Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): pin dependencies #121

Merged
merged 1 commit into from
Jul 18, 2024
Merged

chore(deps): pin dependencies #121

merged 1 commit into from
Jul 18, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 18, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
actions/cache action pinDigest -> e12d46a
actions/checkout action pinDigest -> f43a0e5
aquaproj/aqua-installer action minor v2.0.2 -> v2.3.2
codecov/codecov-action action patch v3.1.1 -> v3.1.6
docker/login-action action pinDigest -> 465a078
elgohr/go-vulncheck-action action digest 90e331d -> e73217f
github/codeql-action action pinDigest -> e113c55
magefile/mage-action action digest 3b833fb -> a3d5bb5

Release Notes

aquaproj/aqua-installer (aquaproj/aqua-installer)

v2.3.2

Compare Source

#​607 export environment variable AQUA_DISABLE_COSIGN and AQUA_DISABLE_SLSA

https://github.com/aquaproj/aqua/issues/2759

To disable Cosign and slsa-verifier on subsequent steps.

v2.3.1

Compare Source

#​605 Disable Cosign and slsa-verifier

Until we will finish upgrading Cosign to v2, we disable Cosign and slsa-verifier.

https://github.com/aquaproj/aqua/issues/1665#issuecomment-2008588288

v2.3.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-installer@v2.2.0...v2.3.0

Features

#​580 Support disabling the verification with Cosign and SLSA Provenance

[!CAUTION]
This feature is for users who can't use Cosign and slsa-verifier.
Most users can use them, so most users don't need this feature.
aqua installs Cosign and slsa-verifier internally, so you don't need to install them yourself.
If you can use Cosign and slsa-verifier, you should not disable them because they are important for security.

The bootstrap version is updated to aqua v2.22.0.
From this version, aqua supports disabling the verification with Cosign and SLSA Provenance.

To disable the verification with Cosign and SLSA Provenance when you install aqua with aqua-installer,
please set the environment variables AQUA_DISABLE_COSIGN and AQUA_DISABLE_SLSA.

export AQUA_DISABLE_COSIGN=true
export AQUA_DISABLE_SLSA=true
./aqua-installer
- uses: aquaproj/aqua-installer@v2.3.0
  with:
    aqua_version: v2.22.0
  env:
    AQUA_DISABLE_COSIGN: "true"
    AQUA_DISABLE_SLSA: "true"

v2.2.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-installer@v2.1.3...v2.2.0

Features

#​365 #​550 #​551 Output the guide to set the environment variable PATH

aqua-installer outputs the following guide.

===============================================================
[INFO] aqua is installed into /root/.local/share/aquaproj-aqua/bin/aqua
[INFO] Please add the path to the environment variable "PATH"
[INFO] export PATH=${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH
===============================================================

#​551 Use wget if curl isn't found

v2.1.3

Compare Source

Issues | Pull Requests | aquaproj/aqua-installer@v2.1.2...v2.1.3

#​545 Update the bootstrap version to v2.16.4

To support aqua v2.17.0 or later on Windows.

https://github.com/aquaproj/aqua/releases/tag/v2.16.1

To upgrade aqua to v2.17.0 or later on Windows, you need to upgrade aqua to v2.16.1 or later first.

v2.1.2

Compare Source

Issues | Pull Requests | aquaproj/aqua-installer@v2.1.1...v2.1.2

Fixes

#​432 Fix typo
#​461 #​463 Fix a bug that action doesn't work in a container

Fix a bug that action doesn't work in a container

#​461 #​463

GitHub Actions supports running a job in a container.

https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container

But in a container the variable ${{ github.action_path }} is wrong, so action can't access the script aqua-installer.
This is a known issue of GitHub Actions.

To solve the issue, we copy the content of the script aqua-installer into action itself, then action don't have to access the script aqua-installer.

v2.1.1

Compare Source

Issues | Pull Requests | aquaproj/aqua-installer@v2.1.0...v2.1.1

Others

#​411 Update the bootstrapping aqua v1.26.2 to v2.2.3

This update enables to verify prerelease versions by Cosign and slsa-verifier.

ref. https://aquaproj.github.io/docs/reference/upgrade-guide/v2/change-semver

v2.1.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-installer@v2.0.2...v2.1.0

Features

#​403 Add an input policy_allow to run aqua policy allow

aqua >= v2.3.0

If policy_allow is true, aqua policy allow command is run.
If a Policy file path is set, aqua policy allow "${{inputs.policy_allow}}" is run.

See also
codecov/codecov-action (codecov/codecov-action)

v3.1.6

Compare Source

Full Changelog: codecov/codecov-action@v3.1.5...v3.1.6

v3.1.5

Compare Source

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v3.1.4...v3.1.5

v3.1.4: 3.1.4

Compare Source

What's Changed
New Contributors

Full Changelog: codecov/codecov-action@v3.1.3...v3.1.4

v3.1.3: 3.1.3

Compare Source

What's Changed

Full Changelog: codecov/codecov-action@v3.1.2...v3.1.3

v3.1.2: 3.1.2

Compare Source

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v3.1.1...v3.1.2

Configuration

📅 Schedule: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner July 18, 2024 01:46
@renovate renovate bot added the dependencies Dependency management and updates label Jul 18, 2024
@renovate renovate bot enabled auto-merge (squash) July 18, 2024 01:46
@sheldonhull sheldonhull merged commit 37d8d61 into main Jul 18, 2024
7 of 9 checks passed
@sheldonhull sheldonhull deleted the renovate/github-actions branch July 18, 2024 01:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sheldonhull sheldonhull sheldonhull approved these changes

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees
No one assigned
Labels
dependencies Dependency management and updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sheldonhull