actions

mirror of https://github.com/ivuorinen/actions.git synced 2026-03-10 07:57:18 +00:00

Author	SHA1	Message	Date
renovate[bot]	0fba4a9657	chore(actions): update anchore/sbom-action action (v0.20.0 → v0.23.0) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-09 00:47:12 +00:00
Ismo Vuorinen	4360ea39c7	fix(ci): use the latest openssf scorecard action (#503 ) * fix(ci): use the latest openssf scorecard action * fix(ci): replace scorecard workflow with upstream reference Replace our custom scorecard workflow with the official ossf/scorecard workflow template for better alignment with upstream recommendations.	2026-03-09 02:46:23 +02:00
renovate[bot]	77394763a6	chore(deps)!: update actions/attest-build-provenance action (v2.3.0 → v4.1.0) (#500 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-09 00:23:30 +00:00
renovate[bot]	ca8482e2c3	chore(deps)!: update actions/upload-artifact action (v4.6.2 → v7.0.0) (#470 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-09 02:20:41 +02:00
Ismo Vuorinen	a0cc32995f	feat(security): add OpenSSF Scorecard workflow and maximize score (#498 ) * feat(security): add OpenSSF Scorecard workflow and maximize score - Add scorecard.yml workflow (weekly + push to main) with SARIF upload - Add CONTRIBUTING.md for contributor guidelines - Add SLSA provenance attestation job to release workflow - Add CycloneDX SBOM generation job to release workflow - Pin Dockerfile base images to sha256 digests - Enable Renovate pinDigests and platformAutomerge - Add OpenSSF Scorecard badge to README * fix(docs): address PR #498 review comments and remove .coderabbit.yaml - Delete .coderabbit.yaml (falls back to shared org-level config) - Add missing linter deps to CONTRIBUTING.md install step - Separate make all and make test into distinct steps - Fix line length note to match EditorConfig (200 chars, no MD override) - Add yamllint/markdownlint to YAML/JSON/Markdown linter list - Refine action references guidance - Expand "Adding a New Action" section with action-docs and catalog info	2026-03-09 01:59:07 +02:00
Ismo Vuorinen	34372bcd36	feat(pr-lint): consolidate dependency review into pr-lint action (#497 ) * feat(pr-lint): consolidate dependency review into pr-lint action Move dependency review from standalone workflow into the pr-lint composite action. Adds repository visibility check via GitHub API and runs dependency-review-action only on public repos during pull_request events, before MegaLinter. * fix(pr-lint): harden dependency review visibility check Address PR review feedback from Copilot and CodeRabbit: - Skip visibility check on non-PR events (if: pull_request) - Add continue-on-error so API failures don't block MegaLinter - Use curl --fail --show-error to surface HTTP errors in logs - Use github.token directly instead of inputs.token fallback - Add Accept header for GitHub API versioning - Validate jq output type to fail closed on bad API responses * fix(pr-lint): use event payload for visibility, unblock MegaLinter on dep review Replace curl API call with local jq read from $GITHUB_EVENT_PATH for the repository visibility check — simpler, faster, no auth needed. Add continue-on-error to dependency review so MegaLinter always runs, with a re-fail step after artifacts upload to preserve the failure signal.	2026-03-08 21:44:45 +02:00
renovate[bot]	e9deac2a01	chore(deps)!: update docker/metadata-action (v5.10.0 → v6.0.0) (#493 ) * chore(deps): update actions/setup-node action (v6.2.0 → v6.3.0) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps)!: update docker/metadata-action (v5.10.0 → v6.0.0) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-06 11:16:38 +02:00
renovate[bot]	480c06b83b	chore(deps): update actions/setup-node action (v6.2.0 → v6.3.0) (#491 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-06 11:16:07 +02:00
renovate[bot]	07ce8df887	chore(deps)!: update docker/build-push-action (v6.19.2 → v7.0.0) (#492 ) * chore(deps): update actions/setup-node action (v6.2.0 → v6.3.0) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps)!: update docker/build-push-action (v6.19.2 → v7.0.0) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-06 11:15:36 +02:00
renovate[bot]	261323db29	chore(deps): update actions/dependency-review-action action (v4.8.3 → v4.9.0) (#489 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-06 11:14:15 +02:00
renovate[bot]	08393e8063	chore(deps): update github/codeql-action action (v4.32.4 → v4.32.6) (#484 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-06 02:49:32 +02:00
Copilot	ae4ad9ec80	fix: harden workflow permissions with deny-all top-level and least-privilege job scopes (#482 )	2026-03-06 02:44:56 +02:00
renovate[bot]	d1af04260d	chore(deps)!: update docker/login-action (v3.7.0 → v4.0.0) (#477 )	2026-03-05 22:41:05 +02:00
