b3ba0f96f1
chore: use better PR titles for cherry-pick-bot PRs ( #16165 )
2025-01-16 15:54:03 +00:00
dd29997b9c
chore: reduce parallelism for test-go-pg on macOS ( #16116 )
...
We're seeing test-go-pg flakes on macOS in CI. We've had the same
problem on Windows, and reducing test parallelism in
https://github.com/coder/coder/pull/16090 seemed to help. This PR makes
the same change on macOS.
2025-01-13 16:57:48 +01:00
22236f2988
chore: only notify about CI failure on main if required job fails ( #16114 )
...
This should be the last PR to get this working
Looks like the `nightly-gauntlet` is working as expected, and this is a
clone of that.
---------
Signed-off-by: Danny Kopping <danny@coder.com >
2025-01-13 14:06:43 +00:00
24dd8a17d3
ci: switch test-go-pg on macOS to depot runners ( #16101 )
...
Since I missed this in #16100 :(
2025-01-13 23:07:10 +11:00
f9f72de1d6
chore: predicate slack notification job on other jobs ( #16106 )
...
`always()` does not seem to work
Extending https://github.com/coder/coder/pull/16105
Signed-off-by: Danny Kopping <danny@coder.com >
2025-01-13 13:42:37 +02:00
73d8dde6ed
chore: notify #dev of nightly gauntlet failures ( #16105 )
...
Expands on https://github.com/coder/coder/pull/16102
This workflow is currently failing every night, so this will not only
raise immediate awareness but will also be easy to validate this job.
Signed-off-by: Danny Kopping <danny@coder.com >
2025-01-13 10:15:15 +00:00
859abcde4e
chore: send notification to #dev on any CI failure on main ( #16102 )
...
We've had a [few failures in
main](https://github.com/coder/coder/actions?query=branch%3Amain+is%3Afailure )
of late, and unless the committer of the change has CI notifications
enabled we may not be aware of the failure.
This PR sends a Slack notification to the #dev channel so everyone has
visibility.
Signed-off-by: Danny Kopping <danny@coder.com >
2025-01-13 11:28:45 +02:00
88a9c4bb59
ci: switch test-go on macOS to depot runners ( #16100 )
...
We use depot runners where possible everywhere else. As a bonus, the
depot runners for Mac would appear to be slightly beefier than the
GitHub ones (8 vs 6 cores).
We've already been using the depot macOS runners to build the VPN dylib
for the past month or so.
2025-01-13 16:53:51 +11:00
899836d47a
chore: reduce Windows PG tests flakiness ( #16090 )
...
This PR:
- Reduces test parallelism on Windows in CI
- Unifies wait intervals on Windows with Linux and macOS. Previously we
had custom intervals for Windows to reduce test flakiness on smaller CI
workers, but we don't run tests on small CI workers anymore. Due to how
our CI file is defined, forks run tests on small CI machines, but I'm
not sure if the different intervals actually help or whether that's a
heuristic that happened to fix issues on a particular day and was it
ever reevaluated. I propose we make the change and if someone complains,
revert it.
In particular, reduced test parallelism seems to actually help: I was
able to run Windows tests 5 times in a row without flakes. Not sure if
that's going to fix the problem long term, but it seems worth trying.
2025-01-10 15:21:03 +01:00
95d769da41
chore: ignore cherry-pick-bot created branches for Deploy PR ( #16037 )
2025-01-04 16:55:43 +05:00
8f570d6f01
ci: integrate cherry-pick-bot ( #15973 )
...
Integrates
[`cherry-pick-bot`](https://github.com/googleapis/repo-automation-bots/tree/main/packages/cherry-pick-bot )
to automate cheery picks to release branches.
This works by commenting
```
/cherry-pick release/2.XX
```
On any **Merged** or **Open** PR and this will automatically open the
cheery-pick PR.
- [x] [Install](https://github.com/apps/gcp-cherry-pick-bot ) the bot to
`coder/coder` repo.
cc: @kylecarbs , @ammario and @sreya for installing the bot.
