Buildpacks
/
lifecycle
mirror of https://github.com/buildpacks/lifecycle.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,037 Commits 126 Branches 112 Tags 118 MiB
Commit Graph

151 Commits

Author SHA1 Message Date
Jesse Brown 0fc41858a1
bump to 1.25.3 to fix more sevs 2025-11-05 12:33:30 -06:00
Jesse Brown c9c7bf5f3d
Merge pull request #1527 from buildpacks/dependabot/github_actions/actions/checkout-5 
Bump actions/checkout from 4 to 5
 2025-08-26 11:39:35 -05:00
Jesse Brown fe80f9ffff
Use beta arm runners 
Our arm runner does not have node24 - lets see if the newer arm runners hosted by GitHub just work.

Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2025-08-26 09:05:56 -05:00
Jesse Brown 998df22b75
Merge pull request #1528 from buildpacks/dependabot/github_actions/actions/download-artifact-5 
Bump actions/download-artifact from 4 to 5
 2025-08-12 14:38:56 -05:00
Jesse Brown c4730aeb7f
Update to Go 1.24.6 
- Update Go version in test-s390x.yml
- Update Go version in Dockerfile
- Update Go version in go.mod
- Add aarch64 support to tools/image

Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2025-08-12 08:55:13 -05:00
dependabot[bot] b26e08c712
Bump actions/download-artifact from 4 to 5 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 09:49:15 +00:00
dependabot[bot] 7aa64e06c4
Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 08:57:25 +00:00
Jesse Brown f8bf3ed25e
debug draft step to see why it does not like recent release branch 2025-07-18 09:06:11 -05:00
Jesse Brown 669686636a
Bump go to 1.24.5 
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2025-07-16 21:28:33 -05:00
dependabot[bot] ed2e33c6e6
Bump appleboy/ssh-action from 1.2.1 to 1.2.2 
Bumps [appleboy/ssh-action](https://github.com/appleboy/ssh-action) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/appleboy/ssh-action/releases)
- [Changelog](https://github.com/appleboy/ssh-action/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/appleboy/ssh-action/compare/v1.2.1...v1.2.2)

---
updated-dependencies:
- dependency-name: appleboy/ssh-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-11 00:11:40 +00:00
Jesse Brown 3a30c0b597
go 1.24 
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2025-02-28 10:37:53 -06:00
dependabot[bot] ba82c0d126
Bump appleboy/ssh-action from 1.1.0 to 1.2.1 
Bumps [appleboy/ssh-action](https://github.com/appleboy/ssh-action) from 1.1.0 to 1.2.1.
- [Release notes](https://github.com/appleboy/ssh-action/releases)
- [Changelog](https://github.com/appleboy/ssh-action/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/appleboy/ssh-action/compare/v1.1.0...v1.2.1)

---
updated-dependencies:
- dependency-name: appleboy/ssh-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-28 15:12:11 +00:00
Jesse Brown fd1604734b
Merge pull request #1428 from buildpacks/dependabot/github_actions/codecov/codecov-action-5 
Bump codecov/codecov-action from 4 to 5
 2025-02-28 09:11:46 -06:00
Jesse Brown 7bd8e735ea
Merge pull request #1446 from buildpacks/dependabot/github_actions/anchore/scan-action-6 
Bump anchore/scan-action from 3 to 6
 2025-02-28 09:11:08 -06:00
Jesse Brown 3109b04667
Use GITHUB_REF_NAME for draft action 
The `GITHUB_REF` includes the full `ref/heads...`and the `gh release create` is expecting the short branch/tag name.

This somehow works fine - but also breaks the UI for generating release notes. This should fix that.

Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2025-02-25 08:04:11 -06:00
Jesse Brown 35e4fb90bc
Update draft-release.yml 
Windows artifacts are no longer built - the draft release validation needs to be updated to reflect that.

Signed-off-by: Jesse Brown <jabrown85@gmail.com>

Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2025-02-10 10:07:09 -06:00
dependabot[bot] 2191fc1b5f
Bump anchore/scan-action from 3 to 6 
Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 3 to 6.
- [Release notes](https://github.com/anchore/scan-action/releases)
- [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/anchore/scan-action/compare/v3...v6)

---
updated-dependencies:
- dependency-name: anchore/scan-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-16 23:14:03 +00:00
Jesse Brown 60bf07f8de
Remove Windows Support 
I took a swing at removing any and all references to windows in this reference implementation.

Lifecycle no longer outputs a windows binary as a release artifact
Lifecycle no longer operates against windows containers

https://github.com/buildpacks/rfcs/pull/311
https://medium.com/buildpacks/deprecation-announcement-windows-container-feature-in-cloud-native-buildpacks-bbb70351343d

Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2024-12-10 16:56:29 -06:00
dependabot[bot] 3985f2e33a
Bump codecov/codecov-action from 4 to 5 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-19 00:03:45 +00:00
Jesse Brown 0690d133ca
Remove pack acceptance test on windows. (#1421) 
Ref: https://github.com/buildpacks/rfcs/pull/311

We don't want to block lifecycle releases on pack windows failure anymore. They are unstable and not something we are staffed to invest time into.

Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2024-11-11 10:44:21 -05:00
Jesse Brown 5517e86a56
bump upload-artifacts-action (#1419) 
* bump upload-artifacts-action

Signed-off-by: Jesse Brown <jabrown85@gmail.com>

* bumping download-artifact to v4 as well

Signed-off-by: Jesse Brown <jabrown85@gmail.com>

---------

Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2024-11-06 14:45:20 -05:00
dependabot[bot] 095affa914
Bump appleboy/ssh-action from 1.0.3 to 1.1.0 (#1404) 
Bumps [appleboy/ssh-action](https://github.com/appleboy/ssh-action) from 1.0.3 to 1.1.0.
- [Release notes](https://github.com/appleboy/ssh-action/releases)
- [Changelog](https://github.com/appleboy/ssh-action/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/appleboy/ssh-action/compare/v1.0.3...v1.1.0)

---
updated-dependencies:
- dependency-name: appleboy/ssh-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-01 15:32:19 -04:00
Natalie Arellano 0d51c49e94
Upgrade go and fix lint (#1405) 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2024-10-24 09:45:39 -04:00
dependabot[bot] 85b745ca87
Bump azure/docker-login from 1 to 2 (#1359) 
Bumps [azure/docker-login](https://github.com/azure/docker-login) from 1 to 2.
- [Release notes](https://github.com/azure/docker-login/releases)
- [Commits](https://github.com/azure/docker-login/compare/v1...v2)

---
updated-dependencies:
- dependency-name: azure/docker-login
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-05 12:37:24 -04:00
Dilip Gowda Bhagavan 1a1de0850a
fix: ibmcloud CLI nic attachment issue for s390x testing (#1353) 
* fix: instance create issue for GH actions

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* fix: ibm cloud instance creation issue

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

---------

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>
 2024-05-13 11:56:48 -04:00
Natalie Arellano 13d3691dd0
Try to fix test-s390x workflow (#1339) 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2024-04-29 15:09:27 -04:00
Natalie Arellano fea544183a Provide CODECOV_TOKEN to Codecov 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2024-04-10 10:07:10 -04:00
Natalie Arellano f309b50003 Merge branch 'main' into dependabot/github_actions/codecov/codecov-action-4 2024-04-09 16:34:01 -04:00
Jesse Brown cd50eb8848
Add go-version-file to draft-release workflow (#1331) 
We are getting warnings about go-version not being specified. This should fix that.

Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2024-04-05 15:08:23 -04:00
Jesse Brown bb9eb96766
go 1.22 (#1328) 
* go 1.22

Signed-off-by: Jesse Brown <jabrown85@gmail.com>

* Updated golangci-lint to v1.57.2

Signed-off-by: Jesse Brown <jabrown85@gmail.com>

---------

Signed-off-by: Jesse Brown <jabrown85@gmail.com>
 2024-04-05 13:11:18 -04:00
Natalie Arellano 548854fdf8
Fix post release workflow by calculating sha for linux-ppc64le (#1311) 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2024-03-06 15:28:23 -05:00
Matthias Wessendorf 200b00a4a4
💄 Adding build and packaging support for ppc64le arch (#1303) 
Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
 2024-02-28 15:20:20 -05:00
dependabot[bot] ecbcbd94d4
Bump codecov/codecov-action from 3 to 4 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3 to 4.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-05 23:09:57 +00:00
Natalie Arellano 3c8876ce04
Fix s390x workflow now that go is upgraded (#1268) 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2024-01-10 15:53:03 -05:00
dependabot[bot] c8c4fc4f56
Bump actions/setup-go from 4 to 5 (#1253) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-10 12:00:37 -05:00
dependabot[bot] 6e199e6a64
Bump appleboy/ssh-action from 1.0.0 to 1.0.3 (#1266) 
Bumps [appleboy/ssh-action](https://github.com/appleboy/ssh-action) from 1.0.0 to 1.0.3.
- [Release notes](https://github.com/appleboy/ssh-action/releases)
- [Commits](https://github.com/appleboy/ssh-action/compare/v1.0.0...v1.0.3)

---
updated-dependencies:
- dependency-name: appleboy/ssh-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-10 12:00:10 -05:00
Natalie Arellano 73648d2423
Fix post-release workflow (#1235) 
* Fix post-release workflow

