From ef8f39f5830246510834c0aa296553f626012236 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:34:24 -0600 Subject: [PATCH 1/8] chore(deps): bump github/contributors in the dependencies group (#182) --- .github/workflows/contributors_report.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contributors_report.yaml b/.github/workflows/contributors_report.yaml index 1cdd72e..6521156 100644 --- a/.github/workflows/contributors_report.yaml +++ b/.github/workflows/contributors_report.yaml @@ -30,7 +30,7 @@ jobs: echo "END_DATE=$end_date" >> "$GITHUB_ENV" - name: Run contributor action - uses: github/contributors@90922d5748ecaf8417a3b7a0eedb4892c8fa1c44 + uses: github/contributors@695ea9d3f1c31f6ff67ab7d6a964a15f8ef9fa04 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} START_DATE: ${{ env.START_DATE }} From 3c51eefc1f7a172ee3228ec268eb94cb981b6aab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 01:17:27 -0600 Subject: [PATCH 2/8] chore(deps): bump mypy from 1.14.0 to 1.14.1 in the dependencies group (#183) --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 75c3626..272bda9 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,6 +1,6 @@ black==24.10.0 flake8==7.1.1 -mypy==1.14.0 +mypy==1.14.1 mypy-extensions==1.0.0 pylint==3.3.3 pytest==8.3.4 From 89c42c23d28cf0d983a551496c5762162ec8a61f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 00:17:29 -0600 Subject: [PATCH 3/8] chore(deps): bump the dependencies group with 2 updates (#184) --- .github/workflows/scorecard.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3d475a4..06da507 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,12 +36,12 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@v4.5.0 + uses: actions/upload-artifact@v4.6.0 with: name: SARIF file path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif From ff4b755225458ea226076e0409ccbcd5dd4fbe39 Mon Sep 17 00:00:00 2001 From: "JM (Jason Meridth)" Date: Fri, 17 Jan 2025 07:49:49 -0600 Subject: [PATCH 4/8] chore: update workflows after move (#185) jmeridth/reusable-workflows -> github/ospo-reusable-workflows - [x] update CODEOWNERS Signed-off-by: jmeridth --- .github/CODEOWNERS | 2 +- .github/workflows/auto-labeler.yml | 2 +- .github/workflows/pr-title.yml | 2 +- .github/workflows/release.yml | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index cf1f49b..a506e1e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @jmeridth @sutterj @zkoppert +* @github/ospo-github-actions diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index a684390..7e41954 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -11,7 +11,7 @@ jobs: permissions: contents: write pull-requests: write - uses: jmeridth/reusable-workflows/.github/workflows/auto-labeler.yaml@1406afbf7a795f706f04644059cecbb3b2f0c1a0 + uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yaml@1406afbf7a795f706f04644059cecbb3b2f0c1a0 with: config-name: release-drafter.yml secrets: diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 9445318..70f1974 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -12,6 +12,6 @@ jobs: contents: read pull-requests: read statuses: write - uses: jmeridth/reusable-workflows/.github/workflows/pr-title.yaml@1406afbf7a795f706f04644059cecbb3b2f0c1a0 + uses: github/ospo-reusable-workflows/.github/workflows/pr-title.yaml@1406afbf7a795f706f04644059cecbb3b2f0c1a0 secrets: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 356a3d2..05ad3c6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ jobs: permissions: contents: write pull-requests: read - uses: jmeridth/reusable-workflows/.github/workflows/release.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c + uses: github/ospo-reusable-workflows/.github/workflows/release.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c with: publish: true release-config-name: release-drafter.yml @@ -25,7 +25,7 @@ jobs: discussions: write packages: write pull-requests: read - uses: jmeridth/reusable-workflows/.github/workflows/release-image.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c + uses: github/ospo-reusable-workflows/.github/workflows/release-image.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c with: image-name: ${{ github.repository }} full-tag: ${{ needs.release.outputs.full-tag }} @@ -40,7 +40,7 @@ jobs: permissions: contents: read discussions: write - uses: jmeridth/reusable-workflows/.github/workflows/release-discussion.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c + uses: github/ospo-reusable-workflows/.github/workflows/release-discussion.