From 4a2cee9c456c221ce803f087fecc653c6fb40c91 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Nov 2023 11:00:17 +0000
Subject: [PATCH 1/5] Bump com.google.guava:guava in
/stackrox-container-image-scanner (#294)
---
stackrox-container-image-scanner/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/stackrox-container-image-scanner/pom.xml b/stackrox-container-image-scanner/pom.xml
index 1002ce6d..ca0c13c7 100644
--- a/stackrox-container-image-scanner/pom.xml
+++ b/stackrox-container-image-scanner/pom.xml
@@ -94,7 +94,7 @@
com.google.guava
guava
- 32.1.2-jre
+ 32.1.3-jre
commons-validator
From 1b6136d9b93150c9aa56cc2831f8cb814315d619 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Dec 2023 12:13:33 +0100
Subject: [PATCH 2/5] Bump actions/setup-java from 3 to 4 (#297)
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/setup-java
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/main.yml | 2 +-
.github/workflows/release.yml | 2 +-
.github/workflows/tests.yaml | 6 +++---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 38115e9b..1eb2b7b8 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -14,7 +14,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '8'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e4092c64..a48ac31f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -27,7 +27,7 @@ jobs:
run: |
git config --global user.email "roxbot@stackrox.com"
git config --global user.name "Robot Rox"
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '8'
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index c19a5b4a..b944cbcd 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
@@ -27,7 +27,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '8'
@@ -65,7 +65,7 @@ jobs:
repository: stackrox/stackrox
path: stackrox
- uses: docker/setup-buildx-action@v3
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
From 88f13316216c367de6c98841cc38fc622c92464f Mon Sep 17 00:00:00 2001
From: Gavin Jefferies
Date: Fri, 1 Dec 2023 09:21:26 -0800
Subject: [PATCH 3/5] chore: switch to rhacs-bot@redhat.com (#296)
---
.github/workflows/auto-merge.yml | 2 +-
.github/workflows/release.yml | 9 ++++++---
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
index 121fd42e..2b9c9a22 100644
--- a/.github/workflows/auto-merge.yml
+++ b/.github/workflows/auto-merge.yml
@@ -10,7 +10,7 @@ jobs:
steps:
- uses: ahmadnassri/action-dependabot-auto-merge@v2.6
with:
- github-token: '${{ secrets.ROBOT_ROX_GITHUB_TOKEN }}'
+ github-token: '${{ secrets.RHACS_BOT_GITHUB_TOKEN }}'
command: "squash and merge"
approve: true
target: minor
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a48ac31f..19faa163 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,12 +21,15 @@ jobs:
steps:
- uses: actions/checkout@v4
with:
- token: ${{ secrets.PAT }}
+ token: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }}
- uses: chainguard-dev/actions/setup-gitsign@main
- name: Setup git user
+ env:
+ GITHUB_USERNAME: ${{ secrets.RHACS_BOT_GITHUB_USERNAME }}
+ GITHUB_EMAIL: ${{ secrets.RHACS_BOT_GITHUB_EMAIL }}
run: |
- git config --global user.email "roxbot@stackrox.com"
- git config --global user.name "Robot Rox"
+ git config --global user.email "${GITHUB_EMAIL}"
+ git config --global user.name "${GITHUB_USERNAME}"
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
From 0b7a10a1e3d8c8011f547bfd233f9bd00e38e5cf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Dec 2023 13:13:00 +0100
Subject: [PATCH 4/5] Bump github/codeql-action from 2 to 3 (#298)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/tests.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index b944cbcd..0df7b71c 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -35,7 +35,7 @@ jobs:
- name: Initialize CodeQL
if: github.event_name == 'push'
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
with:
languages: java, javascript
@@ -52,7 +52,7 @@ jobs:
- name: Perform CodeQL Analysis
if: github.event_name == 'push'
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@v3
e2e:
if: github.event_name == 'push' || !github.event.pull_request.head.repo.fork
From 9811159d46d3b3cfc738ff22ec08a6659a2edf60 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Dec 2023 12:07:16 +0000
Subject: [PATCH 5/5] Bump actions/download-artifact from 3 to 4 (#299)
---
.github/workflows/tests.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 0df7b71c..3ae8c1a1 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -41,11 +41,11 @@ jobs:
- name: Build with Maven
run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom
- - uses: actions/upload-artifact@v3
+ - uses: actions/upload-artifact@v4
with:
name: stackrox-container-image-scanner.hpi
path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi
- - uses: actions/upload-artifact@v3
+ - uses: actions/upload-artifact@v4
with:
name: stackrox-container-image-scanner.jar
path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar
@@ -79,11 +79,11 @@ jobs:
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update
sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin
- - uses: actions/download-artifact@v3
+ - uses: actions/download-artifact@v4
with:
name: stackrox-container-image-scanner.hpi
path: jenkins
- - uses: actions/download-artifact@v3
+ - uses: actions/download-artifact@v4
with:
name: stackrox-container-image-scanner.hpi
path: stackrox-container-image-scanner/target/