Aliaksandr Valialkin
52c46f49e1
all: update Go builder from Go1.20.2 to Go1.20.3
...
See https://github.com/golang/go/issues?q=milestone%3AGo1.20.3+label%3ACherryPickApproved
2023-04-05 13:38:44 -07:00
dependabot[bot]
ba167df617
build(deps): bump actions/setup-go from 3 to 4 ( #3962 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 14:08:28 -07:00
Roman Khavronenko
b6ed977fa4
security: bump go version to 1.20.2 ( #3935 )
...
upgrade Go builder from Go1.20.1 to Go1.20.2
See the list of issues addressed in Go1.20.2 here (https://github.com/golang/go/issues?q=milestone%3AGo1.20.2+label%3ACherryPickApproved ).
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-03-11 23:38:14 -08:00
Roman Khavronenko
8d65c6e46e
github: fix validation errors ( #3903 )
...
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-03-08 00:52:27 -08:00
Roman Khavronenko
c160923ae1
github: add a Question issue type ( #3901 )
...
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-03-08 00:50:42 -08:00
Aliaksandr Valialkin
57f50ace96
.github/workflows/check-licenses.yml: use the correct version of Go - 1.20.1 - instead of 1.21.0
2023-02-27 19:25:23 -08:00
Aliaksandr Valialkin
ecc84f7923
all: update Go builder from Go1.20.0 to Go1.20.1
...
See https://github.com/golang/go/issues?q=milestone%3AGo1.20.1+label%3ACherryPickApproved
2023-02-14 23:05:54 -08:00
Max Golionko
9d658ccce3
bump go to 1.20 in ci jobs ( #3787 )
2023-02-08 08:43:37 -08:00
Max Golionko
41bf9a481a
CI: speedup build by 2.4x. restore nightly build ( #3772 )
...
* setup docker buildx
* add snyk integration
* add go cache for docker build
* cancel redundant job if there is new commit into same PR or branch
2023-02-07 09:31:00 -08:00
Max Golionko
2aa94191a0
disable codeql for docs. merge build and test back to one job ( #3746 )
2023-02-02 08:37:23 -08:00
Max Golionko
28738c473a
ci: checkout correct branch for build step ( #3676 )
2023-01-19 09:51:53 -08:00
Aliaksandr Valialkin
62e08dbea9
.github/workflows: remove obsolete make targets: install-goling and install-errcheck
...
These targets became obsolete after ec2c82e800
2023-01-18 11:48:47 -08:00
Max Golionko
57a0cde27c
CI: split js and go codeql, split test and build, enable matrix for test ( #3670 )
...
* split js and go codeql, split test and build, enable matrix for test
* checkout before go setup
* enable build for PRs as well
* update filter
2023-01-18 11:46:38 -08:00
Roman Khavronenko
09d41e05fa
ci: disable JS codeQL check ( #3659 )
...
We have limited amount of time used by Github CI runners
and JS analysis accounts for a half of it.
Since JS represents only a small fraction of the codebase
and is solely maintained by one person - I suggest to disable
the CodeQL check in order to save CI runners time.
Signed-off-by: hagen1778 <roman@victoriametrics.com>
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-01-17 21:05:51 -08:00
Aliaksandr Valialkin
6d1bd761f8
deployment/docker: update Go builder from v1.19.4 to v1.19.5
...
See https://github.com/golang/go/issues?q=milestone%3AGo1.19.5+label%3ACherryPickApproved
2023-01-10 18:42:34 -08:00
Roman Khavronenko
23473de81e
github: rm plaintext
render ( #3597 )
...
`render: plain text` makes fields not formattable and prevents
from pasting screenshots.
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-01-04 08:44:32 -08:00
Zakhar Bessarab
e38100fbb5
github: use github templates for filling in feature requests or bug reports ( #3587 )
...
github: use github templates for filling in feature requests or bug reports
2023-01-04 08:27:59 -08:00
Artem Navoiev
557b9b1d57
run checks only for master/cluster branches ( #3581 )
...
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-01-03 21:46:49 -08:00
Aliaksandr Valialkin
676de127aa
all: update Go builder from v1.19.3 to v1.19.4
...
