-
Notifications
You must be signed in to change notification settings - Fork 567
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
workflow to create automated PRs to update bootstrap tools #1167
Conversation
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
0c1b681
to
d41976c
Compare
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
stable: ${{ env.GO_STABLE_VERSION }} | ||
|
||
- run: | | ||
GOLANGCILINT_LATEST_VERSION=$(go list -m -json github.com/golangci/golangci-lint@latest 2>/dev/null | jq -r '.Version') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TIL ubuntu-latest
comes with jq
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was just assuming because we have https://github.com/anchore/grype/blob/ae37eb4a05acfacf551138e15a2266a0894d4399/.github/workflows/update-syft-release.yml#L25
echo "::set-output name=COSIGN::COSIGN_LATEST_VERSION" | ||
id: latest-versions | ||
|
||
- uses: tibdex/github-app-token@v1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting! Why do we need to use this action for the workflow?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't actually know, that was something @kzantow had as part of the stereoscope update one, so I assumed it would need to be here also
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with comments! I guess the best way to check the correctness here is to let it run and smooth any edge cases
* main: Update syft bootstrap tools to latest versions. (anchore#1171) Fix update-bootstrap-tools workflow (anchore#1170) workflow to create automated PRs to update bootstrap tools (anchore#1167) feat: add support for licenses in package-lock json v2 (anchore#1164) External sources configuration (anchore#1158) feat: add support for pnpm (anchore#1166) Prevent symlinks causing duplicate package-file relationships (anchore#1168) Associate node package licenses from node_modules (anchore#1152) Give the contributing guide a substantial rework (anchore#1155) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* main: Update syft bootstrap tools to latest versions. (#1176) enhance development support on macOS ARM (#1163) Capture if a node module is private (#1161) Find version numbers from jars with different naming conventions (#1174) Update syft bootstrap tools to latest versions. (#1171) Fix update-bootstrap-tools workflow (#1170) workflow to create automated PRs to update bootstrap tools (#1167) feat: add support for licenses in package-lock json v2 (#1164) External sources configuration (#1158) feat: add support for pnpm (#1166) Prevent symlinks causing duplicate package-file relationships (#1168) Associate node package licenses from node_modules (#1152)
Signed-off-by: Weston Steimel weston.steimel@anchore.com