Commit Graph

145 Commits (a4670586df42a04541148c32c64c6278342f52fd)

Author SHA1 Message Date
Rob Herley 24b1443a07
use new @actions/artifact version & update download logic 2023-08-24 11:57:52 -04:00
Brian Flad e9ef242655
Add download-path output to action.yml (#194)
Reference: https://github.com/actions/download-artifact/issues/153
Reference: https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#outputs-for-docker-container-and-javascript-actions

Prevents false positives from tooling, such as `actionlint`, that depends on the metadata for static analysis.

Co-authored-by: Konrad Pabjan <konradpabjan@github.com>
2023-01-05 17:35:52 -05:00
dependabot[bot] adf9559c4f
Bump json5 from 1.0.1 to 1.0.2 (#198)
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-05 17:24:04 -05:00
Konrad Pabjan 9bc31d5ccc
Update to latest actions/artifact NPM package (#195)
* Use latest actions/artifact NPM package + misc updates

* Use node 18 + caching in CI

* Run npm release

* Use node 16 for CI + devcontainer
2023-01-04 17:30:33 -05:00
Konrad Pabjan d2278a10ef
Update release-new-action-version.yml (#196) 2023-01-04 17:25:27 -05:00
Konrad Pabjan c1a6d8f06a
Update codeql-analysis.yml (#197) 2023-01-04 17:21:01 -05:00
Francesco Renzi 9782bd6a98
Update @actions/core to 1.10.0 (#178)
* Update @actions/core to 1.10.0

* Update licenses

* solve npm conflicts

* update licenses
2022-10-20 19:26:49 -04:00
Yang Cao 076f0f7dd0
Merge pull request #156 from actions/dependabot/npm_and_yarn/ansi-regex-4.1.1
Bump ansi-regex from 4.1.0 to 4.1.1
2022-04-25 10:12:25 -04:00
dependabot[bot] 7151be3221
Bump ansi-regex from 4.1.0 to 4.1.1
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 14:08:54 +00:00
Yang Cao 51cbdc41c1
Merge pull request #152 from actions/dependabot/npm_and_yarn/minimist-1.2.6
Bump minimist from 1.2.5 to 1.2.6
2022-04-25 10:08:26 -04:00
dependabot[bot] e89a529079
Bump minimist from 1.2.5 to 1.2.6
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-26 14:50:08 +00:00
Jonathan Tamsut fb598a63ae
Merge pull request #136 from actions/jtamsut/update-lockfile-version
Update `lockfileVersion` in `package-lock.json`
2022-03-02 10:35:41 -08:00
Jonathan Tamsut a4a09c5d7e regenerate index.js 2022-03-01 14:43:36 -08:00
Jonathan Tamsut 9acf51df79 regenerate package lock 2022-03-01 14:31:56 -08:00
Jonathan Tamsut 8821072325 upgrade artifact version 2022-03-01 14:30:51 -08:00
Jonathan Tamsut b8bbd3b64f regenerate lockfile 2022-03-01 13:38:43 -08:00
Jonathan Tamsut 6ee3d963e5 revert artifact version 2022-03-01 13:37:07 -08:00
Jonathan Tamsut d4793f4e27 update docs for v3 2022-03-01 13:27:20 -08:00
Jonathan Tamsut 2d338d2145 upgrade package to v3 2022-03-01 13:18:36 -08:00
Jonathan Tamsut 360d0830b5 update dependency on artifact lib 2022-03-01 13:14:55 -08:00
Jonathan Tamsut d9b73cccac update lock file 2022-03-01 13:14:35 -08:00
Thomas Boop a327a9c763
Update default runtime to node16 (#134)
Node 12 has an end of life on April 30, 2022.

This PR updates the default runtime to [node16](https://github.blog/changelog/2021-12-10-github-actions-github-hosted-runners-now-run-node-js-16-by-default/), rather then node12. 

This is supported on all Actions Runners v2.285.0 or later.
2022-02-07 21:18:27 +01:00
Konrad Pabjan f023be2c48
Update @actions/artifact to version 0.6.0 (#123)
* Update @actions/artifact to version 0.6.0

* update artifact.dep.yml to use version 0.6.0
2021-12-07 11:44:54 -05:00
Konrad Pabjan 591af65465
Create release-new-action-version.yml (#122) 2021-12-02 11:14:52 -05:00
dependabot[bot] f2e7c54ea3
Bump path-parse from 1.0.6 to 1.0.7 (#109)
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-02 10:31:46 -05:00
Rob Herley e15ea60964
Merge pull request #121 from actions/robherley/dupe-issue-template
rm dupe security vulnerability from issue template
2021-11-23 14:48:56 -05:00
Rob Herley 12f9853977
rm dupe security vulnerability from issue template 2021-11-23 14:46:39 -05:00
Rob Herley b3f61af72c
Merge pull request #120 from actions/robherley/update-issue-templates
Add issue templates
2021-11-22 16:49:17 -05:00
Rob Herley ad79f6c16c
add issue templates 2021-11-22 10:12:52 -05:00
Brian Cristante b1985abdea
Create check-dist.yml (#108)
* Add check-dist.yml

