From 069191f13d83bcbf671644ae73148a3b4e55e0a8 Mon Sep 17 00:00:00 2001 From: bytemare <3641580+bytemare@users.noreply.github.com> Date: Mon, 29 Apr 2024 18:19:25 +0200 Subject: [PATCH 1/4] some updates Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com> --- .github/renovate.json | 3 +- .github/workflows/ci.yml | 46 +++++++++++++++-------------- .github/workflows/codeql.yml | 11 ++++--- .github/workflows/scorecards.yml | 50 ++++++++++++++++++++++---------- .github/workflows/snyk.yml | 4 +-- .gitignore | 2 ++ go.mod | 6 ++-- go.sum | 4 +++ renovate.json | 6 ---- ksf_test.go => tests/ksf_test.go | 2 +- 10 files changed, 78 insertions(+), 56 deletions(-) delete mode 100644 renovate.json rename ksf_test.go => tests/ksf_test.go (99%) diff --git a/.github/renovate.json b/.github/renovate.json index de967f5..d466a32 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,7 +1,6 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "github>bytemare/renovate-config", - "config:recommended" + "github>bytemare/renovate-config" ] } diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index afc4ca9..b396b3c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,24 +11,19 @@ jobs: lint: name: Lint runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - GOVER: [ '1.18' ] - steps: - name: Checkout repo - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e with: fetch-depth: 0 - - name: Setup Go-${{ matrix.GOVER }} - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2 + - name: Setup Go + uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 with: - go-version: ${{ matrix.GOVER }} + go-version-file: ./go.mod # Linting - name: Linting - uses: golangci/golangci-lint-action@5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018 # pin@v2 + uses: golangci/golangci-lint-action@5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018 with: version: latest args: --config=./.github/.golangci.yml ./... @@ -37,15 +32,19 @@ jobs: test: name: Test runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + go: [ '1.22', '1.21' ] steps: - name: Checkout repo - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2 + uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 with: - go-version: '1.18' + go-version: ${{ matrix.go }} # Test - name: Run Tests @@ -56,13 +55,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2 + uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 with: - go-version: '1.18' + go-version-file: ./go.mod # Coverage - name: Run coverage @@ -70,20 +69,23 @@ jobs: # Codecov - name: Codecov - uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 # pin@v1 + uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 with: file: .github/coverage.out # Sonar - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@6bbd64e0cb2194e04addb429d669a9ee873eeeef # pin@master + uses: SonarSource/sonarcloud-github-action@6bbd64e0cb2194e04addb429d669a9ee873eeeef env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: args: > - -Dsonar.projectKey=bytemare_ksf -Dsonar.organization=bytemare-github - -Dsonar.go.coverage.reportPaths=coverage.out -Dsonar.sources=. + -Dsonar.projectKey=bytemare_ksf + -Dsonar.organization=bytemare-github + -Dsonar.go.coverage.reportPaths=coverage.out + -Dsonar.sources=. -Dsonar.verbose=true - #-Dsonar.tests=ksf_test.go - #-Dsonar.test.exclusions=examples_test.go,tests/** + -Dsonar.test.exclusions=tests/** + -Dsonar.coverage.exclusions=tests/** + -Dsonar.tests=tests/ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9280ecf..382b4f9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,6 +1,9 @@ name: "CodeQL" on: + push: + branches: + - main pull_request: branches: - main @@ -24,16 +27,16 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f7b6c0021b777684992d895a563fc3a0e425783a # pin@v1 + uses: github/codeql-action/init@f7b6c0021b777684992d895a563fc3a0e425783a with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@f7b6c0021b777684992d895a563fc3a0e425783a # pin@v1 + uses: github/codeql-action/autobuild@f7b6c0021b777684992d895a563fc3a0e425783a - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f7b6c0021b777684992d895a563fc3a0e425783a # pin@v1 + uses: github/codeql-action/analyze@f7b6c0021b777684992d895a563fc3a0e425783a diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2f4b01f..7719443 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -1,39 +1,57 @@ -name: Scorecards supply-chain security +name: Scorecard analysis workflow on: - # Only the default branch is supported. - branch_protection_rule: - schedule: - - cron: '44 9 * * 0' push: + # Only the default branch is supported. + branches: + - main + schedule: + # Weekly on Saturdays. + - cron: '30 1 * * 6' + pull_request: + # All branches are supported. branches: [ main ] -# Declare default permissions as read only. permissions: read-all jobs: analysis: - name: Scorecards analysis + name: Scorecard analysis runs-on: ubuntu-latest permissions: - # Needed to upload the results to code-scanning dashboard. + # Needed for Code scanning upload security-events: write - actions: read - contents: read + # Needed for GitHub OIDC token if publish_results is true + id-token: write steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + api.osv.dev:443 + api.securityscorecards.dev:443 + fulcio.sigstore.dev:443 + github.com:443 + oss-fuzz-build-logs.storage.googleapis.com:443 + rekor.sigstore.dev:443 + tuf-repo-cdn.sigstore.dev:443 + www.bestpractices.dev:443 + - name: "Checkout code" - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 + uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 # v1.0.4 + uses: ossf/scorecard-action@fad9a3cc533bb069b1f01f272f1f630895cd690a with: results_file: results.sarif results_format: sarif # Read-only PAT token. To create it, # follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation. - repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} # Publish the results to enable scorecard badges. For more details, see # https://github.com/ossf/scorecard-action#publishing-results. # For private repositories, `publish_results` will automatically be set to `false`, @@ -42,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@552bf3722c16e81001aea7db72d8cedf64eb5f68 with: name: SARIF file path: results.sarif @@ -50,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 + uses: github/codeql-action/upload-sarif@4ebadbc7468649cf79b138f45e20d999351f6ed0 with: - sarif_file: results.sarif + sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index d597a87..7260cd1 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -14,9 +14,9 @@ jobs: name: Snyk runs-on: ubuntu-latest steps: - - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # pin@master + - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/golang@7968f3f72b7f36280e6380b7c151c6a8d5a61dd0 # pin@master + uses: snyk/actions/golang@7968f3f72b7f36280e6380b7c151c6a8d5a61dd0 env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: diff --git a/.gitignore b/.gitignore index 66fd13c..bbfd2cb 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,5 @@ # Dependency directories (remove the comment below to include it) # vendor/ + +.idea \ No newline at end of file diff --git a/go.mod b/go.mod index 9f7eecb..70d500d 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,7 @@ module github.com/bytemare/ksf -go 1.19 +go 1.22 -require golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa +require golang.org/x/crypto v0.22.0 -require golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect +require golang.org/x/sys v0.19.0 // indirect diff --git a/go.sum b/go.sum index 79a1921..fe1ccc2 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= diff --git a/renovate.json b/renovate.json deleted file mode 100644 index 5db72dd..0000000 --- a/renovate.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "config:recommended" - ] -} diff --git a/ksf_test.go b/tests/ksf_test.go similarity index 99% rename from ksf_test.go rename to tests/ksf_test.go index 5fd0372..af1599e 100644 --- a/ksf_test.go +++ b/tests/ksf_test.go @@ -6,7 +6,7 @@ // LICENSE file in the root directory of this source tree or at // https://spdx.org/licenses/MIT.html -package ksf_test +package tests_test import ( "errors" From 44b3c466bd955042739d9b23b56886d0d2b49786 Mon Sep 17 00:00:00 2001 From: bytemare <3641580+bytemare@users.noreply.github.com> Date: Mon, 29 Apr 2024 18:21:45 +0200 Subject: [PATCH 2/4] update Makefile Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com> --- .github/Makefile | 31 +++++++++++++++++-------------- go.sum | 4 ---- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/.github/Makefile b/.github/Makefile index f9f9718..e53e00d 100644 --- a/.github/Makefile +++ b/.github/Makefile @@ -1,42 +1,45 @@ -GH_ACTIONS = workflows - .PHONY: update update: @echo "Updating dependencies..." - @$(shell cd ../ go get -u ../...) + @cd ../ && go get -u @pwd @go mod tidy - @echo "Updating Github Actions pins..." - @$(foreach file, $(wildcard $(GH_ACTIONS)/*.yml), pin-github-action $(file);) + +.PHONY: update-linters +update-linters: @echo "Updating linters..." - @go get -u mvdan.cc/gofumpt@latest github.com/daixiang0/gci github.com/segmentio/golines@latest + @go install mvdan.cc/gofumpt@latest + @go install github.com/daixiang0/gci@latest + @go install github.com/segmentio/golines@latest + @go install golang.org/x/tools/go/analysis/passes/fieldalignment/cmd/fieldalignment@latest @curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin .PHONY: fmt fmt: @echo "Formatting ..." @go mod tidy - @go fmt ./... - @golines -m 120 -t 4 -w . - @gofumpt -w -extra . - @gci write --Section Standard --Section Default --Section "Prefix($(shell go list -m))" ../ + @go fmt ../... + @golines -m 120 -t 4 -w ../ + @gofumpt -w -extra ../ + @gci write -s Standard -s Default -s "Prefix($(shell go list -m))" ../ + @fieldalignment -fix ../... .PHONY: license license: @echo "Checking License headers ..." - @if addlicense -check -v -f licence-header.tmpl ../*; then echo "License headers OK"; else return 1; fi; + @if addlicense -check -v -skip yaml -f licence-header.tmpl ../*; then echo "License headers OK"; else return 1; fi; .PHONY: lint -lint: license +lint: fmt license @echo "Linting ..." @if golangci-lint run --config=.golangci.yml ../...; then echo "Linting OK"; else return 1; fi; .PHONY: test test: @echo "Running all tests ..." - @go test -v ../... + @go test -v -vet=all ../... .PHONY: cover cover: @echo "Testing with coverage ..." - @go test -v -race -covermode=atomic -coverpkg=../... -coverprofile=../coverage.out ../... + @go test -v -race -covermode=atomic -coverpkg=../... -coverprofile=./coverage.out ../... diff --git a/go.sum b/go.sum index fe1ccc2..f3d6e98 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,4 @@ -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From 35920f4d3a6d479fdec4be2b72120965d7e2e38b Mon Sep 17 00:00:00 2001 From: bytemare <3641580+bytemare@users.noreply.github.com> Date: Mon, 29 Apr 2024 18:26:34 +0200 Subject: [PATCH 3/4] update workflows Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com> --- .github/workflows/ci.yml | 43 ++++++++++++++++++++++++-------- .github/workflows/codeql.yml | 19 +++++++++++--- .github/workflows/scorecards.yml | 10 ++++---- 3 files changed, 53 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b396b3c..c470da6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,18 +12,25 @@ jobs: name: Lint runs-on: ubuntu-latest steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 github.com:443 proxy.golang.org:443 objects.githubusercontent.com:443 raw.githubusercontent.com:443 + - name: Checkout repo - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e + uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631 with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 with: go-version-file: ./go.mod # Linting - name: Linting - uses: golangci/golangci-lint-action@5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018 + uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc with: version: latest args: --config=./.github/.golangci.yml ./... @@ -37,39 +44,55 @@ jobs: matrix: go: [ '1.22', '1.21' ] steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443 + - name: Checkout repo - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e + uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631 with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 with: go-version: ${{ matrix.go }} # Test - name: Run Tests - run: (cd .github/ && make test) + run: cd .github && make test analyze: name: Analyze runs-on: ubuntu-latest steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.codecov.io:443 api.github.com:443 cli.codecov.io:443 ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443 github.com:443 proxy.golang.org:443 objects.githubusercontent.com:443 scanner.sonarcloud.io:443 sonarcloud.io:443 storage.googleapis.com:443 + - name: Checkout repo - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e + uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631 with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 with: go-version-file: ./go.mod # Coverage - name: Run coverage - run: (cd .github/ && make cover) + run: cd .github && make cover # Codecov - name: Codecov - uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 + uses: codecov/codecov-action@c852ea6812cbd15cfa9f9daeb08f30391c54eb91 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: file: .github/coverage.out diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 382b4f9..c843204 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,17 +26,28 @@ jobs: fail-fast: false steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + github.com:443 + proxy.golang.org:443 + storage.googleapis.com:443 + sum.golang.org:443 + - name: Checkout repository - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e + uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f7b6c0021b777684992d895a563fc3a0e425783a + uses: github/codeql-action/init@dbf2b1706b768069fb1bb2dd2d8552be7a9e2a51 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@f7b6c0021b777684992d895a563fc3a0e425783a + uses: github/codeql-action/autobuild@dbf2b1706b768069fb1bb2dd2d8552be7a9e2a51 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f7b6c0021b777684992d895a563fc3a0e425783a + uses: github/codeql-action/analyze@dbf2b1706b768069fb1bb2dd2d8552be7a9e2a51 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7719443..c46c869 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -40,12 +40,12 @@ jobs: www.bestpractices.dev:443 - name: "Checkout code" - uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f + uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@fad9a3cc533bb069b1f01f272f1f630895cd690a + uses: ossf/scorecard-action@665016c9c2c7c34fe934fb13ebf88bff794f9b1d with: results_file: results.sarif results_format: sarif @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). - name: "Upload artifact" - uses: actions/upload-artifact@552bf3722c16e81001aea7db72d8cedf64eb5f68 + uses: actions/upload-artifact@79616d2ded92999fceefea2ca2e4bdf6101fa919 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4ebadbc7468649cf79b138f45e20d999351f6ed0 + uses: github/codeql-action/upload-sarif@dbf2b1706b768069fb1bb2dd2d8552be7a9e2a51 with: - sarif_file: results.sarif \ No newline at end of file + sarif_file: results.sarif From 1bf64e19d3126ce5783a982483c5e0c6711cf8fc Mon Sep 17 00:00:00 2001 From: bytemare <3641580+bytemare@users.noreply.github.com> Date: Mon, 29 Apr 2024 18:30:39 +0200 Subject: [PATCH 4/4] update go Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com> --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 70d500d..3b953c4 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/bytemare/ksf -go 1.22 +go 1.22.2 require golang.org/x/crypto v0.22.0