Signed-off-by: Natalie Arellano <narellano@vmware.com>

* Update grype config with non-impactful CVE

Signed-off-by: Natalie Arellano <narellano@vmware.com>

---------

Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2023-10-31 13:47:52 -04:00
Natalie Arellano 2b75adb9e5
Fix check release workflow (again) (#1233) 
* Fix check release workflow by giving write permissions to the token

Signed-off-by: Natalie Arellano <narellano@vmware.com>

* Add permission to different scope

Signed-off-by: Natalie Arellano <narellano@vmware.com>

---------

Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2023-10-31 09:57:46 -04:00
Ed Morley 736b776093
Group minor/patch version Go Dependabot updates into one PR (#1228) 
Go minor/patch dependencies will now be grouped, using the new
Dependabot grouping feature:
https://github.blog/changelog/2023-08-17-grouped-version-updates-by-semantic-version-level-for-dependabot/

Major updates, as well as security updates will still be opened as
separate PRs. I've not grouped GitHub Actions update PRs, since the
volume is typically much lower for those.

The custom open pull requests limit has been removed, since it is
no longer necessary, as there won't be as many open PRs.

In addition, the schedule has been changed from daily to weekly.

This reduces project maintenance toil (no more having to manually create
combined update PRs), plus makes it less painful for contributors to
subscribe to repository notifications (currently there is a lot of noise
from Dependabot PRs being opened/auto-rebased etc).

Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
 2023-10-30 17:55:34 -04:00
Natalie Arellano 9eec0f4f5c
Fix check release workflow by giving write permissions to the token (#1229) 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2023-10-30 17:50:47 -04:00
dependabot[bot] 367b451eb7
Bump appleboy/ssh-action from 0.1.10 to 1.0.0 (#1214) 
Bumps [appleboy/ssh-action](https://github.com/appleboy/ssh-action) from 0.1.10 to 1.0.0.
- [Release notes](https://github.com/appleboy/ssh-action/releases)
- [Commits](https://github.com/appleboy/ssh-action/compare/v0.1.10...v1.0.0)

---
updated-dependencies:
- dependency-name: appleboy/ssh-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-18 11:27:31 -04:00
dependabot[bot] 66472bc154
Bump actions/checkout from 3 to 4 (#1212) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-18 09:33:01 -04:00
dependabot[bot] a00c3832e3
Bump actions/upload-artifact from 2 to 3 (#1213) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-18 09:31:57 -04:00
Natalie Arellano 6885b2e6ff
Update README and golang.org/x/sys (#1218) 
* Update README

Signed-off-by: Natalie Arellano <narellano@vmware.com>

* Upgrade golang.org/x/sys to bump golang.org/x/net and patch vulnerabilities

- Patches CVE-2023-44487 and CVE-2023-39325
- Removes already patched CVEs from ignore list in .grype.yaml

Signed-off-by: Natalie Arellano <narellano@vmware.com>

* Fix pack acceptance by letting the tag version float again

Signed-off-by: Natalie Arellano <narellano@vmware.com>

---------

Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2023-10-17 17:05:03 -04:00
Dilip Gowda Bhagavan 292aa492a7
Add support for s390x (#1142) 
* installing docker and jq

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* added support for s390x

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* adding back newline at end of file

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* adding back newline at end of file

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* updated release workflows

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* Running build and publish flow on fork

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* corrected typo

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* installing docker and jq

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* adding back newline at end of file

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* adding back newline at end of file

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* updated release workflows

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* corrected typo

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* reverting docker repo to buildpacksio

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* seperated s390x job to different file

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* removing hard coded values to secret

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* removed s390x conditon

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* adding s390x conditon

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

* correcting alignment in build.yml

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>

---------

Signed-off-by: Dilip Gowda Bhagavan <dilip.bhagavan@ibm.com>
Signed-off-by: Dilip Gowda Bhagavan <110233170+dilipgb@users.noreply.github.com>
 2023-10-05 10:23:33 -04:00
Natalie Arellano 2b81abb8c4
Update cosign (#1201) 
* Update some actions and configure dependabot to update actions

Signed-off-by: Natalie Arellano <narellano@vmware.com>

* Update cosign workflows to use keyless signing

Signed-off-by: Natalie Arellano <narellano@vmware.com>

---------

Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2023-09-19 10:02:28 -04:00
Natalie Arellano 06ffeedd58
Update some actions and configure dependabot to update actions (#1200) 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2023-09-19 08:54:41 -04:00
Natalie Arellano b384d8c3e6
Fix setup-go by looking for go.mod within pack directory (#1197) 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2023-09-12 12:32:51 -07:00
Natalie Arellano 325676eb6e
Update version of pack used in acceptance tests (#1182) 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2023-08-23 10:33:11 -04:00
Natalie Arellano df9ae90e17
Update github templates (#1179) 
Signed-off-by: Natalie Arellano <narellano@vmware.com>
 2023-08-10 12:19:42 -04:00