Stowage/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-10-19 07:43:17 +00:00
Code Issues Projects Releases Packages Wiki Activity
2359 commits 35 branches 147 tags 36 MiB
Commit graph

5 commits

Author SHA1 Message Date
dependabot[bot]
afbdcec08b
build(deps): bump the actions-deps group with 8 updates (#7284) 
Bumps the actions-deps group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.0` | `2.13.1` |
| [actions/setup-go](https://github.com/actions/setup-go) | `5.5.0` | `6.0.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.7.3` | `4.8.0` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.9.2` | `3.10.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.5` | `0.20.6` |
| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.0` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.30.0` | `3.30.5` |


Updates `step-security/harden-runner` from 2.13.0 to 2.13.1
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](ec9f2d5744...f4a75cfd61)

Updates `actions/setup-go` from 5.5.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](d35c59abb0...4469467582)

Updates `actions/dependency-review-action` from 4.7.3 to 4.8.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](595b5aeba7...56339e523c)

Updates `sigstore/cosign-installer` from 3.9.2 to 3.10.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](d58896d6a1...d7543c93d8)

Updates `anchore/sbom-action` from 0.20.5 to 0.20.6
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](da167eac91...f8bdd1d8ac)

Updates `peter-evans/repository-dispatch` from 3.0.0 to 4.0.0
- [Release notes](https://github.com/peter-evans/repository-dispatch/releases)
- [Commits](ff45666b94...5fc4efd1a4)

Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](05b42c6244...4eaacf0543)

Updates `github/codeql-action` from 3.30.0 to 3.30.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2d92b76c45...3599b3baa1)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.13.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: actions/setup-go
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-deps
- dependency-name: actions/dependency-review-action
  dependency-version: 4.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: sigstore/cosign-installer
  dependency-version: 3.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: peter-evans/repository-dispatch
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-deps
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: github/codeql-action
  dependency-version: 3.30.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-01 23:11:09 +00:00
dependabot[bot]
2d0f3f887b
build(deps): bump the actions-deps group with 5 updates (#7237) 
Bumps the actions-deps group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `5.0.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.3.0` | `6.4.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.7.1` | `4.7.3` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.4` | `0.20.5` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.7` | `3.30.0` |


Updates `actions/checkout` from 4.2.2 to 5.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.2.2...08c6903cd8c0fde910a37f88322edcfb5dd907a8)

Updates `goreleaser/goreleaser-action` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](9c156ee8a1...e435ccd777)

Updates `actions/dependency-review-action` from 4.7.1 to 4.7.3
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](da24556b54...595b5aeba7)

Updates `anchore/sbom-action` from 0.20.4 to 0.20.5
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](7b36ad622f...da167eac91)

Updates `github/codeql-action` from 3.29.7 to 3.30.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](51f77329af...2d92b76c45)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-deps
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: actions/dependency-review-action
  dependency-version: 4.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: github/codeql-action
  dependency-version: 3.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-02 13:05:58 -06:00
dependabot[bot]
5bc2afbbb6
build(deps): bump the actions-deps group with 6 updates (#7142) 
Bumps the actions-deps group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.12.1` | `2.13.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.1` | `4.6.2` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `e9a05e6d32d7ed22b5656cd874ef31af58d05bfa` | `d58896d6a1865668819e1d91763c7751a165e159` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.1` | `0.20.4` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.2` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.0` | `3.29.4` |


Updates `step-security/harden-runner` from 2.12.1 to 2.13.0
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](002fdce3c6...ec9f2d5744)

Updates `actions/upload-artifact` from 4.6.1 to 4.6.2
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...ea165f8d65b6e75b540449e92b4886f43607fa02)

Updates `sigstore/cosign-installer` from e9a05e6d32d7ed22b5656cd874ef31af58d05bfa to d58896d6a1865668819e1d91763c7751a165e159
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](e9a05e6d32...d58896d6a1)

Updates `anchore/sbom-action` from 0.20.1 to 0.20.4
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](9246b90769...7b36ad622f)

Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](f49aabe0b5...05b42c6244)

Updates `github/codeql-action` from 3.29.0 to 3.29.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ce28f5bb42...4e828ff8d4)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: actions/upload-artifact
  dependency-version: 4.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: sigstore/cosign-installer
  dependency-version: d58896d6a1865668819e1d91763c7751a165e159
  dependency-type: direct:production
  dependency-group: actions-deps
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: github/codeql-action
  dependency-version: 3.29.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-01 04:34:14 +03:00
Mohammed Al Sahaf
2f0fc62b34
chore: apply security best practices for CI (#7066) 
* chore: apply security best practices for CI

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* remove redundant codeql job

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* run scorecard flow on PRs

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
 2025-06-16 20:14:09 +00:00
Mohammed Al Sahaf
7a33f481f1
ci: add dep review, OSSF scorecard actions (#7063) 
* ci: add dep review action

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* sprinkle permissions on Actions jobs

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* README: add OpenSSF best practices badge

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* add draft OpenSSF Scorecard workflow

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
 2025-06-12 23:40:51 +00:00