upstream/helm
1
0
Fork 0
mirror of https://github.com/helm/helm.git synced 2026-02-16 01:09:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
7892 commits 61 branches 244 tags 133 MiB
Commit graph

159 commits

Author SHA1 Message Date
Matthieu MOREL
6b15f26bd4 fix: govulncheck workflow 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2025-05-12 21:58:43 -07:00
dongjiang
2a5f83b960
backport #30677to dev3 
Signed-off-by: dongjiang <dongjiang1989@126.com>
 2025-04-18 10:45:19 +08:00
Matt Farina
037c18af35 Update golangci-lint version 
Signed-off-by: Matt Farina <matt.farina@suse.com>
(cherry picked from commit 66f84e510e)
 2024-12-28 12:06:54 -05:00
Matt Farina
9f620b857a Update to Go 1.23 
Multiple changes were made to pass linting. Some Go built-in names
are being used for variables (e.g., min). This happens in the Go
source itself including the Go standard library and is not always
a bad practice.

To handle allowing some built-in names to be used the linter config
is updated to allow (via opt-in) some names to pass. This allows us
to still check for re-use of Go built-in names and opt-in to any
new uses.

There were also several cases where a value was checked for nil
before checking its length when this is already handled by len()
or the types default value. These were cleaned up.

The license validation was updated because it was checking everything
in the .git directory including all remote content that was local.
The previous vendor directory was from a time prior to Go modules
when Helm handled dependencies differently. It was no longer needed.

Signed-off-by: Matt Farina <matt.farina@suse.com>
(cherry picked from commit 5727f56a96)
 2024-12-28 12:06:27 -05:00
George Jenkins
2042f7d35a Run build-test action on dev-v3 branch 
Signed-off-by: George Jenkins <gvjenkins@gmail.com>
(cherry picked from commit bfada38aa9)
 2024-12-26 16:39:05 -05:00
Matt Farina
b5a83ea821 Adding CI for dev-v3 branch 
When the main branch is for Helm v4, the dev-v3 branch is for Helm v3.

Note, the canary release is setup for helm v4 once the v3 branch is created
and there is no canary release for v3.

Signed-off-by: Matt Farina <matt.farina@suse.com>
 2024-11-11 06:17:45 -07:00
Matt Farina
261233caec
Merge pull request #12620 from helm/dependabot/github_actions/actions/stale-9.0.0 
chore(deps): bump actions/stale from 3.0.14 to 9.0.0
 2024-11-01 15:25:26 -04:00
Matt Farina
029e983241
Increasing the size of the runner used for releases. 
Note, this runner is provided as part of the CNCF access to GitHub
Enterprise runners.

Signed-off-by: Matt Farina <matt.farina@suse.com>
 2024-11-01 12:16:59 -04:00
dependabot[bot]
f983342597
Bump actions/checkout from 4.2.1 to 4.2.2 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](eef61447b9...11bd71901b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-25 19:04:08 +00:00
dependabot[bot]
c867af8e11
Bump actions/setup-go from 5.0.2 to 5.1.0 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](0a12ed9d6a...41dfa10bad)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-24 21:31:32 +00:00
dependabot[bot]
140a376539
chore(deps): bump actions/stale from 3.0.14 to 9.0.0 
Bumps [actions/stale](https://github.com/actions/stale) from 3.0.14 to 9.0.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v3.0.14...v9.0.0)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-09 19:55:48 +00:00
dependabot[bot]
d517450a11
Bump actions/checkout from 4.2.0 to 4.2.1 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](d632683dd7...eef61447b9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-07 21:46:29 +00:00
dependabot[bot]
9e192b28eb
Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](aaa42aa062...971e284b60)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-03 21:52:53 +00:00
dependabot[bot]
79257331c2
Bump golang/govulncheck-action from 1.0.3 to 1.0.4 
Bumps [golang/govulncheck-action](https://github.com/golang/govulncheck-action) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/golang/govulncheck-action/releases)
- [Commits](dd0578b371...b625fbe08f)