renovate[bot]	0921e373ce	chore(deps)!: update docker/setup-buildx-action (v3.12.0 → v4.0.0) (#478 )	2026-03-05 22:26:51 +02:00
renovate[bot]	72c6155089	chore(deps)!: update github/issue-metrics (v3.25.5 → v4.1.0) (#480 )	2026-03-05 22:07:00 +02:00
renovate[bot]	03eeb4c39f	chore(deps): update astral-sh/setup-uv action (v7.3.0 → v7.3.1) (#473 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-02 03:04:57 +02:00
Ismo Vuorinen	bd59245cd7	fix(deps): replace step-security/retry and update action pins (#468 ) * fix(deps): replace step-security/retry with nick-fields/retry * chore(deps): update github action sha pins via pinact * refactor: remove common-retry references from tests and validators * chore: simplify description fallback and update action count * docs: remove hardcoded test counts from memory and docs Replace exact "769 tests" references with qualitative language so these files don't go stale as test count grows.	2026-03-02 02:31:26 +02:00
renovate[bot]	8faacf8a1c	chore(deps): update actions/dependency-review-action action (v4.8.2 → v4.8.3) (#461 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-24 20:09:57 +02:00
renovate[bot]	2e4525cb96	chore(deps): update github/codeql-action action (v4.32.3 → v4.32.4) (#459 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-23 21:29:42 +02:00
renovate[bot]	a75db3a84a	chore(deps): update actions/stale action (v10.1.1 → v10.2.0) (#460 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-23 21:29:07 +02:00
renovate[bot]	0131cbfcf6	chore(deps): update docker/build-push-action action (v6.18.0 → v6.19.2) (#451 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-17 19:13:25 +02:00
renovate[bot]	291bb2fdc4	chore(deps): update github/codeql-action action (v4.32.2 → v4.32.3) (#449 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-16 09:31:18 +02:00
renovate[bot]	c40f80e9c5	chore(deps): update actions/setup-python action (v6.1.0 → v6.2.0) (#439 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-10 13:34:34 +02:00
renovate[bot]	20fb4bc79c	chore(deps): update astral-sh/setup-uv action (v7.2.1 → v7.3.0) (#440 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-10 13:33:59 +02:00
renovate[bot]	9277758f30	chore(deps): update docker/login-action action (v3.6.0 → v3.7.0) (#441 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-10 13:33:40 +02:00
renovate[bot]	a9605c642f	chore(deps): update github/codeql-action action (v4.31.9 → v4.32.2) (#442 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-10 13:32:33 +02:00
renovate[bot]	6d25c0f8b6	chore(deps): update peter-evans/create-pull-request action (v8.0.0 → v8.1.0) (#443 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-10 13:31:35 +02:00
renovate[bot]	80621c08b4	chore(deps): update actions/setup-node action (v6.1.0 → v6.2.0) (#438 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-03 10:09:53 +02:00
renovate[bot]	51861a9b40	chore(deps): update astral-sh/setup-uv action (v7.2.0 → v7.2.1) (#430 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-02-02 07:51:30 +02:00
Ismo Vuorinen	cc842575b9	fix: add tag existence check to version-maintenance workflow (#425 ) * fix: add tag existence check to version-maintenance workflow Prevents workflow failure when major version tag doesn't exist by checking for and creating the tag before running action-versioning. * fix: add git config for tag creation in version-maintenance workflow GitHub Actions runners don't have default git user configuration, which causes annotated tag creation to fail. Add user.name and user.email config before creating tags.	2026-01-20 19:38:35 +02:00
renovate[bot]	e740f9d893	chore(deps): update astral-sh/setup-uv action (v7.1.6 → v7.2.0) (#422 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-01-12 16:35:21 +02:00
Ismo Vuorinen	a247b78178	fix: markdownlint rules and daily releases (#421 ) * fix: disable markdownlint table alignment rule * fix(ci): daily release only if changes	2026-01-09 02:10:00 +02:00
renovate[bot]	5b4e9c8e11	chore(deps): update docker/setup-buildx-action action (v3.11.1 → v3.12.0) (#410 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-12-22 07:42:23 +02:00
renovate[bot]	2d0bff84ad	chore(deps): update github/issue-metrics action (v3.25.4 → v3.25.5) (#407 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-12-22 07:40:20 +02:00
renovate[bot]	61ebe619a8	chore(deps): update github/codeql-action action (v4.31.8 → v4.31.9) (#406 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-12-22 07:38:46 +02:00
renovate[bot]	a1d55ac125	chore(deps)!: update peter-evans/create-pull-request (v7.0.11 → v8.0.0) (#405 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-12-22 03:16:24 +02:00
renovate[bot]	db86bb2f0d	chore(deps)!: update actions/download-artifact (v6.0.0 → v7.0.0) (#396 )	2025-12-17 23:36:39 +02:00