Some popular repos making use of this:
1. https://github.com/zed-industries/zed
2. https://github.com/flutter/flutter
3. https://github.com/argoproj/argo-cd
4. https://github.com/runatlantis/atlantis
5. https://github.com/flutter/engine
2025-01-04 09:13:48 +05:00
94f5d52fdc
chore: adopt markdownlint and markdown-table-formatter for *.md ( #15831 )
...
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com >
2025-01-03 13:12:59 +00:00
7152f4a740
ci: make sure golden files are actually up to date ( #15989 )
2025-01-02 11:05:11 +02:00
cc98bab30f
chore(scripts): remove unused ci-report ( #15988 )
2024-12-31 14:05:36 +00:00
4c939a6461
ci: bump the github-actions group with 3 updates ( #15874 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-16 18:14:32 +05:00
8b51fdc6b5
ci: pin weekly-docs runner ubuntu version to 22.04 ( #15873 )
...
The action is currently failing due to the runner using `ubuntu-latest`
See [the ubuntu
blog](https://ubuntu.com/blog/whats-new-in-security-for-ubuntu-24-04-lts#:~:text=22.04%20LTS.-,Unprivileged%20user%20namespace%20restrictions,-Unprivileged%20user%20namespaces )
for more.
2024-12-16 10:23:11 +00:00
34a2ec8ad9
ci: build images on depot again ( #15860 )
2024-12-13 13:59:24 +00:00
d35de45d94
ci: try building images on GitHub-hosted runner again ( #15854 )
2024-12-12 23:33:22 +00:00
04032f2a97
ci: only build dylib on PRs with Go changes ( #15839 )
...
For some reason we were building the dylib on any code changes, now it's
just Go (and CI) changes - using the same condition that `go-test` uses.
`if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci ==
'true' || github.ref == 'refs/heads/main'`
The main check ensures that it's always run before `build` is run.
2024-12-12 06:22:51 +00:00
29c9bbf2bb
docs: add new organizations docs to best practices section ( #15732 )
...
Co-authored-by: EdwardAngert <2408959-EdwardAngert@users.noreply.gitlab.com >
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com >
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com >
2024-12-11 16:32:21 -05:00
ea9e39d87c
fix: give cla workflow pull request write permissions ( #15820 )
...
When https://github.com/coder/coder/pull/15349 was added, it implicitly
set all the other permissions to none.
From
https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
> If you specify the access for any of these permissions, all of those
that are not specified are set to none.
2024-12-11 15:53:08 +11:00
018723c6b0
chore: use cdrci2 account for CLA ( #15783 )
2024-12-09 22:30:41 +10:00
901ad3f0e4
ci: skip running test-e2e on PRs from forks ( #15784 )
...
Co-authored-by: Dean Sheather <dean@deansheather.com >
2024-12-09 09:50:57 +00:00
0109c9fe6f
ci: bump the github-actions group across 1 directory with 4 updates ( #15762 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-05 13:12:07 +00:00
ca810975e7
fix: increase node max heap allocation during e2e builds ( #15759 )
...
We're already using a 16GB runner, so this should fix flakes like:
https://github.com/coder/coder/actions/runs/12172097355/job/33950290293
https://github.com/coder/coder/actions/runs/11653425091/job/32445787079
This is the same `NODE_OPTION` we already set in the dogfood dockerfile.
2024-12-05 06:03:50 +00:00
887ea14b6a
ci: fetch annotated tags during release/build-dylib ( #15738 )
...
The release action [ran into an
issue](https://github.com/coder/coder/actions/runs/12147281426 ) building
the dylib today, as the version script that's run during the build job
was unable to find an annotated tag. This is a step it skips during
dry-runs.
```
ERROR: version.sh: the current commit is not tagged with an annotated tag
```
This was almost certainly caused by omitting the `git fetch --tags
--force` that's present on each other release action job, as the
workflow passes on a release dry-run when run against a regular branch,
that's not an annotated tag.
From an existing comment:
> If the event that triggered the build was an annotated tag (which our
tags are supposed to be), actions/checkout has a bug where the tag in
question is only a lightweight tag and not a full annotated tag.
