File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11# Dependabot configuration
2- #
3- # Grouping behavior (see inline comments for details):
4- # - Minor + patch updates: grouped into a single PR per ecosystem
5- # - Major version bumps: individual PR per dependency
6- # - Security updates: individual PR per dependency
7- #
8- # Note: "patch" refers to semver version bumps (1.2.3 -> 1.2.4), not security fixes.
9- # Security updates are identified separately via GitHub's Advisory Database and
10- # can be any version bump (patch, minor, or major) that fixes a known CVE.
112
123version : 2
134
@@ -25,14 +16,6 @@ updates:
2516 open-pull-requests-limit : 10
2617 labels :
2718 - " dependencies"
28- groups :
29- go-minor-patch :
30- applies-to : version-updates # security updates get individual PRs
31- patterns :
32- - " *"
33- update-types : # major omitted, gets individual PRs
34- - " minor"
35- - " patch"
3619
3720 - package-ecosystem : " github-actions"
3821 directories :
@@ -46,11 +29,3 @@ updates:
4629 open-pull-requests-limit : 10
4730 labels :
4831 - " dependencies"
49- groups :
50- actions-minor-patch :
51- applies-to : version-updates # security updates get individual PRs
52- patterns :
53- - " *"
54- update-types : # major omitted, gets individual PRs
55- - " minor"
56- - " patch"
Original file line number Diff line number Diff line change 1313 version :
1414 description : tag the latest commit on main with the given version (prefixed with v)
1515 required : true
16+ skip-checks :
17+ description : skip the check-gate (release even if checks haven't passed on main)
18+ type : boolean
19+ default : false
20+ required : false
1621
1722jobs :
1823 version-available :
2328 version : ${{ github.event.inputs.version }}
2429
2530 check-gate :
31+ if : ${{ !inputs.skip-checks }}
2632 permissions :
33+ contents : read # required for the reusable workflow to check out the repo
2734 checks : read # required for getting the status of specific check names
2835 uses : anchore/workflows/.github/workflows/check-gate.yaml@b0c30a80409130d329aaa356fd64a34d8c0b3375 # v0.7.2
2936 with :
3441
3542 release :
3643 needs : [check-gate, version-available]
44+ # run even when check-gate is skipped, but never when version-available
45+ # failed/was skipped, nor when check-gate failed or was cancelled. note:
46+ # always() disables the implicit success() gate on ALL needs, so the
47+ # version-available requirement must be re-asserted explicitly here.
48+ if : >-
49+ ${{ always()
50+ && needs.version-available.result == 'success'
51+ && !contains(fromJSON('["failure", "cancelled"]'), needs.check-gate.result) }}
3752 environment : release # contains secrets needed for release
3853 runs-on : ubuntu-24.04
3954 permissions :
5065 - name : Create release
5166 env :
5267 GITHUB_TOKEN : ${{ github.token }}
53- DEPLOY_KEY : ${{ secrets.DEPLOY_KEY }}
68+ # for pushing tags (does not inherit workflow permissions)
69+ TAG_TOKEN : ${{ secrets.TAG_TOKEN }}
5470 RELEASE_VERSION : ${{ github.event.inputs.version }}
5571 run : make ci-release
Original file line number Diff line number Diff line change 1- rules :
2- unpinned-uses :
3- ignore :
4- # Allow unpinned uses of trusted internal anchore/workflows actions
5- - oss-project-board-add.yaml
6- - remove-awaiting-response-label.yaml
1+ rules : {}
Original file line number Diff line number Diff line change @@ -90,8 +90,15 @@ issues:
9090
9191formatters :
9292 enable :
93+ - gci
9394 - gofmt
94- - goimports
95+ settings :
96+ gci :
97+ # See https://golangci-lint.run/docs/formatters/configuration/#gci
98+ sections :
99+ - standard # Standard section: captures all standard packages.
100+ - default # Default section: contains all imports that could not be matched to another section type.
101+ - prefix(github.com/anchore)
95102 exclusions :
96103 generated : lax
97104 paths :
Original file line number Diff line number Diff line change @@ -2,11 +2,11 @@ module local
22
33go 1.25.0
44
5- require github.com/anchore/go-make v0.4 .0
5+ require github.com/anchore/go-make v0.7 .0
66
77require (
88 github.com/bmatcuk/doublestar/v4 v4.10.0 // indirect
99 github.com/goccy/go-yaml v1.19.2 // indirect
10- golang.org/x/mod v0.35 .0 // indirect
11- golang.org/x/sys v0.44 .0 // indirect
10+ golang.org/x/mod v0.37 .0 // indirect
11+ golang.org/x/sys v0.46 .0 // indirect
1212)
Original file line number Diff line number Diff line change 1- github.com/anchore/go-make v0.4 .0 h1:poFE4PXcHwvix2E8AhdM7YHZ15bMhZb+W02i3+qrP8M =
2- github.com/anchore/go-make v0.4 .0 /go.mod h1:Nc/tkwQHW1d1Vi8+0rtS/vSrH6pxieaUQXLdrctn+8g =
1+ github.com/anchore/go-make v0.7 .0 h1:qosSwNWV/SsLFc1pI0DlrCZ2BUSDcGDcSKM6HdlnT6c =
2+ github.com/anchore/go-make v0.7 .0 /go.mod h1:4M6TnArb5w693VyWsgr5dCWrk2BLNu/ed4JUcsrzS34 =
33github.qkg1.top/bmatcuk/doublestar/v4 v4.10.0 h1:zU9WiOla1YA122oLM6i4EXvGW62DvKZVxIe6TYWexEs =
44github.qkg1.top/bmatcuk/doublestar/v4 v4.10.0 /go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc =
55github.qkg1.top/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM =
66github.qkg1.top/goccy/go-yaml v1.19.2 /go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA =
7- golang.org/x/mod v0.35 .0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM =
8- golang.org/x/mod v0.35 .0 /go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU =
9- golang.org/x/sys v0.44 .0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ =
10- golang.org/x/sys v0.44 .0 /go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw =
7+ golang.org/x/mod v0.37 .0 h1:vF1DjpVEshcIqoEaauuHebaLk1O1forxjxBaVn884JQ =
8+ golang.org/x/mod v0.37 .0 /go.mod h1:m8S8VeM9r4dzDwjrKO0a1sZP3YjeMamRRlD+fmR2Q/0 =
9+ golang.org/x/sys v0.46 .0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw =
10+ golang.org/x/sys v0.46 .0 /go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw =
You can’t perform that action at this time.
0 commit comments