dependabot[bot]
0caca05467
chore(deps): bump reviewdog/action-yamllint from 1.21.0 to 1.22.0 ( #266 )
...
Bumps [reviewdog/action-yamllint](https://github.com/reviewdog/action-yamllint ) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/reviewdog/action-yamllint/releases )
- [Commits](https://github.com/reviewdog/action-yamllint/compare/v1.21.0...v1.22.0 )
---
updated-dependencies:
- dependency-name: reviewdog/action-yamllint
dependency-version: 1.22.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-02 12:55:31 -07:00
dependabot[bot]
61c4d33f5c
chore(deps): bump reviewdog/action-markdownlint from 0.26.2 to 0.27.0 ( #265 )
...
Bumps [reviewdog/action-markdownlint](https://github.com/reviewdog/action-markdownlint ) from 0.26.2 to 0.27.0.
- [Release notes](https://github.com/reviewdog/action-markdownlint/releases )
- [Commits](https://github.com/reviewdog/action-markdownlint/compare/v0.26.2...v0.27.0 )
---
updated-dependencies:
- dependency-name: reviewdog/action-markdownlint
dependency-version: 0.27.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-02 12:55:29 -07:00
celeste
9d95c5b74c
ci(claude-review): skip fork and dependabot PRs where auth is unavailable ( #268 )
...
pull_request runs from forks and dependabot don't receive OIDC tokens or
repo secrets, so claude-code-action can't authenticate and the check fails
on every external contributor PR. Guard the job to same-repo, non-dependabot
PRs so it skips (rather than fails) those cases.
2026-07-02 12:53:38 -07:00
Tigah
39b333320e
chore: migrate module path to github.com/vmfunc/sif ( #194 )
...
rename the go module path from github.com/dropalldatabases/sif to
github.com/vmfunc/sif across go.mod, all imports, the golangci exclude
list, release install docs and docs. pure string rename, no logic change.
2026-06-22 22:25:39 -07:00
celeste
6dd1d9e7fe
Add Claude Code GitHub Workflow ( #226 )
...
* "Claude PR Assistant workflow"
* "Claude Code Review workflow"
2026-06-22 18:38:05 -07:00
celeste
78a2ec364f
ci(pr-bot): run on pull_request_target so fork PRs get labeled ( #225 )
...
fork PRs get a read-only token on pull_request, so the label, size and
ci-summary jobs 403 and the summary check shows red on every external
PR. run on pull_request_target (write token, base-repo context), key the
concurrency group on the PR number so runs don't collide, and drop the
size job's unused checkout. none of these jobs check out or run PR code,
they only call the github API with the event payload, so this is the
safe labeler pattern.
supersedes #146 (same fix by @TBX3D, which conflicted after the checkout
bump in #143 ).
2026-06-22 17:21:32 -07:00
dependabot[bot]
064484ff4d
chore(deps): bump actions/checkout from 6 to 7 ( #143 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 16:49:01 -07:00
dependabot[bot]
33e8668456
chore(deps): bump codecov/codecov-action from 6 to 7
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 6 to 7.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-12 12:43:49 +00:00
vmfunc
1d2bc64dbc
ci(release): hoist build ldflags into one env var
...
the 7 cross-compile steps each repeated the same ldflags string, easy to
drift; write it once in the extract-version step and reference $LDFLAGS
2026-06-09 16:03:56 -07:00
vmfunc
ce3075ad91
test: hermetic e2e integration suite
...
- make the four wordlist base urls (dirlist/dnslist/git/ports) package vars
instead of consts so tests can repoint them at a local fixture; the default
values are byte-for-byte unchanged
- add internal/scan/integration_test.go behind a //go:build integration tag: it
stands up a local "vulnerable app" httptest server with planted artifacts and
runs git/dirlist/cms/headers/sql/lfi/ports against it, asserting real findings
- go.yml runs them via `go test -tags=integration`; the default test run is
untouched (the tag keeps them out)
- document the integration run in docs/development.md
2026-06-09 14:32:26 -07:00
vmfunc
648fa8d2c8
chore: bump copyright headers to 2026
...
rolls the (c) 2022-2025 banner to 2022-2026 across all go files, the
startup banner in sif.go, and the header-check workflow's expected
format. comment-only, nothing else changes.
2026-06-08 18:30:48 -07:00
dependabot[bot]
c7a244ed2f
chore(deps): bump actions/dependency-review-action from 4 to 5
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4 to 5.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-07 17:47:57 +00:00
vmfunc
84b0b81996
ci: bump go toolchain to 1.25 and migrate golangci-lint to v2
...
nuclei/v3 v3.8.0 (PR #97 ) requires go >= 1.25.7 in go.mod.
