From 88b4fd2c0e3b5e141bd2a5986dd61de20087bad1 Mon Sep 17 00:00:00 2001 From: Ivan Valdes Date: Wed, 15 May 2024 11:09:44 -0700 Subject: [PATCH 1/3] update dependabot config Signed-off-by: Ivan Valdes --- .github/dependabot.yml | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8db43d873fd..8bb83a5aaed 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,18 +7,25 @@ updates: interval: weekly - package-ecosystem: gomod - directory: / - schedule: - interval: weekly - allow: - - dependency-type: all - - - package-ecosystem: gomod - directory: /tools/mod # Not linked from /go.mod + directories: + - / + - /api + - /client/internal/v2 + - /client/pkg + - /client/v3 + - /etcdctl + - /etcdutl + - /pkg + - /server + - /tests + - /tools/mod + - /tools/rw-heatmaps + - /tools/testgrid-analysis schedule: - interval: weekly + interval: daily allow: - dependency-type: all + open-pull-requests-limit: 30 - package-ecosystem: docker directory: / From 9b8999a3a37baf51c5c4203a28c1bc452b97a45b Mon Sep 17 00:00:00 2001 From: Ivan Valdes Date: Thu, 27 Jun 2024 13:49:29 -0700 Subject: [PATCH 2/3] update dependabot config Signed-off-by: Ivan Valdes --- .github/dependabot.yml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8bb83a5aaed..018fddd2d44 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,24 +8,28 @@ updates: - package-ecosystem: gomod directories: - - / - - /api - - /client/internal/v2 - - /client/pkg - - /client/v3 + - /tests - /etcdctl - - /etcdutl - /pkg - - /server - - /tests - - /tools/mod - /tools/rw-heatmaps + - /tools/mod - /tools/testgrid-analysis + - /etcdutl + - /client/pkg + - /client/v3 + - /client/internal/v2 + - /server + - /api + - / schedule: interval: daily allow: - dependency-type: all open-pull-requests-limit: 30 + groups: + weekly-updates: + patterns: + - "*" - package-ecosystem: docker directory: / From 087e69474c63ee0000f12302494e13e525da8ce9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 06:59:31 +0000 Subject: [PATCH 3/3] build(deps): bump github/codeql-action from 3.25.15 to 3.26.12 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/afb54ba388a7dca6ecae48f608c4ff05ff4cc77a...c36620d31ac7c881962c3d9dd939c40ec9434f2b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9a0beb20987..d7deac20b28 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -40,7 +40,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. @@ -50,6 +50,6 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8425d1425fc..5a5e9af586d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -67,6 +67,6 @@ jobs: format: 'sarif' output: 'trivy-results-${{ matrix.platforms }}.sarif' - name: upload scan results - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: 'trivy-results-${{ matrix.platforms }}.sarif' diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 033a84e375d..0695be8507f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -50,6 +50,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: results.sarif