Releases: x448/safer-golangci-lint
Releases · x448/safer-golangci-lint
v1.59.1
v1.56.2
v1.54.2
v1.53.3
v1.52.2
v1.51.2
v1.51.1
v1.50.1
v1.49.0 (September 18, 2022)
safer-golangci-lint.yml downloads, verifies, and runs golangci-lint in a deterministic, easy to audit, and safe manner. It exists to help avoid incidents similar to Codecov Bash Script Supply Chain Attack.
This self-contained workflow file is safer than executing unverified output of curl. It's easier to audit than golangci-lint-action which has at least 9 TypeScript files and extra features that isn't needed by all projects.
Changes:
- Bump golangci-lint to 1.49.0
- Bump Go to 1.19 (latest version of 1.19.x because check-latest: true).
- Put Go version in environment variable GO_VERSION.
- Increase timeout to 15m for big projects enabling more linters.
- Use SHA-256 to verify (instead of SHA-384) and mention checksums file.
- Update README.
Thanks @fxamacker for reviewing this release during your busy Sunday. This workflow is used by her popular CBOR codec.
Cheers!
@x448
v1.46.2 (May 19, 2022)
Changes:
- Bump golangci-lint to 1.46.2.
- Remove default permissions at top level and grant only read permission in the job.
- actions/setup-go uses check-latest: true
- Add workflow_dispatch.
- Tidy some comments.
Checksums
- SHA-256 of golangci-lint-1.42.0-linux-amd64.tar.gz is 242cd4f2d6ac0556e315192e8555784d13da5d1874e51304711570769c4f2b9b
- SHA-384 of golangci-lint-1.42.0-linux-amd64.tar.gz is 60ade95e447f8c9a2dfc507c271c2ff41a0e0856f077bf2f734bcd80dd8268addf8cf1625c3e47a6516eb14f23423315
- SHA-384 of safer-golangci-lint.yml (v1.46.2) is
61b3abc35547b1bc662fec29e3bd72c294af0dee618dbbf6e70032bf2ee38487b9adab9793770f3405fec0da81f57733