diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ae2d4402..1263ded2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,5 +5,15 @@ updates: schedule: interval: monthly open-pull-requests-limit: 10 + commit-message: + prefix: "go.mod:" + assignees: + - willnorris + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: ".github:" assignees: - willnorris diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4be10b8b..b0541b88 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v2 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2b2c83b2..b59808fd 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -22,16 +22,13 @@ jobs: id-token: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup Docker buildx - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1 - with: - # use buildx v0.9.1 (https://community.fly.io/t/10171/26) - version: v0.9.1 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 if: github.event_name == 'push' with: registry: ${{ env.REGISTRY }} @@ -40,13 +37,18 @@ jobs: - name: Extract Docker metadata id: meta - uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea # v4.1.1 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: context: . push: ${{ github.event_name == 'push' }} @@ -57,9 +59,7 @@ jobs: # Sign the Docker image - name: Install cosign if: github.event_name == 'push' - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b #v2.8.1 + uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0 - name: Sign the published Docker image if: github.event_name == 'push' - env: - COSIGN_EXPERIMENTAL: "true" run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 68f45723..65dc8592 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -12,12 +12,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 with: go-version: stable - name: golangci-lint uses: golangci/golangci-lint-action@v3 with: - version: v1.52.2 + version: v1.58.1 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e4ea3fa5..6bb087cf 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -37,9 +37,9 @@ jobs: runs-on: ${{ matrix.platform }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: actions/setup-go@v4 + - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} @@ -48,4 +48,4 @@ jobs: - name: Upload coverage to Codecov if: ${{ matrix.update-coverage }} - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1