2024-12-04 19:09:40 +11:00
c7c35ef4d7
chore: run macOS, windows, and race tests with Postgres in CI ( #15520 )
...
This PR is the second in a series aimed at closing
https://github.com/coder/coder/issues/15109 .
## Changes
- adds `scripts/embedded-pg/main.go`, which can start a native Postgres
database. This is used to set up PG on Windows and macOS, as these
platforms don't support Docker in Github Actions.
- runs the `test-go-pg` job on macOS and Windows too
- adds the `test-go-race-go` job, which runs race tests with Postgres on
Linux
2024-12-03 13:33:17 +01:00
45d9274aca
chore: disable parallelization when running security action ( #15666 )
...
- `make -j` appears to be broken for clean builds
2024-11-26 23:35:51 +02:00
9e78aaeea3
ci: bump the github-actions group with 3 updates ( #15649 )
...
Bumps the github-actions group with 3 updates:
[step-security/harden-runner](https://github.com/step-security/harden-runner ),
[github/codeql-action](https://github.com/github/codeql-action ) and
[aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ).
Updates `step-security/harden-runner` from 2.10.1 to 2.10.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases ">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.10.2</h2>
<h2>What's Changed</h2>
<ol>
<li>
<p>Fixes low-severity command injection weaknesses
The advisory is here: <a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc ">https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc </a></p>
</li>
<li>
<p>Bug fix to improve detection of whether Harden-Runner is running in a
container</p>
</li>
</ol>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.10.2 ">https://github.com/step-security/harden-runner/compare/v2...v2.10.2 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/0080882f6c36860b6ba35c610c98ce87d4e2f26f "><code>0080882</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/476 ">#476</a>
from step-security/rc-16</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/4a3a88bbf8f2e304f84e1042472c02dce37eba82 "><code>4a3a88b</code></a>
Update dist</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/556aae632a6c1f630efa52e90d706218618e5f2f "><code>556aae6</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/480 ">#480</a>
from h0x0er/jatin/cleanup</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/6c39b8466160e86ad8606033d399fe7f4052aee1 "><code>6c39b84</code></a>
chore: clean the code</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/40401cf6183a0ab2dae5c7e485c1d073fe911e91 "><code>40401cf</code></a>
Update for isdocker</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/806ab1cccb47a439a89d5f8f85d3ea41a7fb1e4c "><code>806ab1c</code></a>
Update check for isdocker</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/28468118cdb665b2214b64175253b83fcb4b25f6 "><code>2846811</code></a>
update dist</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/df8a07c1712fac199e8d6e78d64a46092afffa44 "><code>df8a07c</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/475 ">#475</a>
from h0x0er/fix-execSync</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/30636fb583e59a926da2f17677e5cd3b63cf1be1 "><code>30636fb</code></a>
bug fixes</li>
<li>See full diff in <a
href="https://github.com/step-security/harden-runner/compare/91182cccc01eb5e619899d80e4e971d6181294a7...0080882f6c36860b6ba35c610c98ce87d4e2f26f ">compare
view</a></li>
</ul>
</details>
<br />
Updates `github/codeql-action` from 3.27.4 to 3.27.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases ">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.27.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.27.5 - 19 Nov 2024</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.27.5/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.27.5 - 19 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.4 - 14 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.3 - 12 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.2 - 12 Nov 2024</h2>
<ul>
<li>Fixed an issue where setting up the CodeQL tools would sometimes
fail with the message "Invalid value 'undefined' for header
'authorization'". <a
href="https://redirect.github.com/github/codeql-action/pull/2590 ">#2590</a></li>
</ul>
<h2>3.27.1 - 08 Nov 2024</h2>
<ul>
<li>The CodeQL Action now downloads bundles compressed using Zstandard
on GitHub Enterprise Server when using Linux or macOS runners. This
speeds up the installation of the CodeQL tools. This feature is already
available to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2573 ">#2573</a></li>
