Commit Graph

110 Commits

Author SHA1 Message Date
Juri Burakov 0262880861
Create snyk-infrastructure-analysis.yml 2021-10-05 18:52:05 +03:00
Juri Burakov 8e09aabe01
Create semgrep-analysis.yml 2021-10-05 18:51:33 +03:00
Juri Burakov e4f8eacb93
Create ossar-analysis.yml 2021-10-05 18:51:23 +03:00
Juri Burakov 3a8a3c6992
Create njsscan-analysis.yml 2021-10-05 18:50:53 +03:00
Juri Burakov c1786275f7
Create mayhem-for-api-analysis.yml 2021-10-05 18:50:44 +03:00
Juri Burakov 3f78c19f63
Create kubesec-analysis.yml 2021-10-05 18:50:34 +03:00
Juri Burakov 4201ddca39
Create fortify-analysis.yml 2021-10-05 18:50:25 +03:00
Juri Burakov 70b500fa76
Create devskim-analysis.yml 2021-10-05 18:50:12 +03:00
Juri Burakov c780d1c47d
Create checkmarx-analysis.yml 2021-10-05 18:49:51 +03:00
Juri Burakov 4c80ed3dc1
Create codescan-analysis.yml 2021-10-05 18:49:42 +03:00
Juri Burakov 2bf9babf87
Create codacy-analysis.yml 2021-10-05 18:49:32 +03:00
Juri Burakov 5a06639c05
Create crunch42-analysis.yml 2021-10-05 18:49:22 +03:00
Juri Burakov e82308b244 Set theme jekyll-theme-cayman 2021-10-05 18:36:43 +03:00
Juri Burakov 7d8cc4ccdd Update issue templates 2021-10-05 18:34:41 +03:00
Juri Burakov 77fdb3833b
Create SECURITY.md 2021-10-05 18:32:47 +03:00
Brian Cristante 11e311c8b5
Remove path filters (#229) 2021-06-25 13:39:56 -04:00
Brian Cristante 317b58f0d1
Fix YAML types in licensed.yml (#228)
* fix YAML types in licensed.yml

* Update .github/workflows/licensed.yml

Co-authored-by: Josh Gross <joshmgross@github.com>

* formatting

Co-authored-by: Josh Gross <joshmgross@github.com>
2021-06-24 11:52:33 -04:00
Brian Cristante 8d06e6c094
Create check-dist.yml (#227)
* Create check-dist.yml

* steps.if still needs ${{ }} when the expr has operators

* single quotes?

* npm install

* mess with index.js

* add if failure()

* Copy the correct version back in from the artifact

* Update .github/workflows/check-dist.yml

Co-authored-by: Konrad Pabjan <konradpabjan@github.com>

* formatting & language

* npm ci

Co-authored-by: Konrad Pabjan <konradpabjan@github.com>
2021-06-24 11:38:43 -04:00
Brian Cristante 27121b0bdf
Ingest v0.5.2 of @actions/artifact (#224)
* npm install --update @actions/artifact

* update .license file

* npm run release
2021-06-16 11:09:14 -04:00
dependabot[bot] 4537e112f4
Bump ws from 7.2.3 to 7.5.0 (#221)
Bumps [ws](https://github.com/websockets/ws) from 7.2.3 to 7.5.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.2.3...7.5.0)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com>
2021-06-16 10:34:57 -04:00
Brian Cristante 2368feccd5
Avoid triggering push for Dependabot branches (again) (#223) 2021-06-16 10:31:46 -04:00
dependabot[bot] 52a3c6b975
Bump glob-parent from 5.1.1 to 5.1.2 (#219)
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com>
2021-06-16 10:19:08 -04:00
dependabot[bot] 76f4433885
Bump hosted-git-info from 2.8.5 to 2.8.9 (#203)
* Bump hosted-git-info from 2.8.5 to 2.8.9

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.5 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>