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c with: full-tag: ${{ needs.release.outputs.full-tag }} body: ${{ needs.release.outputs.body }} From 6c246f3501ff7d5fa90dfda78287df5bdd0448bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 00:54:15 -0600 Subject: [PATCH 5/8] chore(deps): bump python from `1127090` to `23a81be` (#186) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 55537fa..ff5e86c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.13-slim@sha256:1127090f9fff0b8e7c3a1367855ef8a3299472d2c9ed122948a576c39addeaf1 +FROM python:3.13-slim@sha256:23a81be7b258c8f516f7a60e80943cace4350deb8204cf107c7993e343610d47 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From 418323c4cdf0f6e104b70a3dae961c6284de2553 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 05:19:32 +0000 Subject: [PATCH 6/8] chore(deps): bump python from `23a81be` to `026dd41` (#187) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ff5e86c..2b3f9cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.13-slim@sha256:23a81be7b258c8f516f7a60e80943cace4350deb8204cf107c7993e343610d47 +FROM python:3.13-slim@sha256:026dd417a88d0be8ed5542a05cff5979d17625151be8a1e25a994f85c87962a5 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From f8bd1b1a777d43ee3b0f80a51fba0dfa9fbeb6da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 05:42:45 +0000 Subject: [PATCH 7/8] chore(deps): bump the dependencies group with 2 updates (#188) --- .github/workflows/scorecard.yml | 2 +- .github/workflows/stale.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 06da507..e6f29ba 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: results.sarif diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index dfb047e..8eb70b0 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -14,7 +14,7 @@ jobs: issues: write pull-requests: read steps: - - uses: actions/stale@v9.0.0 + - uses: actions/stale@v9.1.0 with: stale-issue-message: "This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days." close-issue-message: "This issue was closed because it has been stalled for 35 days with no activity." From bc652718877dcc6ed1682099bbc14dd3aa95bc50 Mon Sep 17 00:00:00 2001 From: "JM (Jason Meridth)" Date: Mon, 27 Jan 2025 18:29:50 -0600 Subject: [PATCH 8/8] chore: update workflows (#190) - [x] update ospo-reusable-workflows version - prevents auto-labeler creating draft releases - [x] update permissions on release-image, allows for attestations, if enabled Signed-off-by: jmeridth --- .github/release-drafter.yml | 3 ++- .github/workflows/auto-labeler.yml | 4 ++-- .github/workflows/release.yml | 12 ++++++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index fb2ec4b..f786f73 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -36,11 +36,12 @@ version-resolver: minor: labels: - "enhancement" - - "fix" + - "feature" - "minor" patch: labels: - "documentation" + - "fix" - "maintenance" - "patch" default: patch diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index 7e41954..43e20ea 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -9,9 +9,9 @@ permissions: jobs: main: permissions: - contents: write + contents: read pull-requests: write - uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yaml@1406afbf7a795f706f04644059cecbb3b2f0c1a0 + uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yaml@6a0a6d0de2227f9d5d11af90a87b2e2fd6b5463d with: config-name: release-drafter.yml secrets: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 05ad3c6..a8dd877 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ jobs: permissions: contents: write pull-requests: read - uses: github/ospo-reusable-workflows/.github/workflows/release.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c + uses: github/ospo-reusable-workflows/.github/workflows/release.yaml@6a0a6d0de2227f9d5d11af90a87b2e2fd6b5463d with: publish: true release-config-name: release-drafter.yml @@ -21,11 +21,11 @@ jobs: release_image: needs: release permissions: - contents: write - discussions: write + contents: read packages: write - pull-requests: read - uses: github/ospo-reusable-workflows/.github/workflows/release-image.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c + id-token: write + attestations: write + uses: github/ospo-reusable-workflows/.github/workflows/release-image.yaml@6a0a6d0de2227f9d5d11af90a87b2e2fd6b5463d with: image-name: ${{ github.repository }} full-tag: ${{ needs.release.outputs.full-tag }} @@ -40,7 +40,7 @@ jobs: permissions: contents: read discussions: write - uses: github/ospo-reusable-workflows/.github/workflows/release-discussion.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c + uses: github/ospo-reusable-workflows/.github/workflows/release-discussion.yaml@6a0a6d0de2227f9d5d11af90a87b2e2fd6b5463d with: full-tag: ${{ needs.release.outputs.full-tag }} body: ${{ needs.release.outputs.body }}