c87e522a58
Revert Gpg plugin changes ( #3888 )
5 months ago
528a831ce8
Mandlil maven update ( #3884 )
* update pom project name
* [maven-release-plugin] prepare release v9.0.9
* [maven-release-plugin] prepare for next development iteration
* Update java-unit-test.yml
Skip GPG Signing
5 months ago
48aa193a1c
Update osv-scanner-unified.yml ( #3794 )
11 months ago
fe3b4eb2ab
Update codeql.yml ( #3359 )
Signed-off-by: Joyce <joycebrum@google.com>
Co-authored-by: Tijana Vislavski Gradina <tijanavg@google.com>
1 year ago
918b67ce14
Update osv-scanner-unified.yml ( #3726 )
* Update osv-scanner-unified.yml
* Update osv-scanner-unified.yml
Updating version
1 year ago
a4ebf2fc23
Create osv-scanner-unified.yml ( #3666 )
* Create osv-scanner-unified.yml
OSV-Scanner is used to find existing vulnerabilities that affect the project's dependencies
Issue - b/275499664
* Adding version number
1 year ago
aef2fdc64e
Add CI workflow for C++ ( #3643 )
Co-authored-by: mandlil <138015259+mandlil@users.noreply.github.com>
1 year ago
55716be400
Update scorecards.yml ( #3625 )
Fixing the issue based on info from Scorecard workflow is failing: error signing scorecard json results ossf/scorecard-action#997
1 year ago
42831598ac
Update dependabot.yml to avoid multiple PRs ( #3360 )
Signed-off-by: Joyce <joycebrum@google.com>
Co-authored-by: Tijana Vislavski Gradina <tijanavg@google.com>
2 years ago
5b36228e9f
Update dependabot.yml ( #3205 )
Dependabot schedule interval is updating daily to monthly, so that PR will create monthly
2 years ago
e3b0e10884
Bump step-security/harden-runner from 2.5.0 to 2.5.1 ( #3168 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](cba0d00b1f
2 years ago
2ad1f064fe
Bump github/codeql-action from 2.21.1 to 2.21.3 ( #3164 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.1 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6ca1aa8c19
2 years ago
5a5d7cae41
Bump actions/dependency-review-action from 2.5.1 to 3.0.7 ( #3169 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 3.0.7.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84
2 years ago
d2ba31a255
Revert "Bump ossf/scorecard-action from 2.0.6 to 2.2.0 ( #3130 )" ( #3137 )
This reverts commit 22d14ae838
2 years ago
3efe7291b0
Bump step-security/harden-runner from 2.2.1 to 2.5.0 ( #3132 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.2.1 to 2.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1f99358870
2 years ago
22d14ae838
Bump ossf/scorecard-action from 2.0.6 to 2.2.0 ( #3130 )
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0
2 years ago
41b8c5de2d
Bump actions/setup-java from 2.5.1 to 3.12.0 ( #3133 )
Bumps [actions/setup-java](https://github.com/actions/setup-java ) from 2.5.1 to 3.12.0.
- [Release notes](https://github.com/actions/setup-java/releases )
- [Commits](91d3aa4956
2 years ago
371883734c
Bump github/codeql-action from 2.2.9 to 2.21.1 ( #3136 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6
2 years ago
c9d8ed077d
Adding Code Owners So the approvers were organized ( #2995 )
3 years ago
64ddcd4dfe
[StepSecurity] Apply security best practices ( #2913 )
* [StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
* Update codeql.yml
* Update codeql.yml
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: penmetsaa <penmetsaa@google.com>
3 years ago
9970ea0431
Remove old ci/cd configs ( #2691 )
4 years ago
a908dac441
Update event list for workflow triggering. ( #2665 )
- When configured "pull_request[type: opened] + push", workflow not getting triggered when there is a change in PR code/commits when the branch is from the parent's forked repo.
- Configured only pull_request event as any change can only go through PR.
- pull_request event by default happens when opened, synchronize (means whenever there is change/commit, sync happens), and reopened. So this should be good enough for our use cases.
More details in [approach doc](https://docs.google.com/document/d/1YNYUAlEUXTi4UZG5gEFZGQ7oe7LxNKh7FYSg2qtIUvI/edit#heading=h.1c7qt5y1jb9 )
4 years ago
5b1e24628a
Configure CI flow in Github Actions ( #2664 )
Our objective is to (replicating the previous setup):
- Do Maven test of LPN tool modules common, data and java-build through a Maven profile.
- Also build and test run ant target “junit” that unit tests the java LPN api jar after being built.
- Check whether LPN’s JS API/files are in ascii format/not.
- More details are mentioned in [approach doc](https://docs.google.com/document/d/1YNYUAlEUXTi4UZG5gEFZGQ7oe7LxNKh7FYSg2qtIUvI/edit )
4 years ago
mandlil
Joyce
Silvio Brändle
dependabot[bot]
penmetsaa
StepSecurity Bot