 @@ jobs:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
     - name: Checkout repository
-      uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+      uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/depsreview.yml

@@ -0,0 +1,27 @@
+# Copyright 2021 Security Scorecard Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@3f943b86c9a289f4e632c632695e2e0898d9d67d

.github/workflows/docker.yml

@@ -50,7 +50,7 @@ jobs:
         version: 3.17.3
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@136d96b4aee02b1f0de3ba493b1d47135042d9c0 #v2.1.7
+       uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 #v2.1.7
        with:
           # In order:
           # * Module download cache
@@ -66,7 +66,7 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Clone the code
-       uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+       uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
        with:
           fetch-depth: 0
      - name: Setup Go
@@ -92,7 +92,7 @@ jobs:
         version: 3.17.3
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@136d96b4aee02b1f0de3ba493b1d47135042d9c0 #v2.1.7
+       uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 #v2.1.7
        with:
           # In order:
           # * Module download cache
@@ -108,7 +108,7 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Clone the code
-       uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+       uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
        with:
           fetch-depth: 0
      - name: Setup Go
@@ -134,7 +134,7 @@ jobs:
         version: 3.17.3
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@136d96b4aee02b1f0de3ba493b1d47135042d9c0 #v2.1.7
+       uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 #v2.1.7
        with:
           # In order:
           # * Module download cache
@@ -150,7 +150,7 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Clone the code
-       uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+       uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
        with:
           fetch-depth: 0
      - name: Setup Go
@@ -176,7 +176,7 @@ jobs:
         version: 3.17.3
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@136d96b4aee02b1f0de3ba493b1d47135042d9c0 #v2.1.7
+       uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 #v2.1.7
        with:
           # In order:
           # * Module download cache
@@ -192,7 +192,7 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Clone the code
-       uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+       uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
        with:
           fetch-depth: 0
      - name: Setup Go
@@ -218,7 +218,7 @@ jobs:
         version: 3.17.3
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@136d96b4aee02b1f0de3ba493b1d47135042d9c0 #v2.1.7
+       uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 #v2.1.7
        with:
           # In order:
           # * Module download cache
@@ -234,7 +234,7 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Clone the code
-       uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+       uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
        with:
           fetch-depth: 0
      - name: Setup Go
@@ -260,7 +260,7 @@ jobs:
         version: 3.17.3
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@136d96b4aee02b1f0de3ba493b1d47135042d9c0 #v2.1.7
+       uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 #v2.1.7
        with:
           # In order:
           # * Module download cache
@@ -276,7 +276,7 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Clone the code
-       uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+       uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
        with:
           fetch-depth: 0
      - name: Setup Go
@@ -302,7 +302,7 @@ jobs:
         version: 3.17.3
      - name: Cache builds
        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@136d96b4aee02b1f0de3ba493b1d47135042d9c0 #v2.1.7
+       uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 #v2.1.7
        with:
           # In order:
           # * Module download cache
@@ -318,7 +318,7 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Clone the code
-       uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+       uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
        with:
           fetch-depth: 0
      - name: Setup Go

.github/workflows/goreleaser.yaml

@@ -35,7 +35,7 @@ jobs:
 
       -
         name: Checkout
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
         with:
           fetch-depth: 0
       -

.github/workflows/integration.yml

@@ -43,7 +43,7 @@ jobs:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: pull_request actions/checkout
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
+        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # v2.3.4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -54,7 +54,7 @@ jobs:
 
       - name: Cache builds
         # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-        uses: actions/cache@136d96b4aee02b1f0de3ba493b1d47135042d9c0 #v2.1.7
+        uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 #v2.1.7
         with:
           # In order:
           # * Module download cache
@@ -74,15 +74,25 @@ jobs:
         run: |
             go mod download
 
-      - name: Run E2E  #using retry because the GitHub token is being throttled. 
+      - name: Run GITHUB_TOKEN E2E  #using retry because the GitHub token is being throttled. 
+        uses: nick-invision/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c 
+        env:
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          max_attempts: 3
+          retry_on: error
+          timeout_minutes: 30
+          command: make e2e-gh-token
+
+      - name: Run PAT E2E  #using retry because the GitHub token is being throttled. 
         uses: nick-invision/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c 
         env:
           GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
         with:
           max_attempts: 3
           retry_on: error
           timeout_minutes: 30
-          command: make e2e
+          command: make e2e-pat
 
       - name: codecov
         uses: codecov/codecov-action@e3c560433a6cc60aec8812599b7844a7b4fa0d71 # 2.1.0