* Empty commit

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com>
2021-06-16 10:15:16 -04:00
Brian Cristante 46426468d3
Merge pull request #222 from actions/brcrista/dependabot-push
Avoid triggering push for Dependabot branches
2021-06-16 10:08:56 -04:00
Brian Cristante 8507687653
avoid triggering push for Dependabot branches 2021-06-16 10:05:05 -04:00
Brian Cristante 0482dbbe7a
Merge pull request #202 from actions/dependabot/npm_and_yarn/lodash-4.17.21
Bump lodash from 4.17.19 to 4.17.21
2021-06-16 10:01:31 -04:00
Brian Cristante 58518184d2
Merge pull request #211 from JasonGross/patch-1
Fix the grammar in a warning message
2021-06-16 09:59:04 -04:00
Jason Gross 4db8255e70
Fix the grammar in a warning message 2021-05-23 08:33:18 -04:00
Robert Cannon 9243a41f97
Re-order example descriptions (#209)
Given the way that the two descriptions were written it was confusing about which example was being discussed (see specifically "In the above example in the previous version).
2021-05-21 19:28:43 +02:00
Remy Kabel 9dc0ee81a2
Fix spelling error (#204)
effect -> affect
2021-05-14 15:13:55 +02:00
dependabot[bot] 2e3d6da508
Bump lodash from 4.17.19 to 4.17.21
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-11 12:10:04 +00:00
Konrad Pabjan ee69f02b3d
Bump @actions/artifact to version 0.5.1 (#189)
* Bump @actions/artifact to version 0.5.1

* Update license versions
2021-04-06 16:47:26 -04:00
dependabot[bot] bcd44ad93d
Bump y18n from 4.0.0 to 4.0.1 (#186)
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-06 14:57:20 -04:00
Yang Cao ea3d524381
Merge pull request #173 from yacaovsnc/main
Display a warning if user tries to upload over 10000 files
2021-02-08 15:48:10 -05:00
Yang Cao e95d1b9c8d update index.js 2021-02-08 15:41:35 -05:00
Yang Cao 0fbc4b771a Display a warning if user tries to upload over 10000 files 2021-02-08 15:09:20 -05:00
Robin Neatherway a1af2e8f43
Add on: pull_request trigger to CodeQL workflow (#165)
From February 2021, in order to provide feedback on pull requests, Code Scanning workflows must be configured with both `push` and `pull_request` triggers. This is because Code Scanning compares the results from a pull request against the results for the base branch to tell you only what has changed between the two.

Early in the beta period we supported displaying results on pull requests for workflows with only `push` triggers, but have discontinued support as this proved to be less robust.

See https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#scanning-pull-requests for more information on how best to configure your Code Scanning workflows.
2021-01-15 12:19:21 +01:00
Konrad Pabjan a4f98af3fa
Update README.md 2021-01-07 18:56:21 +01:00
Konrad Pabjan 16b8b2b2e7
Update where does the upload go section (#162) 2021-01-05 16:00:51 +01:00
Konrad Pabjan e448a9b857
Add retries to all HTTP calls + resolve dependabot alerts (#160)
* Bump @actions/artifact to version 0.5.0

* Resolve dependabot alert for node-notifier

* Resolve dependabot alert for node-fetch

* Bump artifact.dep.yml

* Update http-client.dep.yml
2021-01-04 15:48:10 +01:00
Hugo van Kemenade e6bd6b7749
Replace "file(s)" with "file" or "files" (#159) 2021-01-04 11:24:12 +01:00
Josh Gross 1fd4c858f9
Merge pull request #152 from actions/joshmgross/fix-codeowners
Fix CODEOWNERS team name
2020-12-07 14:24:45 -05:00
Josh Gross a2af908e3a
Fix CODEOWNERS team name 2020-12-07 13:36:14 -05:00
Brian Cristante 928d1a16d9
Create CODEOWNERS (#149) 2020-11-25 15:24:41 -05:00
Konrad Pabjan e4a7ffadfc
Update README with more retention documentation 2020-11-17 12:57:17 -05:00
Brian Westphal 726a6dcd01
Adding example of retention-days option. (#131) 2020-11-13 12:25:13 -05:00
Josh Gross 3db166e2ea
Merge pull request #145 from actions/joshmgross/update-actions-core
Update @actions/core to 1.2.6
2020-11-13 10:52:34 -05:00
Josh Gross d86048c66c
Update @actions/core license 2020-11-12 16:46:49 -05:00
Josh Gross 328d69042a
Update @actions/core to 1.2.6 2020-11-12 16:32:13 -05:00
Yang Cao 27bce4eee7
Merge pull request #112 from thboop/main
Add `Licensed` To Help Verify Prod Licenses
2020-09-23 17:18:48 -04:00