ef7ee635b8
build: fix indentation Dependabot file
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-09-12 09:20:26 +02:00
9e67a3c37d
release: generate versioned `.intoto.jsonl`
...
This ensures the file name is unique per release, and can be linked by
file name to the specific SOPS version it is targeted at.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-09-12 09:19:53 +02:00
3893a91820
build(deps): Bump the ci group with 6 updates
...
Bumps the ci group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go ) | `3.5.0` | `4.1.0` |
| [actions/checkout](https://github.com/actions/checkout ) | `3.5.3` | `4.0.0` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.1.1` | `3.1.2` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `2.9.1` | `2.10.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) | `4.3.0` | `5.0.0` |
| [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) | `1.8.0` | `1.9.0` |
Updates `actions/setup-go` from 3.5.0 to 4.1.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3.5.0...93397bea11091df50f3d7e59dc26a7711a8bcfbe )
Updates `actions/checkout` from 3.5.3 to 4.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.5.3...3df4ab11eba7bda6032a0b82a6bb43b11571feac )
Updates `sigstore/cosign-installer` from 3.1.1 to 3.1.2
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](6e04d228eb...11086d2504https://github.com/docker/setup-buildx-action/releases )
- [Commits](4c0219f9ac...885d1462b8https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](336e29918d...7ec5c2b0c6https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: ci
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: ci
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: ci
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: ci
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: ci
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: ci
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-12 06:37:37 +00:00
0dff2ecea6
Enable Dependabot for Docker, GH Actions and Go
...
This enables Dependabot using three groups, one for container images,
one for GitHub Actions, and one for Go Modules.
In the future, we may want to split the Go Modules into multiple
groups. For example, one for each key source with a misc catch-all
group for any other dependency.
xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates#grouping-dependabot-version-updates-into-one-pull-request
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-09-12 07:59:09 +02:00
d98a7f2adc
build: add CodeQL workflow
...
This enables CodeQL scanning to automatically catch certain common
security and quality issues in the GitHub UI.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-09-12 00:00:43 +02:00
6506bbbba8
build: pin actions to full length commit SHA
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-09-11 23:14:52 +02:00
58735d3ca1
build: remove obsolete step & improve readability
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-08-24 13:49:54 +02:00
8b04e4c001
build: ensure clean working tree
...
This catches `go.*` files being out-of-sync.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-08-24 13:45:32 +02:00
cbcd73de47
release: update GoReleaser to 1.20.0
...
Which now allows us to set the `mod_timestamp` on universal binaries.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-08-14 22:37:47 +02:00
5276fcf497
release: disable Go cache for workflow
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-08-14 22:37:45 +02:00
0e585a1b6f
release: artifact, SBOM and container provenance
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-08-14 22:37:43 +02:00
30abe25262
release: pin GoReleaser version
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-08-14 22:37:43 +02:00
0411c7d976
release: extend timeout
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-08-14 22:37:42 +02:00
10c827dcaa
build: outline new release workflow
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-08-14 22:37:40 +02:00
f2a1d4c782
Rename Go module to `github.com/getsops/sops/v3`
...
This commit renames the Go module from `go.mozilla.org/sops/v3` to
`github.com/getsops/sops/v3` without a major version bump, to align
with new stewardship.
For more information around this change, refer to
https://github.com/getsops/sops/issues/1246 .
For a one-liner to change the `go.mod` and any import paths in your
Go project making use of this module, run:
```
find /path/to/repo -type f \( -name "*.go" -o -name "go.mod" \) -exec sed -i 's|go.mozilla.org/sops/v3|github.com/getsops/sops/v3|g' {} \;
find /path/to/repo -type f \( -name "*.go" -o -name "go.mod" \) -exec sed -i '' 's|go.mozilla.org/sops/v3|github.com/getsops/sops/v3|g' {} \;
```
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-07-31 22:51:36 +02:00
79b301f60b
build: run CLI workflow on `main`
...
