Skip to content

Commit 6a5198e

Browse files
zduneckizdunecki
committed
Merge remote-tracking branch 'oapi-codegen' into livesession
2 parents 1adcd4b + 09919e7 commit 6a5198e

49 files changed

Lines changed: 547 additions & 138 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/sponsors/elastic-dark.svg

Lines changed: 0 additions & 23 deletions
This file was deleted.

.github/sponsors/elastic-light.svg

Lines changed: 0 additions & 23 deletions
This file was deleted.

.github/workflows/ci.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
name: Build project
22
on: [ push, pull_request ]
3+
4+
permissions:
5+
contents: read
6+
37
jobs:
48
build:
59
name: Build
@@ -15,10 +19,10 @@ jobs:
1519
- "1.25"
1620
steps:
1721
- name: Check out source code
18-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
22+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
1923

2024
- name: Set up Go
21-
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
25+
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
2226
with:
2327
go-version: ${{ matrix.version }}
2428

.github/workflows/generate.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
name: Ensure generated files are up-to-date
22
on: [ push, pull_request ]
3+
4+
permissions:
5+
contents: read
6+
37
jobs:
48
build:
59
name: Build
@@ -15,10 +19,10 @@ jobs:
1519
- "1.25"
1620
steps:
1721
- name: Check out source code
18-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
22+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
1923

2024
- name: Set up Go
21-
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
25+
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
2226
with:
2327
go-version: ${{ matrix.version }}
2428

.github/workflows/govulncheck.yml

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
name: Determine known CVEs through `govulncheck`
2+
on:
3+
push:
4+
branches:
5+
- main
6+
schedule:
7+
# Mondays at 0000
8+
- cron: "0 0 * * 1"
9+
10+
permissions:
11+
contents: read
12+
13+
jobs:
14+
check-for-vulnerabilities:
15+
name: Check for vulnerabilities using `govulncheck`
16+
runs-on: ubuntu-latest
17+
permissions:
18+
security-events: write
19+
contents: read
20+
steps:
21+
- uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
22+
with:
23+
# to be explicit, we're only checking the top-level `oapi-codegen` package
24+
# we are intentionally NOT intending to keep on top of security updates in `internal/test` or `examples`, or any submodules thereof
25+
go-package: ./...
26+
# NOTE that we want to produce the SARIF-formatted report, which can then be consumed by other tools ...
27+
output-format: sarif
28+
output-file: govulncheck.sarif
29+
30+
# ... such as the Code Scanning tab (https://github.com/oapi-codegen/oapi-codegen/security/code-scanning?query=is%3Aopen+branch%3Amain+tool%3Agovulncheck)
31+
- name: Upload SARIF file
32+
uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
33+
with:
34+
sarif_file: govulncheck.sarif
35+
category: govulncheck
36+
37+
- name: Print code scanning results URL
38+
run: |
39+
echo "Results: https://github.com/${{ github.repository }}/security/code-scanning?query=is%3Aopen+branch%3Amain+tool%3Agovulncheck"

.github/workflows/labeler.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,14 @@ name: "Pull Request Labeler"
22
on:
33
- pull_request_target
44

5+
permissions:
6+
contents: read
7+
58
jobs:
69
labeler:
710
permissions:
811
contents: read
912
pull-requests: write
1013
runs-on: ubuntu-latest
1114
steps:
12-
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5
15+
- uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1

.github/workflows/lint.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
name: Lint project
22
on: [push, pull_request]
3+
4+
permissions:
5+
contents: read
6+
37
jobs:
48
build:
59
name: Build
@@ -15,10 +19,10 @@ jobs:
1519
- "1.25"
1620
steps:
1721
- name: Check out source code
18-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
22+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
1923

2024
- name: Set up Go
21-
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
25+
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
2226
with:
2327
go-version: ${{ matrix.version }}
2428

.github/workflows/release-drafter.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
pull-requests: write
1717
runs-on: ubuntu-latest
1818
steps:
19-
- uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6
19+
- uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0
2020
with:
2121
name: next
2222
tag: next

.github/workflows/scorecard.yml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
name: Scorecard supply-chain security
2+
on:
3+
schedule:
4+
- cron: "0 5 * * 1"
5+
push:
6+
branches:
7+
- main
8+
9+
permissions: read-all
10+
11+
jobs:
12+
analysis:
13+
name: Scorecard analysis
14+
runs-on: ubuntu-latest
15+
permissions:
16+
# Needed to upload the results to code-scanning dashboard
17+
security-events: write
18+
# Needed to publish results and get a badge (see publish_results below)
19+
id-token: write
20+
21+
steps:
22+
- name: "Checkout code"
23+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
24+
with:
25+
persist-credentials: false
26+
show-progress: false
27+
28+
- name: "Run analysis"
29+
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
30+
with:
31+
results_file: results.sarif
32+
results_format: sarif
33+
publish_results: true
34+
35+
- name: "Upload artifact"
36+
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
37+
with:
38+
name: SARIF file
39+
path: results.sarif
40+
retention-days: 5
41+
42+
# Upload the results to GitHub's code scanning dashboard
43+
- name: "Upload to code-scanning"
44+
uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
45+
with:
46+
sarif_file: results.sarif

.github/workflows/tidy.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
name: Ensure `go mod tidy` has been run
22
on: [ push, pull_request ]
3+
4+
permissions:
5+
contents: read
6+
37
jobs:
48
build:
59
name: Build
@@ -15,10 +19,10 @@ jobs:
1519
- "1.25"
1620
steps:
1721
- name: Check out source code
18-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
22+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
1923

2024
- name: Set up Go
21-
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
25+
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
2226
with:
2327
go-version: ${{ matrix.version }}
2428

0 commit comments

Comments
 (0)