* Fix triggers in licensed.yml
2021-08-10 13:59:02 -04:00
Brian Cristante 3be87be14a
Ingest v0.5.2 of @actions/artifact (#100)
* npm install --update @actions/artifact

* Update .licenses file

* npm run release
2021-06-16 16:19:05 -04:00
Brian Cristante 8bef1ad834
Merge pull request #97 from actions/dependabot/npm_and_yarn/glob-parent-5.1.2
Bump glob-parent from 5.1.1 to 5.1.2
2021-06-16 16:06:52 -04:00
Brian Cristante 2940e0d2ad
Merge pull request #92 from actions/dependabot/npm_and_yarn/hosted-git-info-2.8.9
Bump hosted-git-info from 2.8.5 to 2.8.9
2021-06-16 16:06:23 -04:00
Brian Cristante bd90b34638
Merge pull request #91 from actions/dependabot/npm_and_yarn/lodash-4.17.21
Bump lodash from 4.17.19 to 4.17.21
2021-06-16 16:06:06 -04:00
Brian Cristante 3b6d0aba35
Merge pull request #99 from actions/brcrista/dependabot-push
Don't trigger CodeQL on Dependabot push
2021-06-16 16:05:29 -04:00
Brian Cristante 46a6d6f216
Don't trigger CodeQL on Dependabot push 2021-06-16 16:01:04 -04:00
dependabot[bot] 246a0f4716
Bump glob-parent from 5.1.1 to 5.1.2
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-11 13:14:19 +00:00
Robert Cannon df388c92ce
Clarified the `v1` and `v2` differences (#96)
The original text implies by supplying no inputs all files are placed in the root directory without added directories by focusing only on the `path` input. In practice, supplying no inputs results in the backwards compatible `v1` behavior of creating an extra parameter. This may be obvious in some scenarios and stated somewhat later in the document, but is less obvious when the "name" matches a filename for a single file artifact.
2021-05-21 21:20:10 +02:00
dependabot[bot] 87f717a35d
Bump hosted-git-info from 2.8.5 to 2.8.9
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.5 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-11 17:16:23 +00:00
dependabot[bot] ae445150c2
Bump lodash from 4.17.19 to 4.17.21
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-11 12:10:53 +00:00
Konrad Pabjan 158ca71f7c
Bump @actions/artifact to version 0.5.1 (#85) 2021-04-06 16:50:27 -04:00
dependabot[bot] 65bdb44741
Bump y18n from 4.0.0 to 4.0.1 (#84)
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-06 15:23:44 -04:00
Josh Gross 782e5ae9ea
Merge pull request #81 from rneatherway/codeql-add-pull-request-trigger
Add on: pull_request trigger to CodeQL workflow
2021-01-14 18:42:16 -05:00
Robin Neatherway a6ff13d56d Add on: pull_request trigger to CodeQL workflow
From February 2021, in order to provide feedback on pull requests, Code Scanning workflows must be configured with both `push` and `pull_request` triggers. This is because Code Scanning compares the results from a pull request against the results for the base branch to tell you only what has changed between the two.

Early in the beta period we supported displaying results on pull requests for workflows with only `push` triggers, but have discontinued support as this proved to be less robust.

See https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#scanning-pull-requests for more information on how best to configure your Code Scanning workflows.
2021-01-13 11:19:52 +00:00
Konrad Pabjan 4a7a711286
Add retries to all HTTP calls + fix dependabot alerts (#80)
* Update @actions/artifact package to version 0.5.0

* bump eslint-plugin-github to version 4.1.1

* Update artifact.dep.yml
2021-01-04 15:47:26 +01:00
Konrad Pabjan f144d3c391
Update @actions/artifact from 0.3.5 to 0.4.2 (#73)
* Update @actions/artifact from 0.3.5 to 0.4.2

* Update package versions in .licenses
2020-12-15 10:55:26 -05:00
Josh Gross 987de047e8
Merge pull request #71 from actions/joshmgross/fix-codeowners
Fix CODEOWNERS team name
2020-12-07 15:50:08 -05:00
Josh Gross 89cfa805e3
Fix CODEOWNERS team name 2020-12-07 13:35:10 -05:00
Yang Cao 37439a4b3c
Merge pull request #69 from brcrista/patch-1
Add CODEOWNERS file
2020-11-25 15:24:36 -05:00
Brian Cristante d84bbb4c0a
Create CODEOWNERS 2020-11-25 15:18:14 -05:00