Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 bump docker to ghcr v2.4.1 #1478

Merged
merged 1 commit into from
Feb 21, 2025
Merged

🌱 bump docker to ghcr v2.4.1 #1478

merged 1 commit into from
Feb 21, 2025

Conversation

spencerschrock
Copy link
Member

@spencerschrock spencerschrock commented Dec 4, 2024
edited
Loading

This includes both the version bump, and uses the new GHCR image.

Initially sent as a draft PR, as there are a few steps left in the process:

  • scorecard upgrade?
  • release notes
  • promote webapp staging to prod
  • ?

Fixes #1473
Fixes #1499

@spencerschrock spencerschrock mentioned this pull request Feb 3, 2025
Closed
@spencerschrock
Copy link
Member Author

Hoping to get #1509 in here before releasing next week.

@justaugustus
Copy link
Member

Sounds good!!

@spencerschrock
bump docker to ghcr v2.4.1
5696189 
This includes both the version bump, and uses the new GHCR image.

Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
Copy link
Member Author

spencerschrock commented Feb 20, 2025
edited
Loading

Kicked off a manual e2e test:
https://github.com/ossf-tests/scorecard-action/actions/runs/13446046312

It should run on schedule in ~ 4 hours as well.

Testing the new file mode worked for a test repo with things ignored in .gitattributes:
https://github.com/spencerschrock/actions-test/blob/52aa73dfb0179631f2208da4064bf19280686765/.github/workflows/scorecard.yml#L38-L43
https://github.com/spencerschrock/actions-test/blob/52aa73dfb0179631f2208da4064bf19280686765/.gitattributes

https://github.com/spencerschrock/actions-test/actions/runs/13445540514/job/37570684369#step:4:207

{
  "date": "2025-02-20T22:21:48Z",
  "repo": {
    "name": "github.com/spencerschrock/actions-test",
    "commit": "52aa73dfb0179631f2208da4064bf19280686765"
  },
  "scorecard": {
    "version": "v5.1.1",
    "commit": "cd152cb6742c5b8f2f3d2b5193b41d9c50905198"
  },
  "score": 5.4,
  "checks": [
    {
      "score": 0,
      "reason": "detected GitHub workflow tokens with excessive permissions",
      "name": "Token-Permissions",
    },
    {
      "details": null,
      "score": 10,
      "reason": "no dangerous workflow patterns detected",
      "name": "Dangerous-Workflow",
    },
  // ...

justaugustus
justaugustus approved these changes Feb 21, 2025
View reviewed changes
Copy link
Member

@justaugustus justaugustus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @spencerschrock !

@spencerschrock spencerschrock marked this pull request as ready for review February 21, 2025 17:01
@spencerschrock spencerschrock merged commit f49aabe into ossf:main Feb 21, 2025
9 checks passed
@spencerschrock spencerschrock deleted the bump-action-version branch February 21, 2025 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justaugustus justaugustus justaugustus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

osv-scanner.toml package override ignored by github action Next release timeline
2 participants
@spencerschrock @justaugustus