As `master` and `develop` are being laid to rest.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-07-06 22:42:04 +02:00
9196a11b63
build: update GitHub workflow actions
...
To their respective latest versions.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-07-02 18:19:02 +02:00
83f459b1ad
build: update Go to 1.20
...
This updates Go used for builds to 1.20, including an update of Alpine
to 3.17.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-07-02 18:19:02 +02:00
4bef0297cb
build: update Go to 1.19
...
This updates Go used for builds to 1.19, and updates a forgotten
Alpine 3.15 version in a `Dockerfile` to 3.16.
Signed-off-by: Hidde Beydals <hello@hidde.co>
2023-07-02 18:19:02 +02:00
1d7fc78a75
Update rustc functional tests to v1.70.0
...
Bear minimum to get this going again, including an update of
dependencies.
It's worth noting that there is a detachment between the GitHub Action
workflow and running this locally. As there are assumptions around:
1. Having the `pgp/sops_functional_tests_key.asc` imported.
2. Having a Vault server running for two functional tests.
The `functional-tests` Make target does not facilitate this, and
putting something in place using a temporary `GNUPGHOME` and a
container image would likely be a welcome future improvement.
In addition, there is Rust code in `validation/` which appears to be an
artifact from an ancient Python library[1][2]. This should probably be
removed in the future.
[1]: https://github.com/getsops/sops/tree/python-sops
[2]: https://pypi.org/project/sops/
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-07-02 13:37:49 +02:00
1e4e500dc1
Update Go to 1.18
...
This is required for the latest Azure SDK, and comes with general
improvements for certain CPU types.
Includes a change of `%w` -> `%v` for `t.Errorf` due to dropped support
for wrapping.
Signed-off-by: Hidde Beydals <hello@hidde.co>
2022-06-02 22:26:05 +02:00
605fb271cb
Explicitly build linux amd64 binary
...
Previous setup relied implicitly of the correct file to be there. Introduction of arm64 builds broke that implicit assumption.
2022-03-10 15:46:51 +02:00
822ce48b82
Add arm64 .deb and .rpm builds
2022-03-04 10:04:51 +02:00
c58653474c
Change labeling and upload linux arm64
...
Maintain the former no-architecture label and include
both linux and darwin amd64/arm64 versions in the release
2022-03-01 12:19:40 -08:00
684d338ecb
Merge branch 'develop' of https://github.com/mozilla/sops into mozilla-develop
2022-03-01 10:44:06 +01:00
7f503bcbfd
Upgrade release job to go 1.17
2022-02-24 14:16:10 -08:00
dc2267e372
Upgrade to go 1.17
2022-02-24 14:12:58 -08:00
56bbf847c5
Added support for go 1.16 and darwin-arm64
2021-07-26 23:16:38 +02:00
2395f07610
small release workflow fix
2021-04-08 14:53:15 -07:00
68e2a824bd
fix release workflow
2021-04-08 14:49:01 -07:00
1504dbcad1
Run CI tests against master as well
2021-04-05 11:16:48 -07:00
dfc7af220e
swap to fork of action-automatic-releases
2021-03-30 11:35:45 -07:00
9cc95d411b
Add release workflow
...
Fixes #841
2021-03-30 11:32:32 -07:00
24636e4f23
Make sure that binary is built from current checkout, and not from master branch. ( #820 )
2021-02-21 18:46:12 +01:00
a115ce479f
Also run unit tests in Github actions
2021-01-07 14:37:44 +01:00
157e633c14
Use rustup directly instead of actions-rs
2021-01-07 00:09:49 +01:00
84c8fdc3bb
Move to github actions
2021-01-05 17:26:29 +01:00
Hidde Beydals
dependabot[bot]
Hidde Beydals
Janis Peisenieks
AJ Bahnken
Nikola Milojević
Felix Fontein
Adrian Utrilla