kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,542 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

99 Commits

Author SHA1 Message Date
dependabot[bot] e6c2359e94
build(deps): bump actions/dependency-review-action from 3.0.0 to 3.0.1 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](30d5821115...11310527b4)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-20 06:25:27 +00:00
Ciprian Hacman 01ecd15a05 Update Go to v1.19.3 2022-11-15 05:05:01 +02:00
dependabot[bot] 8c8e38a153
build(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.0 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.1 to 3.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](0efb1d1d84...30d5821115)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-13 06:01:35 +00:00
dependabot[bot] b0cfb1356f
Bump actions/dependency-review-action from 2.5.0 to 2.5.1 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](fd675ced9c...0efb1d1d84)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-30 06:38:51 +00:00
Kubernetes Prow Robot 64790dcad4
Merge pull request #14448 from kubernetes/dependabot/github_actions/actions/setup-go-3.3.1 
Bump actions/setup-go from 3.3.0 to 3.3.1
 2022-10-23 08:52:24 -07:00
dependabot[bot] f4b766db50
Bump actions/setup-go from 3.3.0 to 3.3.1 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](268d8c0ca0...c4a742cab1)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-23 06:16:25 +00:00
dependabot[bot] 300be6978a
Bump peter-evans/create-pull-request from 4.1.3 to 4.2.0 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.1.3 to 4.2.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](671dc9c9e0...b4d51739f9)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-23 06:16:20 +00:00
dependabot[bot] 629190ee03
Bump actions/dependency-review-action from 2.4.0 to 2.5.0 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](375c537008...fd675ced9c)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-16 07:20:42 +00:00
dependabot[bot] c98f96e412
Bump actions/checkout from 3.0.2 to 3.1.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](2541b1294d...93ea575cb5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-09 07:08:30 +00:00
dependabot[bot] f550864a0f
Bump peter-evans/create-pull-request from 4.1.2 to 4.1.3 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](171dd555b9...671dc9c9e0)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-02 06:18:24 +00:00
Kubernetes Prow Robot c81097c17d
Merge pull request #14331 from kubernetes/dependabot/github_actions/actions/dependency-review-action-2.4.0 
Bump actions/dependency-review-action from 2.1.0 to 2.4.0
 2022-09-25 10:00:04 -07:00
dependabot[bot] 2eeb7cedcd
Bump actions/dependency-review-action from 2.1.0 to 2.4.0 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.1.0 to 2.4.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](23d1ffffb6...375c537008)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-25 06:14:56 +00:00
dependabot[bot] eb3ca5e53c
Bump peter-evans/create-pull-request from 4.1.1 to 4.1.2 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](18f90432be...171dd555b9)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-25 06:14:52 +00:00
dependabot[bot] b84cece1a7
Bump actions/setup-go from 3.2.1 to 3.3.0 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](84cbf80943...268d8c0ca0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-28 06:19:36 +00:00
Kubernetes Prow Robot a92cb0eec1
Merge pull request #14157 from kubernetes/dependabot/github_actions/peter-evans/create-pull-request-4.1.1 
Bump peter-evans/create-pull-request from 4.0.4 to 4.1.1
 2022-08-21 01:25:35 -07:00
dependabot[bot] a8e0c781bf
Bump peter-evans/create-pull-request from 4.0.4 to 4.1.1 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.0.4 to 4.1.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](923ad837f1...18f90432be)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-21 06:14:33 +00:00
dependabot[bot] ada8d1b904
Bump actions/dependency-review-action from 2.0.4 to 2.1.0 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.4 to 2.1.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](94145f3150...23d1ffffb6)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-21 06:14:31 +00:00
Ciprian Hacman 6b8b45355d Update Go to v1.19.0 2022-08-17 06:56:48 +03:00
Ciprian Hacman d686975489 Switch to latest MacOS version for CI 2022-07-21 20:22:11 +03:00
dependabot[bot] 8555fbdc9e