<li>Update default CodeQL bundle version to 2.19.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2576 ">#2576</a></li>
</ul>
<h2>3.27.0 - 22 Oct 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.14.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2549 ">#2549</a></li>
<li>Fix an issue where the <code>upload-sarif</code> Action would fail
with "upload-sarif post-action step failed: Input required and not
supplied: token" when called in a composite Action that had a
different set of inputs to the ones expected by the
<code>upload-sarif</code> Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2557 ">#2557</a></li>
<li>Update default CodeQL bundle version to 2.19.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2552 ">#2552</a></li>
</ul>
<h2>3.26.13 - 14 Oct 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520 ">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11 </code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11 </code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/f09c1c0a94de965c15400f5634aa42fac8fb8f88 "><code>f09c1c0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2616 ">#2616</a>
from github/update-v3.27.5-a6c8729a5</li>
<li><a
href="https://github.com/github/codeql-action/commit/67b73eaba559c7e6913377065b0362ccbfc94e87 "><code>67b73ea</code></a>
Update changelog for v3.27.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/a6c8729a5d7573eb8d440e52a9645ce4db61d97c "><code>a6c8729</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2614 ">#2614</a>
from github/marcogario/per-platform-proxy</li>
<li><a
href="https://github.com/github/codeql-action/commit/8f3b48727ff1b076c28967a258b95fcee30a3a48 "><code>8f3b487</code></a>
Start-proxy: Fetch OS specific binary</li>
<li><a
href="https://github.com/github/codeql-action/commit/cba5fb58d4f85affaf03eb9da32f5b6c9d76838b "><code>cba5fb5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2613 ">#2613</a>
from github/dependabot/npm_and_yarn/npm_and_yarn-018...</li>
<li><a
href="https://github.com/github/codeql-action/commit/e782c3a145d9946aba8fa390e406acbe4e4c05c5 "><code>e782c3a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2612 ">#2612</a>
from github/angelapwen/report-linux-runner-release</li>
<li><a
href="https://github.com/github/codeql-action/commit/db6788195b646f87b3d1c616b0c14a6d5b7fa9a6 "><code>db67881</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/ecde4d232d18cf2dba6c1a6b76810332abff736f "><code>ecde4d2</code></a>
Bump cross-spawn from 7.0.3 to 7.0.6 in the npm_and_yarn group</li>
<li><a
href="https://github.com/github/codeql-action/commit/e3c67a01d31d9c173ba5ffccc9d0f275540d99de "><code>e3c67a0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2610 ">#2610</a>
from github/dependabot/npm_and_yarn/npm-d2ca52e617</li>
<li><a
href="https://github.com/github/codeql-action/commit/f9ada54538b47b6db28c4d11f53848689968909e "><code>f9ada54</code></a>
Telemetry: report OS release for GitHub-hosted Linux runners</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `aquasecurity/trivy-action` from 0.28.0 to 0.29.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aquasecurity/trivy-action/releases ">aquasecurity/trivy-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.29.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: Allow skipping setup by <a
href="https://github.com/rvesse "><code>@rvesse</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/414 ">aquasecurity/trivy-action#414</a></li>
<li>Fix oras command not found in "Update Trivy Cache" action
by <a href="https://github.com/Tiryoh "><code>@Tiryoh</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/413 ">aquasecurity/trivy-action#413</a></li>
<li>Update README.md by <a
href="https://github.com/simar7 "><code>@simar7</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/420 ">aquasecurity/trivy-action#420</a></li>
<li>feat: add token for <code>setup-trivy</code> by <a
href="https://github.com/DmitriyLewen "><code>@DmitriyLewen</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/421 ">aquasecurity/trivy-action#421</a></li>
<li>fix: bump <code>setup-trivy</code> and add new <code>contrib</code>
directory path info by <a
href="https://github.com/DmitriyLewen "><code>@DmitriyLewen</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/424 ">aquasecurity/trivy-action#424</a></li>
<li>docs: remove ignore-unfixed from IaC scan example by <a
href="https://github.com/nikpivkin "><code>@nikpivkin</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/429 ">aquasecurity/trivy-action#429</a></li>
<li>chore(deps): Bump trivy to v0.57.1 by <a