See https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved
2022-12-08 17:04:41 -08:00
Roman Khavronenko
8ee464b22b
bump go version to 1.19.3 ( #3327 )
...
Signed-off-by: hagen1778 <roman@victoriametrics.com>
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-11-09 11:56:38 +02:00
Denys Holius
6e5308ecb2
.github/workflows/codeql-analysis.yml: specifically setting the Go version ( #3277 )
...
see https://github.com/github/codeql-action/issues/1059
2022-10-28 00:08:50 +03:00
Aliaksandr Valialkin
98a4ab796c
all: update the minimum required Go verson from 1.19.1 to 1.19.2
...
This is needed because of security vulnerabilities found in Go 1.19.1
See https://go.dev/doc/devel/release#go1.19.2
2022-10-07 22:46:44 +03:00
Roman Khavronenko
d071e39694
bump Go version to 1.19.1 ( #3108 )
...
The reason is to cover vulnerability GO-2022-0969
Found in: net/http@go1.18.5
Fixed in: net/http@go1.19.1
More info: https://pkg.go.dev/vuln/GO-2022-0969
Signed-off-by: hagen1778 <roman@victoriametrics.com>
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-09-14 13:43:27 +03:00
Aliaksandr Valialkin
e29c9dea30
.github/workflows/main.yml: stop setting GO111MODULE=on env var, since it is unnecessary in Go1.18 and newer versions
2022-09-08 18:46:05 +03:00
Aliaksandr Valialkin
221dd3a224
all: bump the minimum supported version of Go from 1.17 to 1.18
...
This is needed because some dependencies uses generics, which have been appeared in Go1.18
This is a follow-up for caf3dd4fa2
2022-08-08 13:45:39 +03:00
Aliaksandr Valialkin
da6c85a2f6
all: follow-up for d99ba3481b
2022-07-13 17:17:08 +03:00
naveensrinivasan
21f80fa137
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-19 11:33:48 +03:00
Dima Lazerka
6e4d84c1f1
Add GitHub workflow for code scanning ( #2453 )
...
Add pre-generated workflow definition for GitHub's CodeQL code scanning.
2022-04-16 19:01:37 +03:00
Roman Khavronenko
1e9ba4d133
github/dependabot.yml: disable versions update for vmui ( #2449 )
...
The change disables versions autopupdate for vmui package.
The change has no impact on security updates, which have a separate,
internal limit of ten open pull requests.
See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-04-12 14:27:38 +03:00
Aliaksandr Valialkin
c461b39b21
Revert "Add check-rebased Github action ( #2002 )"
...
This reverts commit 2104330d4c
.
This check doesn't work well for community pull requests, since third-party users
aren't motivated to rebase pull requests to branch head after they are created.
This check is useful for private repositories though.
2022-01-04 11:48:23 +02:00
Dima Lazerka
55b4436804
Add check-rebased Github action ( #2002 )
...
It will prevent merging in a branch that's not based on its base branch HEAD, leading to streamlined history.
Note it will not prevent squash commits, nor commits directly to base branch.
2022-01-03 16:57:10 +02:00
Aliaksandr Valialkin
566c9791be
Revert "Add .github/workflows/check-based-on-master ( #1991 )"
...
This reverts commit 06cf4e0f70
.
This break merge requests to non-master branches - see https://github.com/VictoriaMetrics/VictoriaMetrics/pull/1993#issuecomment-999403963
2021-12-22 11:20:20 +02:00
Dima Lazerka
7462ff3e8c
Add .github/workflows/check-based-on-master ( #1991 )
2021-12-21 20:31:12 +02:00
Roman Khavronenko
8b67168609
ci: bump go version to 1.17 ( #1895 )
...
The bump was required for `vmalert` package.
`vmalert` docs now also contain an updated description.
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2021-12-02 14:51:45 +02:00
Aliaksandr Valialkin
6c1701d908
.github/workflows/main.yml: checkout code before installing dependencies
...
