gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-03-12 21:23:04 -07:00
Code Issues Packages Projects Releases Wiki Activity
284 Commits 13 Branches 61 Tags
fcf929165312ab541703fe0036964c718858f358
Commit Graph

4 Commits

Author SHA1 Message Date
vmfunc
fcf9291653 ci: add explicit permissions to all workflows - fixes scorecard token-permissions 
Signed-off-by: vmfunc <celeste@linux.com>
 2026-02-13 01:40:22 +01:00
vmfunc
83702e9a41 ci: overhaul workflows - lint, security scanning, release hardening 
- add golangci-lint job to go.yml (parallel with build+test)
- add Go 1.23/1.24 version matrix, coverage only on 1.24
- upgrade setup-go@v4 to v5, codecov@v4 to v5 across all workflows
- fix check-large-files bug (find|while never exits 1), exclude .git/
- add concurrency groups to push+PR workflows (no duplicate runs)
- lowercase all workflow names to match project voice
- add gosec, errorlint, gocognit, nilnil, wastedassign, usetesting linters
- remove deprecated exportloopref (Go 1.22 fixed loop var capture)
- new: govulncheck.yml - Go vuln scanner with call-graph analysis
- new: scorecard.yml - OpenSSF supply chain scorecard
- new: dependabot.yml - auto-update Go deps + Actions versions
- release: SHA256 checksums + SBOM generation for all artifacts
- add CODEOWNERS
 2026-02-13 01:09:57 +01:00
vmfunc
75350458c1 chore: update github actions to latest versions 
- update actions/checkout from v2/v3 to v4 across all workflows
- update reviewdog actions to latest versions
- update jetbrains/qodana-action to v2024.3
- update actions/dependency-review-action to v4
- replace deprecated actions/create-release and upload-release-asset
  with softprops/action-gh-release@v2
 2026-01-02 17:20:01 -08:00
vmfunc
ceb8712204 ci: various improvements to workflow 2024-10-15 02:51:52 +02:00