renovate[bot]	5e7b2fbc11	chore(deps)!: update actions/upload-artifact (v5.0.0 → v6.0.0) (#397 )	2025-12-17 23:35:53 +02:00
renovate[bot]	f6ed49a6dd	chore(deps): update astral-sh/setup-uv action (v7.1.5 → v7.1.6) (#398 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-12-16 13:06:42 +02:00
renovate[bot]	23ac5dbca3	chore(deps): update github/codeql-action action (v4.31.7 → v4.31.8) (#399 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-12-16 13:05:57 +02:00
renovate[bot]	0288a1c8b8	chore(deps): update astral-sh/setup-uv action (v7.1.4 → v7.1.5) (#390 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-12-08 07:39:13 +02:00
Ismo Vuorinen	44a11e9773	chore: update actions, cleanup pr-lint and pre-commit (#389 ) * chore: update actions, cleanup pr-lint * chore: cleanup pre-commit config, formatting * chore: revert sigstore/cosign-installer downgrade * chore: formatting	2025-12-07 02:24:33 +02:00
renovate[bot]	803165db8f	chore(deps): update docker/metadata-action action (v5.9.0 → v5.10.0) (#387 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-12-01 18:45:19 +02:00
Ismo Vuorinen	abe24f8570	feat(ci): versioning change (#378 ) * chore: remove bylines from actions * feat: new daily release action * chore(ci): ignore false positive in codeql, fix others * fix: cr comments	2025-11-28 10:56:52 +02:00
Ismo Vuorinen	9aa16a8164	feat: use our own actions in our workflows (#377 ) * feat: use our own actions in our workflows * fix: add missing inputs to validate-inputs, refactor node * chore: cr comment fixes * fix: update-validators formatting * chore: update validators, add tests, conventions * feat: validate severity with severity_enum * feat: add 10 generic validators to improve input validation coverage Add comprehensive validation system improvements across multiple phases: Phase 2A - Quick Wins: - Add multi_value_enum validator for 2-10 value enumerations - Add exit_code_list validator for Unix/Linux exit codes (0-255) - Refactor coverage_driver to use multi_value_enum Phase 2B - High-Value Validators: - Add key_value_list validator with shell injection prevention - Add path_list validator with path traversal and glob support Quick Wins - Additional Enums: - Add network_mode validator for Docker network modes - Add language_enum validator for language detection - Add framework_mode validator for PHP framework modes - Update boolean pattern to include 'push' Phase 2C - Specialized Validators: - Add json_format validator for JSON syntax validation - Add cache_config validator for Docker BuildKit cache configs Improvements: - All validators include comprehensive security checks - Pattern-based validation with clear error messages - 23 new test methods with edge case coverage - Update special case mappings for 20+ inputs - Fix build-args mapping test expectation Coverage impact: 22 actions now at 100% validation (88% → 92%) Test suite: 762 → 785 tests (+23 tests, all passing) * chore: regenerate rules.yml with improved validator coverage Regenerate validation rules for all actions with new validators: - compress-images: 86% → 100% (+1 input: ignore-paths) - docker-build: 63% → 100% (+4 inputs: cache configs, platform-build-args) - docker-publish: 73% → 100% (+1 input: build-args) - language-version-detect: 67% → 100% (+1 input: language) - php-tests: 89% (fixed framework→framework_mode mapping) - prettier-lint: 86% → 100% (+2 inputs: file-pattern, plugins) - security-scan: 86% (maintained coverage) Overall: 23 of 25 actions now at 100% validation coverage (92%) * fix: address PR #377 review comments - Add \| None type annotations to 6 optional parameters (PEP 604) - Standardize injection pattern: remove @# from comma_separated_list validator (@ and # are not shell injection vectors, allows npm scoped packages) - Remove dead code: unused value expression in key_value_list validator - Update tests to reflect injection pattern changes	2025-11-25 23:51:03 +02:00
Ismo Vuorinen	e58465e5d3	chore(new-release): add prefix v, add security as type (#376 ) * chore(new-release): add prefix v, add security as type * fix(pr-lint): fix pr-lint workflow * fix(lint): prettier format	2025-11-25 14:15:55 +02:00
Ismo Vuorinen	9fe05efeec	chore: update workflows (#375 )	2025-11-25 13:31:36 +02:00
renovate[bot]	d05e898ea9	chore(deps): update astral-sh/setup-uv action (v7.1.3 → v7.1.4) (#362 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-24 01:13:56 +02:00
renovate[bot]	650ebb87b8	chore(deps): update peter-evans/create-pull-request action (v7.0.8 → v7.0.9) (#363 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-24 01:13:38 +02:00
renovate[bot]	bcf49f55b5	chore(deps): update github/codeql-action action (v4.31.3 → v4.31.4) (#357 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-21 14:08:28 +00:00

1 2 3 4

169 Commits