Commit graph

78 commits

Author SHA1 Message Date
hagen1778
91601da2c2
build(deps): revert version change for codecov/codecov-action from 4 to 3
https://github.com/codecov/codecov-action/issues/1089
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-09-19 10:34:08 +02:00
dependabot[bot]
1870a5cac0
build(deps): bump codecov/codecov-action from 3 to 4 (#5011)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3 to 4.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-19 00:35:10 +02:00
Aliaksandr Valialkin
f3eaeb8e5c
.github/workflow: remove automatic creation of pull request at github.com/VictoriaMetrics/ops repository on new tag
This automation doesn't work as intended on LTS releases, bugfix releases and custom releases,
since it assumes every new tag is related only to new release.

Also the github.com/VictoriaMetrics/ops repository may contain manually set custom tags
for VictoriaMetrics components (for example, for testing the latest bugfixes or features),
which are overwritten by the generated pull request.

The way to go is to manually update tags at github.com/VictoriaMetrics/ops repository when needed
instead of trying to automate this process.
2023-09-11 23:52:55 +02:00
dependabot[bot]
5a16d0936b
build(deps): bump actions/checkout from 3 to 4 (#4950)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 15:23:52 +02:00
Aliaksandr Valialkin
677612c6cb
all: update Go builder from Go1.21.0 to Go1.21.1
See https://github.com/golang/go/issues?q=milestone%3AGo1.21.1+label%3ACherryPickApproved
2023-09-07 11:36:49 +02:00
Aliaksandr Valialkin
4470856cc4
all: update Go builder from Go1.20.7 to Go1.21.0
See https://tip.golang.org/doc/go1.21
and https://go.dev/blog/go1.21
2023-08-11 06:26:27 -07:00
Roman Khavronenko
7220f70506
security: bump go version from 1.20.6 to 1.20.7 (#4773)
The update includes a security fix to the crypto/tls package,
as well as bug fixes to the assembler and the compiler.

See the list of issues addressed in Go1.20.7 here:
https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-08-11 04:44:01 -07:00
Artem Navoiev
14d21cfc73
githubaciton: sync-docs change set output code as current one will be deprecated soon
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
4c78a9cc90
Update .github/workflows/sync-docs.yml
Co-authored-by: Max Golionko <8kirk8@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
ec936262d1
enable only when changes in docs
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
bbc9e349bd
moar debug
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
f85611859c
fix path to main repo
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
abc737747e
more debug
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
64718a3a49
move debug
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
953f146091
remove env
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
8cad820526
debug workflow1
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
f01dea5728
add workdir to gpg step
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:44:04 -07:00
Artem Navoiev
c75202657c
add job to sync the docs
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-07-14 10:39:11 -07:00
Aliaksandr Valialkin
b07a1c85b9
all: update Go builder from 1.20.5 to 1.20.6
See https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved
2023-07-12 01:00:24 -07:00
Max Golionko
e55a2b4137
ci: fix sandbox update job (#4549)
Prevent sandbox deploy job run if tag name is empty.
2023-07-09 12:34:46 -07:00
Max Golionko
75d9914916
CI: disable docker scan, enable auto release to sandbox (#4476)
* disable docker scan

* disable nightly, enable auto release to sandbox

* remove whitespace
2023-07-06 22:02:48 -07:00
Roman Khavronenko
4624fda00d
all: update Go builder from Go1.20.4 to Go1.20.5 (#4427)
See https://github.com/golang/go/issues?q=milestone%3AGo1.20.5+label%3ACherryPickApproved

Signed-off-by: hagen1778 <roman@victoriametrics.com>

(cherry picked from commit 476c7bdd6f)
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-06-09 10:42:15 +02:00
Aliaksandr Valialkin
8cca9ed0d9
all: update Go builder from Go1.20.3 to Go1.20.4
See https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved
2023-05-09 22:31:08 -07:00
Aliaksandr Valialkin
52c46f49e1
all: update Go builder from Go1.20.2 to Go1.20.3
See https://github.com/golang/go/issues?q=milestone%3AGo1.20.3+label%3ACherryPickApproved
2023-04-05 13:38:44 -07:00
dependabot[bot]
ba167df617
build(deps): bump actions/setup-go from 3 to 4 (#3962)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 14:08:28 -07:00
Roman Khavronenko
b6ed977fa4
security: bump go version to 1.20.2 (#3935)
upgrade Go builder from Go1.20.1 to Go1.20.2
See the list of issues addressed in Go1.20.2 here (https://github.com/golang/go/issues?q=milestone%3AGo1.20.2+label%3ACherryPickApproved).