this breaks the existing CI pinned to go 1.24:
- build: "go.mod requires go >= 1.25.7 (running go 1.24.13;
GOTOOLCHAIN=local)"
- lint: "the Go language version (go1.24) used to build
golangci-lint is lower than the targeted Go version (1.25.7)"
bumps setup-go to 1.25 across all workflows and moves the lint
job to golangci-lint-action v8 with golangci-lint v2.11.4 (built
with go 1.25). migrates .golangci.yml to the v2 schema:
- version: "2"
- linters-settings -> linters.settings
- issues.exclude-rules -> linters.exclusions.rules
- drop gosimple (merged into staticcheck in v2)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-04-24 08:53:43 -07:00
celeste
383e645d85
Merge pull request #91 from vmfunc/dependabot/github_actions/codecov/codecov-action-6
...
chore(deps): bump codecov/codecov-action from 5 to 6
2026-04-24 00:37:55 -07:00
celeste
9bd1d8cd14
Merge pull request #93 from vmfunc/dependabot/github_actions/actions/github-script-9
...
chore(deps): bump actions/github-script from 8 to 9
2026-04-24 00:37:01 -07:00
dependabot[bot]
a469463c19
chore(deps): bump softprops/action-gh-release from 2 to 3
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2 to 3.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-version: '3'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-17 12:45:52 +00:00
dependabot[bot]
4917eaf7e7
chore(deps): bump actions/github-script from 8 to 9
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 8 to 9.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v8...v9 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '9'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-10 12:45:52 +00:00
dependabot[bot]
3e0cbbc5dd
chore(deps): bump codecov/codecov-action from 5 to 6
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5 to 6.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-27 12:45:10 +00:00
vmfunc
c69bbe1232
chore: bump setup-go to v6, drop go 1.23 from CI matrix
...
go.mod requires >= 1.24.2 so the 1.23 matrix entry was already dead.
setup-go v6 sets GOTOOLCHAIN=local which makes it fail explicitly.
2026-03-01 05:07:23 +01:00
dependabot[bot]
7749b50d25
chore(deps): bump github/codeql-action from 3 to 4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-27 12:45:54 +00:00
dependabot[bot]
422245fe7f
chore(deps): bump actions/labeler from 5 to 6 ( #80 )
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 5 to 6.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](https://github.com/actions/labeler/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/labeler
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 02:11:25 +01:00
dependabot[bot]
24a9f4411f
chore(deps): bump reviewdog/action-misspell from 1.26.0 to 1.27.0 ( #82 )
...
Bumps [reviewdog/action-misspell](https://github.com/reviewdog/action-misspell ) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/reviewdog/action-misspell/releases )
- [Commits](https://github.com/reviewdog/action-misspell/compare/v1.26.0...v1.27.0 )
---
updated-dependencies:
- dependency-name: reviewdog/action-misspell
dependency-version: 1.27.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 02:10:52 +01:00
dependabot[bot]
22936a3281
chore(deps): bump reviewdog/action-yamllint from 1.19.0 to 1.21.0 ( #83 )
...
Bumps [reviewdog/action-yamllint](https://github.com/reviewdog/action-yamllint ) from 1.19.0 to 1.21.0.
- [Release notes](https://github.com/reviewdog/action-yamllint/releases )
- [Commits](https://github.com/reviewdog/action-yamllint/compare/v1.19.0...v1.21.0 )
---
updated-dependencies:
- dependency-name: reviewdog/action-yamllint
dependency-version: 1.21.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 02:10:40 +01:00
dependabot[bot]
efd089a9b6
chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 ( #66 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.4.0 to 2.4.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.3 )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-version: 2.4.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 15:11:30 +01:00
dependabot[bot]
dd9db0dfd6
chore(deps): bump reviewdog/action-shellcheck from 1.27.0 to 1.32.0 ( #70 )
...
Bumps [reviewdog/action-shellcheck](https://github.com/reviewdog/action-shellcheck ) from 1.27.0 to 1.32.0.
- [Release notes](https://github.com/reviewdog/action-shellcheck/releases )
- [Commits](https://github.com/reviewdog/action-shellcheck/compare/v1.27.0...v1.32.0 )
---
updated-dependencies:
- dependency-name: reviewdog/action-shellcheck
dependency-version: 1.32.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 15:11:26 +01:00
dependabot[bot]
1eab6143bb
chore(deps): bump reviewdog/action-markdownlint from 0.24.0 to 0.26.2 ( #73 )
...
Bumps [reviewdog/action-markdownlint](https://github.com/reviewdog/action-markdownlint ) from 0.24.0 to 0.26.2.
- [Release notes](https://github.com/reviewdog/action-markdownlint/releases )
- [Commits](https://github.com/reviewdog/action-markdownlint/compare/v0.24.0...v0.26.2 )
---
updated-dependencies:
- dependency-name: reviewdog/action-markdownlint
dependency-version: 0.26.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 15:11:23 +01:00
dependabot[bot]
418180a124
chore(deps): bump actions/github-script from 7 to 8 ( #77 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v7...v8 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 15:05:54 +01:00
dependabot[bot]
6f4144efe1
chore(deps): bump actions/checkout from 4 to 6 ( #68 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 14:47:32 +01:00
vmfunc
a05d6ada56
ci: add pr bot for auto-labeling + rewrite release workflow for semver tags
...
pr-bot labels PRs by area (scan, nuclei, modules, ci, deps, etc) and size
(xs/s/m/l/xl), posts a summary comment with file stats breakdown.
release workflow now triggers on v* tags instead of every push to main -
extracts version from tag, injects via ldflags, auto-generates changelog
from commits since last release, includes install instructions in the
release body. prerelease detection for rc/beta tags.