Dependencies depend on Makefile rules from the code, so code checkout must run first
2021-10-26 22:09:38 +03:00
Aliaksandr Valialkin
d65912e47c
.github/workflows/main.yml: re-use makefile rules for installing goling, errcheck and golangci-lint
2021-10-26 22:05:09 +03:00
Denys Holius
56970caded
fixed wrong path for npm dependabot checks ( #1744 )
2021-10-26 19:16:35 +03:00
Aliaksandr Valialkin
30d2876c6e
.github/dependabot.yml: increase check intervals for gomod and docker ecosystems from daily to weekly
...
Daily checks are too verbose and result into too many automatic pull requests and commits
2021-09-01 16:08:31 +03:00
Artem Navoiev
c0420634ff
add dependency chekcs for ( #1535 )
...
- ruby (for docs)
- gomod for monorepo
- npm for vmui
- gomod go small webserver in vmui
2021-08-15 14:45:53 +03:00
Aliaksandr Valialkin
dea1cdd817
Revert ".github/dependabot.yml: remove automated dependency version checks"
...
This reverts commit 5b986c95dd
.
This check verifies only dependencies needed for github-actions. This is OK.
2021-05-10 12:06:19 +03:00
Aliaksandr Valialkin
36a79b7fd3
Add make check-licenses
rule for the ability to manually check licenses in vendored dependencies
...
This is a follow-up for c687536956
2021-05-10 12:01:37 +03:00
Aliaksandr Valialkin
15ad9deccf
.github/dependabot.yml: remove automated dependency version checks
...
Dependency updates must be under manual control, since the resulting code diffs must be reviewed manually for the sake of security.
It is done with `make vendor-update` now.
2021-05-10 12:01:29 +03:00
Artem Navoiev
632eb82dbd
Add vendor license checker, update codecov action, add dependbot for … ( #1280 )
...
* Add vendor license checker, update codecov action, add dependbot for github actions
* update gitingore, temprorary turn on check
* fix action name
* change action rules to trigger only when vendor changes
* remove obsolete line from main action
2021-05-10 12:01:20 +03:00
Aliaksandr Valialkin
402543e7c6
.github/workflows/main.yml: update Go version from v1.15 to v1.16
2021-03-01 12:14:14 +02:00
Aliaksandr Valialkin
7f1302688f
lib/fs: follow-up after f3a03c4164
2021-02-27 01:09:37 +02:00
Aliaksandr Valialkin
7f4fb34182
app/vmctl: move vmctl code from github.com/VictoriaMetrics/vmctl
...
It is better developing vmctl tool in VictoriaMetrics repository, so it could be released
together with the rest of vmutils tools such as vmalert, vmagent, vmbackup, vmrestore and vmauth.
2021-02-01 01:18:39 +02:00
Aliaksandr Valialkin
a66af20686
.github/workflows/main.yml: fall back to go get
instead of go install
for installing aux tools
...
It is unclear why `go install` doesn't work in Github Actions. Needs additional investigation.
The following error is returned now:
cannot find package "golang.org/x/lint/golint" in any of:
/opt/hostedtoolcache/go/1.15.5/x64/src/golang.org/x/lint/golint (from $GOROOT)
/home/runner/go/src/golang.org/x/lint/golint (from $GOPATH)
2020-12-15 14:19:11 +02:00
Aliaksandr Valialkin
3f88e27d0f
Do not set GO111MODULE=off
during go install
, since this doesnt work in Go1.14 and Go1.15
2020-12-15 13:14:41 +02:00
Aliaksandr Valialkin
e17ac90f59
.github/workflows/main.yml: set GO111MODULE=off when installing auxiliary tools via go install
2020-12-15 01:02:13 +02:00
Aliaksandr Valialkin
dafef21001
all: use go install
instead of go get
for installing auxiliary tools
...
This is a preparation for Go 1.16, which deprecates `go get` for installing binaries.
See https://tip.golang.org/doc/go1.16#go-command :
go install, with or without a version suffix (as described above), is now the recommended way
to build and install packages in module mode. go get should be used with the -d flag to adjust
the current module's dependencies without building packages, and use of go get to build and install
packages is deprecated. In a future release, the -d flag will always be enabled.
2020-12-14 20:07:20 +02:00