href="https://github.com/simar7 "><code>@simar7</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/434 ">aquasecurity/trivy-action#434</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rvesse "><code>@rvesse</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/414 ">aquasecurity/trivy-action#414</a></li>
<li><a href="https://github.com/Tiryoh "><code>@Tiryoh</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/413 ">aquasecurity/trivy-action#413</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.28.0...0.29.0 ">https://github.com/aquasecurity/trivy-action/compare/0.28.0...0.29.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/18f2510ee396bbf400402947b394f2dd8c87dbb0 "><code>18f2510</code></a>
chore(deps): Bump trivy to v0.57.1 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/434 ">#434</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/93941cebba762da4c91a91883859bf1bfb221c73 "><code>93941ce</code></a>
docs: remove ignore-unfixed from IaC scan example (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/429 ">#429</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/d2a392a13760cb64cb6bbd31d4bed2a7d9a5298d "><code>d2a392a</code></a>
fix: bump <code>setup-trivy</code> and add new <code>contrib</code>
directory path info (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/424 ">#424</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/ee8934673cc18947baf4b05c01c4100ff36648da "><code>ee89346</code></a>
feat: add token for <code>setup-trivy</code> (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/421 ">#421</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/cf990b19d84bbbe1eb8833659989a7c1029132e3 "><code>cf990b1</code></a>
Update README.md (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/420 ">#420</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/bff40be51b9207cf8f2148d628a9836cc7370247 "><code>bff40be</code></a>
docs: Fix oras command not found (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/413 ">#413</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/fc1500abdcdc9fc681e98d8912a52fa70dbc67de "><code>fc1500a</code></a>
feat: Allow skipping setup (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/414 ">#414</a>)</li>
<li>See full diff in <a
href="https://github.com/aquasecurity/trivy-action/compare/915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2...18f2510ee396bbf400402947b394f2dd8c87dbb0 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-26 16:24:10 +05:00
32fc844b47
chore: support building Coder Desktop .dylib ( #15512 )
...
Relates to #14734 .
2024-11-20 14:13:03 +11:00
1c6cec3c43
ci: bump github/codeql-action from 3.27.1 to 3.27.4 in the github-actions group ( #15563 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 19:38:29 +05:00
365ce67f21
chore: add provenance attestation to docker-base image ( #14999 )
...
Enables [build
attestation](https://docs.docker.com/build/metadata/attestations/slsa-provenance/ )
for the docker-base image.
Contributes to #14879 and coder/internal#89
As an experiment, we are only doing it with the coder-base image for
now.
2024-11-15 08:16:33 +05:00
b96177613b
ci: fix go tests not running if examples are updated ( #15514 )
...
- https://github.com/coder/coder/pull/15504 broke CI on main because of
the aforementioned issue, this also fixes the test failure.
2024-11-14 14:20:51 +00:00
6ff302b740
docs: add Docker to provider authentication docs ( #15494 )
...
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com >
2024-11-13 15:40:41 +00:00
fa69d1ca74
ci: reenable link checker & fix broken links ( #15489 )
...
Follow-up on #15484 .
2024-11-13 16:04:10 +11:00
97b3bbf4a0
ci: disable weekly-docs temporarily ( #15484 )
...
I updated it in #15424 and it's doing suspect things to block PRs 🙃
https://github.com/coder/coder/actions/runs/11797850940/job/32862729001?pr=15482
2024-11-12 13:41:00 +00:00
7f294bbb70
ci: bump the github-actions group with 2 updates ( #15474 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-11 18:02:29 +05:00
329e08686f
chore: improve PR deployments ( #15430 )
2024-11-11 17:58:32 +05:00
6e18742ad3
ci: replace unmaintained markdown link checker ( #15424 )
...
The old one was flaking a bunch and blocking PRs. This is the one
recommended by the maintainer of the old.
2024-11-07 22:30:43 +11:00
62fa7e5ab8
docs: disable markdown link check on mailto links ( #15382 )
...
to satisfy CI
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com >
2024-11-05 12:35:46 -05:00
765314ce18
ci: bump the github-actions group with 4 updates ( #15359 )
...