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-03-11 23:38:14 -08:00
Aliaksandr Valialkin
57f50ace96
.github/workflows/check-licenses.yml: use the correct version of Go - 1.20.1 - instead of 1.21.0 2023-02-27 19:25:23 -08:00
Aliaksandr Valialkin
ecc84f7923
all: update Go builder from Go1.20.0 to Go1.20.1
See https://github.com/golang/go/issues?q=milestone%3AGo1.20.1+label%3ACherryPickApproved
2023-02-14 23:05:54 -08:00
Max Golionko
9d658ccce3
bump go to 1.20 in ci jobs (#3787) 2023-02-08 08:43:37 -08:00
Max Golionko
41bf9a481a
CI: speedup build by 2.4x. restore nightly build (#3772)
* setup docker buildx
* add snyk integration
* add go cache for docker build
* cancel redundant job if there is new commit into same PR or branch
2023-02-07 09:31:00 -08:00
Max Golionko
2aa94191a0
disable codeql for docs. merge build and test back to one job (#3746) 2023-02-02 08:37:23 -08:00
Max Golionko
28738c473a
ci: checkout correct branch for build step (#3676) 2023-01-19 09:51:53 -08:00
Aliaksandr Valialkin
62e08dbea9
.github/workflows: remove obsolete make targets: install-goling and install-errcheck
These targets became obsolete after ec2c82e800
2023-01-18 11:48:47 -08:00
Max Golionko
57a0cde27c
CI: split js and go codeql, split test and build, enable matrix for test (#3670)
* split js and go codeql, split test and build, enable matrix for test

* checkout before go setup

* enable build for PRs as well

* update filter
2023-01-18 11:46:38 -08:00
Roman Khavronenko
09d41e05fa
ci: disable JS codeQL check (#3659)
We have limited amount of time used by Github CI runners
and JS analysis accounts for a half of it.
Since JS represents only a small fraction of the codebase
and is solely maintained by one person - I suggest to disable
the CodeQL check in order to save CI runners time.

Signed-off-by: hagen1778 <roman@victoriametrics.com>

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-01-17 21:05:51 -08:00
Aliaksandr Valialkin
6d1bd761f8
deployment/docker: update Go builder from v1.19.4 to v1.19.5
See https://github.com/golang/go/issues?q=milestone%3AGo1.19.5+label%3ACherryPickApproved
2023-01-10 18:42:34 -08:00
Artem Navoiev
557b9b1d57
run checks only for master/cluster branches (#3581)
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>

Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-01-03 21:46:49 -08:00
Aliaksandr Valialkin
676de127aa
all: update Go builder from v1.19.3 to v1.19.4
See https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved
2022-12-08 17:04:41 -08:00
Roman Khavronenko
8ee464b22b
bump go version to 1.19.3 (#3327)
Signed-off-by: hagen1778 <roman@victoriametrics.com>

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-11-09 11:56:38 +02:00
Denys Holius
6e5308ecb2
.github/workflows/codeql-analysis.yml: specifically setting the Go version (#3277)
see https://github.com/github/codeql-action/issues/1059
2022-10-28 00:08:50 +03:00
Aliaksandr Valialkin
98a4ab796c
all: update the minimum required Go verson from 1.19.1 to 1.19.2
This is needed because of security vulnerabilities found in Go 1.19.1
See https://go.dev/doc/devel/release#go1.19.2
2022-10-07 22:46:44 +03:00
Roman Khavronenko
d071e39694
bump Go version to 1.19.1 (#3108)
The reason is to cover vulnerability GO-2022-0969
Found in: net/http@go1.18.5
Fixed in: net/http@go1.19.1
More info: https://pkg.go.dev/vuln/GO-2022-0969

Signed-off-by: hagen1778 <roman@victoriametrics.com>

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-09-14 13:43:27 +03:00
Aliaksandr Valialkin
e29c9dea30
.github/workflows/main.yml: stop setting GO111MODULE=on env var, since it is unnecessary in Go1.18 and newer versions 2022-09-08 18:46:05 +03:00
Aliaksandr Valialkin
221dd3a224
all: bump the minimum supported version of Go from 1.17 to 1.18
This is needed because some dependencies uses generics, which have been appeared in Go1.18

This is a follow-up for caf3dd4fa2
2022-08-08 13:45:39 +03:00
Aliaksandr Valialkin
da6c85a2f6
all: follow-up for d99ba3481b 2022-07-13 17:17:08 +03:00
naveensrinivasan
21f80fa137
chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-19 11:33:48 +03:00
Dima Lazerka
6e4d84c1f1
Add GitHub workflow for code scanning (#2453)
Add pre-generated workflow definition for GitHub's CodeQL code scanning.
2022-04-16 19:01:37 +03:00
Aliaksandr Valialkin
c461b39b21
Revert "Add check-rebased Github action (#2002)"
This reverts commit 2104330d4c.

This check doesn't work well for community pull requests, since third-party users
aren't motivated to rebase pull requests to branch head after they are created.

This check is useful for private repositories though.
2022-01-04 11:48:23 +02:00
Dima Lazerka
55b4436804
Add check-rebased Github action (#2002)
It will prevent merging in a branch that's not based on its base branch HEAD, leading to streamlined history.

Note it will not prevent squash commits, nor commits directly to base branch.
2022-01-03 16:57:10 +02:00
Aliaksandr Valialkin
566c9791be
Revert "Add .github/workflows/check-based-on-master (#1991)"
This reverts commit 06cf4e0f70.

This break merge requests to non-master branches - see https://github.com/VictoriaMetrics/VictoriaMetrics/pull/1993#issuecomment-999403963
2021-12-22 11:20:20 +02:00