---
updated-dependencies:
- dependency-name: golang/govulncheck-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 21:38:55 +00:00
Matt Farina
b2286c4caa
Merge pull request #13328 from robertsirc/adjusting-go-setup-check-latest 
adding check-latest:true
 2024-10-01 14:58:10 +02:00
dependabot[bot]
2cd8d54c83
Bump actions/checkout from 4.1.7 to 4.2.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](692973e3d9...d632683dd7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-25 21:28:37 +00:00
Robert Sirchia
a8750f4ce9
adding toplevel permissions to workflows missing them 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-24 10:14:38 -04:00
Robert Sirchia
62069eb7b5
removing testing trigger from govulncheck action 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-13 16:27:53 -04:00
Robert Sirchia
114db17898
adding top-level permissions 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-13 16:24:36 -04:00
Matt Farina
3a3e3846ca
Merge pull request #13331 from helm/dependabot/github_actions/ossf/scorecard-action-2.4.0 
Bump ossf/scorecard-action from 2.3.1 to 2.4.0
 2024-09-13 15:44:20 -04:00
Matt Farina
334f5ed87e
Merge pull request #13330 from helm/dependabot/github_actions/actions/checkout-4.1.7 
Bump actions/checkout from 4.1.1 to 4.1.7
 2024-09-13 15:37:32 -04:00
Robert Sirchia
8642225be3
Fixing the action trigger 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-13 15:22:57 -04:00
Robert Sirchia
5217ea8f18
testing permissing for codeql 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-13 15:18:24 -04:00
dependabot[bot]
9134b9edab
Bump ossf/scorecard-action from 2.3.1 to 2.4.0 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](0864cf1902...62b2cac7ed)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-12 21:10:25 +00:00
dependabot[bot]
144e7b0287
Bump actions/checkout from 4.1.1 to 4.1.7 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.1...692973e3d937129bcbf40652eb9f2f61becf3332)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-12 21:10:20 +00:00
Robert Sirchia
611fae3d7d
adding check-latest:true 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-12 12:51:48 -04:00
Joe Julian
ef2719448b
Merge pull request #13233 from harshitasao/issue-13131 
Added the scorecard github action and its badge
 2024-09-12 09:13:41 -07:00
Joe Julian
1a55457375
Merge pull request #13259 from harshitasao/scorecard-checks-fix 
fix: fixed the token-permission and pinned-dependencies issue
 2024-09-12 09:12:47 -07:00
Robert Sirchia
e7b25bab6f
bumping version to 1.22.7 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-11 15:44:13 -04:00
Robert Sirchia
5326d79d3e
refectoring to ONE GH action 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-06 15:17:32 -04:00
Robert Sirchia
d91188159e
adding new lines at the end of each files 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-06 15:09:48 -04:00
Robert Sirchia
1aa640fe1d
changing the trigger file 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-06 11:47:06 -04:00
Robert Sirchia
3ef6dd4036
changing trigger file from go.sum to go.mod 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-06 11:41:45 -04:00
Robert Sirchia
5f15f53e2e
removing govulncheck from build-test 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-06 11:38:40 -04:00
Robert Sirchia
4df7d5628b
adding new workflows for govulncheck 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-09-06 11:37:08 -04:00
Robert Sirchia
88fa81ecb6
adding a new line at the end of the file as per the request of the maintainers 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-30 16:39:08 -04:00
Robert Sirchia
76b9d962f0
restoring the original triggers that were removed for testing 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-30 16:34:28 -04:00
Robert Sirchia
38dd4a7fea
moving govulncheck to a seperate job 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-30 16:31:11 -04:00
Robert Sirchia
1ad6af9287
removing specific go version for govulncheck 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-30 16:20:15 -04:00
Robert Sirchia
e46e0ddb98
updating go version for govulncheck 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-30 16:13:33 -04:00
Robert Sirchia
6757f8a81b
fixing directory for go-packages 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-30 16:04:08 -04:00
Robert Sirchia
031b34458e
changing the triggers to test this GH actions 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-30 15:56:13 -04:00
Robert Sirchia
7e3df4baaf
Adding in workflow_call to test GH Actions 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-30 15:48:23 -04:00
Robert Sirchia
eba0f78a47
Merge branch 'helm:main' into adding-goland-govulncheck-action 2024-08-30 15:17:48 -04:00
dependabot[bot]
e448aae04e
Bump github/codeql-action from 3.26.3 to 3.26.6 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.3 to 3.26.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](883d8588e5...4dd16135b6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-29 21:47:08 +00:00
Robert Sirchia
b351fdce99
adding workflow_dispatch to test 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-28 16:39:48 -04:00
Robert Sirchia
67617290d4
adding govulncheck 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2024-08-28 15:40:37 -04:00
dependabot[bot]
c58cb9a529
Bump github/codeql-action from 3.26.2 to 3.26.3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](429e197704...883d8588e5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-19 21:54:51 +00:00
harshitasao
b4caed94cd fix: fixed the token-permission and pinned-dependencies issue 
Signed-off-by: harshitasao <harshitasao@gmail.com>
 2024-08-18 08:55:55 +05:30
dependabot[bot]
83874d9edd
Bump github/codeql-action from 3.26.1 to 3.26.2 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.1 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](29d86d22a3...429e197704)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-14 21:56:11 +00:00