Bumps the github-actions group with 4 updates:
[crate-ci/typos](https://github.com/crate-ci/typos ),
[google-github-actions/auth](https://github.com/google-github-actions/auth ),
[google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud )
and
[google-github-actions/get-gke-credentials](https://github.com/google-github-actions/get-gke-credentials ).
Updates `crate-ci/typos` from 1.26.8 to 1.27.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases ">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.27.0</h2>
<h2>[1.27.0] - 2024-11-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1106 ">October
2024</a> changes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md ">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="http://keepachangelog.com/ ">Keep a
Changelog</a>
and this project adheres to <a href="http://semver.org/ ">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.27.0] - 2024-11-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1106 ">October
2024</a> changes</li>
</ul>
<h2>[1.26.8] - 2024-10-24</h2>
<h2>[1.26.7] - 2024-10-24</h2>
<h2>[1.26.6] - 2024-10-24</h2>
<h2>[1.26.5] - 2024-10-24</h2>
<h2>[1.26.4] - 2024-10-24</h2>
<h2>[1.26.3] - 2024-10-24</h2>
<h3>Fixes</h3>
<ul>
<li>Accept <code>additionals</code></li>
</ul>
<h2>[1.26.2] - 2024-10-24</h2>
<h3>Fixes</h3>
<ul>
<li>Accept <code>tesselate</code> variants</li>
</ul>
<h2>[1.26.1] - 2024-10-23</h2>
<h3>Fixes</h3>
<ul>
<li>Respect <code>--force-exclude</code> for binary files</li>
</ul>
<h2>[1.26.0] - 2024-10-07</h2>
<h3>Compatibility</h3>
<ul>
<li><em>(pre-commit)</em> Requires 3.2+</li>
</ul>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/d01f29c66d1bf1a08730750f61d86c210b0d039d "><code>d01f29c</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/52e950bb130b2bdee93bba2b1973c8f7d8ac5c46 "><code>52e950b</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/19cfc03ea4e6fd581972b77eb3761351a4db7ee6 "><code>19cfc03</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/f80b1564bd618fb5325b8c0d52849ac7da0bbaea "><code>f80b156</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1140 ">#1140</a>
from epage/oct</li>
<li><a
href="https://github.com/crate-ci/typos/commit/6b5c8079a9416f5aba90f4cc1348921aa72d9538 "><code>6b5c807</code></a>
feat(dict): Oct updates</li>
<li><a
href="https://github.com/crate-ci/typos/commit/d64f202a88f87f2e3fbbd1f5a45ab2ec3ef9b832 "><code>d64f202</code></a>
chore(deps): Update compatible (<a
href="https://redirect.github.com/crate-ci/typos/issues/1137 ">#1137</a>)</li>
<li><a
href="https://github.com/crate-ci/typos/commit/e903c4628799da0b9fc51e03d200e4fa62ba2c0a "><code>e903c46</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1136 ">#1136</a>
from PigeonF/PigeonF/push-mlqnlvmswwmp</li>
<li><a
href="https://github.com/crate-ci/typos/commit/b994765ef920d85d7a7115db2e9afce611cdcf93 "><code>b994765</code></a>
chore: Fix typo "potemtial" -> "potential"</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/0d9e0c2c1bd7f770f6eb90f87780848ca02fc12c...d01f29c66d1bf1a08730750f61d86c210b0d039d ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google-github-actions/auth` from 2.1.6 to 2.1.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/auth/releases ">google-github-actions/auth's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.7</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: update relase workflows by <a
href="https://github.com/verbanicm "><code>@verbanicm</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/452 ">google-github-actions/auth#452</a></li>
<li>Release: v2.1.7 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/auth/pull/453 ">google-github-actions/auth#453</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/auth/compare/v2.1.6...v2.1.7 ">https://github.com/google-github-actions/auth/compare/v2.1.6...v2.1.7 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/auth/commit/6fc4af4b145ae7821d527454aa9bd537d1f2dc5f "><code>6fc4af4</code></a>
Release: v2.1.7 (<a
href="https://redirect.github.com/google-github-actions/auth/issues/453 ">#453</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/212f83afe868cc88aa354e1efbf778eff05d970a "><code>212f83a</code></a>
fix: update relase workflows (<a