Bump actions/setup-go from 3.2.0 to 3.2.1 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](b22fbbc292...84cbf80943)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-19 03:20:46 +00:00
Kubernetes Prow Robot cb6bd4d9e7
Merge pull request #13995 from hakman/update_github_workflows 
Update GitHub workflows
 2022-07-18 20:20:06 -07:00
Ciprian Hacman 982f584ed3 Run dependency related workflows only for the official kOps repo 2022-07-18 08:12:15 +03:00
Ciprian Hacman 451256f966 Use hashes for actions versions 2022-07-18 08:09:54 +03:00
Ciprian Hacman 42078c2b4f Re-add Dependabot for action updates 2022-07-18 08:05:50 +03:00
Ciprian Hacman 1ed829e0cf Update workflow names and quoting style 2022-07-18 08:01:40 +03:00
Ciprian Hacman 50ca8b3f4d Run dependency review only on go.mod changes 2022-07-18 07:58:10 +03:00
Ciprian Hacman 40096b6684 Remove unused Dependabot related workflow 2022-07-18 07:56:33 +03:00
Ciprian Hacman 7d69bb0976 Update Go to v1.18.4 2022-07-18 07:53:50 +03:00
Kubernetes Prow Robot f76a945541
Merge pull request #13894 from hakman/regular_update-deps 
Replace Dependabot with regular `update-deps` run
 2022-06-28 03:41:57 -07:00
Ciprian Hacman 6301b1ef6e Run update-deps workflow evert Friday morning 2022-06-28 09:37:49 +03:00
Ciprian Hacman 181af09bee Disable Dependabot 2022-06-28 09:35:06 +03:00
Ciprian Hacman b173541ae5 Fix unexpected symbol error in update-deps workflow 2022-06-27 10:45:13 +03:00
Ciprian Hacman 7a8650342d Print all modified files in update-deps generated PRs 2022-06-27 08:27:14 +03:00
Ciprian Hacman 5bd08db213 Add manual job for updating dependencies 2022-06-19 16:45:00 +03:00
dependabot[bot] dcc71211d4
Bump actions/dependency-review-action from 1 to 2 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-19 06:12:29 +00:00
Kubernetes Prow Robot 4ce5c35a00
Merge pull request #13651 from turrisxyz/Dependency-GitHub 
chore(deps): Included dependency review
 2022-06-17 10:06:32 -07:00
Peter Rifel 59aab80b7a
Add GHA workflow for updating dependabot PRs 
This ensures that our other go modules (tests/e2e/, hack/) are also updated whenever dependabot updates the primary go module's dependencies.
 2022-06-05 15:00:01 -05:00
Ciprian Hacman 742b74417a Use dependabot for Go deps 2022-05-29 19:19:46 +03:00
dependabot[bot] b50bd8b59d
Bump actions/setup-go from 3.1.0 to 3.2.0 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fcdc43634a...b22fbbc292)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-29 06:13:12 +00:00
dependabot[bot] f682cea494
Bump actions/setup-go from 3.0.0 to 3.1.0 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f6164bd8c8...fcdc43634a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-15 06:12:41 +00:00
naveensrinivasan 33b5787ed8
chore(deps): Included dependency review 
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-05-14 13:12:38 -05:00
Ciprian Hacman 03cb37aed2 Update Go to v1.18.1 2022-04-22 21:20:06 +03:00
Ciprian Hacman 2ca4a9bee3 Use golang 1.18.0 explicitly 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-29 07:22:16 +03:00
Ole Markus With 59631a1fff Use golang 1.18 for building 2022-03-28 20:24:09 +02:00
Ciprian Hacman 641ef62230
Apply suggestions from code review 2022-03-28 17:05:02 +03:00
dependabot[bot] a90c265a6f
Bump actions/setup-go from 2.2.0 to 3 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](bfdd3570ce...f6164bd8c8)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-28 13:29:58 +00:00
Kubernetes Prow Robot e2acdce433
Merge pull request #13423 from naveensrinivasan/naveen/feat/dependabot-githubactions 
Included githubactions in dependabot config
 2022-03-28 06:29:23 -07:00
Naveen 0990ea2338
Update .github/dependabot.yml 
Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-27 20:57:40 -05:00
naveensrinivasan 712bf7fcfb Included githubactions in dependabot config 
- Included githubactions in the dependabot config

This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.

Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot

GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-27 18:09:23 +00:00
naveensrinivasan b832368bf7 Pin actions to a full length commit SHA 
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

>Pin actions to a full length commit SHA

>Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Also, dependabot supports upgrading based on SHA.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-27 18:05:05 +00:00