Signed-off-by: vmfunc <celeste@linux.com >
2026-02-13 02:19:19 +01:00
vmfunc
e2198e932b
ci: replace qodana with codeql - no external tokens needed
...
Signed-off-by: vmfunc <celeste@linux.com >
2026-02-13 02:08:32 +01:00
vmfunc
c85201b1ed
ci: pin govulncheck to v1.1.4 - fixes scorecard pinned-dependencies
...
Signed-off-by: vmfunc <celeste@linux.com >
2026-02-13 01:57:36 +01:00
vmfunc
fcf9291653
ci: add explicit permissions to all workflows - fixes scorecard token-permissions
...
Signed-off-by: vmfunc <celeste@linux.com >
2026-02-13 01:40:22 +01:00
vmfunc
83702e9a41
ci: overhaul workflows - lint, security scanning, release hardening
...
- add golangci-lint job to go.yml (parallel with build+test)
- add Go 1.23/1.24 version matrix, coverage only on 1.24
- upgrade setup-go@v4 to v5, codecov@v4 to v5 across all workflows
- fix check-large-files bug (find|while never exits 1), exclude .git/
- add concurrency groups to push+PR workflows (no duplicate runs)
- lowercase all workflow names to match project voice
- add gosec, errorlint, gocognit, nilnil, wastedassign, usetesting linters
- remove deprecated exportloopref (Go 1.22 fixed loop var capture)
- new: govulncheck.yml - Go vuln scanner with call-graph analysis
- new: scorecard.yml - OpenSSF supply chain scorecard
- new: dependabot.yml - auto-update Go deps + Actions versions
- release: SHA256 checksums + SBOM generation for all artifacts
- add CODEOWNERS
2026-02-13 01:09:57 +01:00
vmfunc
8eb7e84090
fix: use dynamic versioning for debian packages
2026-01-05 20:55:30 -08:00
vmfunc
844affaed4
ci: push debian packages to cloudsmith
2026-01-05 20:28:07 -08:00
vmfunc
56895899ff
ci: add debian package builds to releases
2026-01-05 20:13:18 -08:00
vmfunc
60c38e29cf
ci: upgrade to go 1.24 in all workflows
2026-01-03 06:04:33 -08:00
vmfunc
ab17191c31
docs: add comprehensive documentation and fix github actions
...
- add docs/ with installation, usage, modules, scans, and api docs
- add docs link to main readme
- fix release.yml to bundle modules directory with releases
- add module system tests to runtest.yml
- standardize go version to 1.23 across workflows
2026-01-03 05:57:10 -08:00
vmfunc
046a5bc7d7
ci: add test coverage reporting to workflow
...
run tests with race detector and coverage profiling, upload results
to codecov for visibility into test coverage metrics
2026-01-03 05:57:09 -08:00
vmfunc
494a84e338
chore(actions): add framework to CI
2026-01-02 18:52:15 -08:00
vmfunc
0e3e43a1f3
fix: update readme badges and use banner image
...
- update badges to point to vmfunc/sif
- replace ascii art with banner image
- fix header check action to check first 5 lines
- remove obsolete LICENSE.md
2026-01-02 17:54:17 -08:00
vmfunc
d30c7f56a3
license: switch to bsd 3-clause, update headers and readme
...
- replace proprietary license with bsd 3-clause
- update all go file headers with new retro terminal style
- add header-check github action to enforce license headers
- completely rewrite readme to be modern, sleek, and lowercase
- fix broken badges
2026-01-02 17:41:18 -08:00
vmfunc
75350458c1
chore: update github actions to latest versions
...
- update actions/checkout from v2/v3 to v4 across all workflows
- update reviewdog actions to latest versions
- update jetbrains/qodana-action to v2024.3
- update actions/dependency-review-action to v4
- replace deprecated actions/create-release and upload-release-asset
with softprops/action-gh-release@v2
2026-01-02 17:20:01 -08:00
vmfunc
1253515f0b
actions<breaking>: remove PR-specific actions
...
(needs to be fixed)
2024-11-22 03:28:17 -05:00
vmfunc
ceb8712204
ci: various improvements to workflow
2024-10-15 02:51:52 +02:00
vmfunc
60ee32155a
fix<ci>: remove prerelease flag on release workflow
2024-10-13 00:08:34 +02:00
vmfunc
3bc8018b26
fix<ci>: use different release version naming
2024-10-12 23:58:23 +02:00
vmfunc
4eebe0e386
fix<ci>: permission flag for release creation
2024-10-12 23:56:38 +02:00
vmfunc
ea21e2188f
feat<ci>: identify automated release as pre-release
2024-10-12 23:50:01 +02:00
vmfunc
b262c82180
fix<ci>: add automated release tag
2024-10-12 23:47:35 +02:00