href="https://redirect.github.com/google-github-actions/auth/issues/452 ">#452</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/auth/compare/8254fb75a33b976a221574d287e93919e6a36f70...6fc4af4b145ae7821d527454aa9bd537d1f2dc5f ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google-github-actions/setup-gcloud` from 2.1.1 to 2.1.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/setup-gcloud/releases ">google-github-actions/setup-gcloud's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.2</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: update release workflows by <a
href="https://github.com/verbanicm "><code>@verbanicm</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/698 ">google-github-actions/setup-gcloud#698</a></li>
<li>Release: v2.1.2 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/699 ">google-github-actions/setup-gcloud#699</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/setup-gcloud/compare/v2.1.1...v2.1.2 ">https://github.com/google-github-actions/setup-gcloud/compare/v2.1.1...v2.1.2 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/6189d56e4096ee891640bb02ac264be376592d6a "><code>6189d56</code></a>
Release: v2.1.2 (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/699 ">#699</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/413dc083dd5818edda432148520965d8255c729a "><code>413dc08</code></a>
fix: update release workflows (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/698 ">#698</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/setup-gcloud/compare/f0990588f1e5b5af6827153b93673613abdc6ec7...6189d56e4096ee891640bb02ac264be376592d6a ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google-github-actions/get-gke-credentials` from 2.2.1 to 2.2.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/get-gke-credentials/releases ">google-github-actions/get-gke-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix package name by <a
href="https://github.com/sethvargo "><code>@sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/312 ">google-github-actions/get-gke-credentials#312</a></li>
<li>fix: update release workflows by <a
href="https://github.com/verbanicm "><code>@verbanicm</code></a> in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/313 ">google-github-actions/get-gke-credentials#313</a></li>
<li>Release: v2.2.2 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/315 ">google-github-actions/get-gke-credentials#315</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/get-gke-credentials/compare/v2.2.1...v2.2.2 ">https://github.com/google-github-actions/get-gke-credentials/compare/v2.2.1...v2.2.2 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/206d64b64b0eba0a6e2f25113d044c31776ca8d6 "><code>206d64b</code></a>
Release: v2.2.2 (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/315 ">#315</a>)</li>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/0fead37d80f46cbcae8eb09300bd8186eb3b2d31 "><code>0fead37</code></a>
fix: update release workflows (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/313 ">#313</a>)</li>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/d7d8311fd5e889897561404341b15a5c01310725 "><code>d7d8311</code></a>
Fix package name (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/312 ">#312</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/get-gke-credentials/compare/6051de21ad50fbb1767bc93c11357a49082ad116...206d64b64b0eba0a6e2f25113d044c31776ca8d6 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Muhammad Atif Ali <me@matifali.dev >
2024-11-05 19:43:41 +11:00
076399b3bd
chore: correct typos and configure permissions in pr-deploy.yaml ( #15372 )
2024-11-05 09:41:48 +05:00
3a5a42ffa9
chore: update workflow permissions ( #15349 )
2024-11-04 11:09:40 +05:00
065263a852
chore: update dependabot config and pin Docker images ( #15194 )
2024-11-04 11:01:54 +05:00
afacb07140
chore: tighten GitHub workflow permissions ( #15282 )
2024-10-30 16:17:42 +05:00
7982ad7659
feat: expose premium trial form via CLI ( #15054 )
...
This PR closes https://github.com/coder/coder/issues/14856
2024-10-29 13:02:20 +00:00
fd60e1c2ba
fix: fix security workflow not installing protoc properly ( #15263 )
2024-10-29 01:30:43 +00:00
074faec7d7
chore: update Terraform to 1.9.8 ( #15256 )
2024-10-28 15:24:57 -05:00
516ba9e28e
chore: update Go to 1.22.8 ( #15255 )
2024-10-28 15:09:43 -05:00
cdd40fb292
ci: bump the github-actions group with 2 updates ( #15245 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-28 21:59:30 +05:00
Muhammad Atif Ali