build(deps): bump actions/setup-go from 3 to 4 #1402

dependabot · 2023-03-20T19:57:03Z

Release notes

Sourced from actions/setup-go's releases.

v4.0.0

In scope of release we enable cache by default. The action won’t throw an error if the cache can’t be restored or saved. The action will throw a warning message but it won’t stop a build process. The cache can be disabled by specifying cache: false.
steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v4
    with:
      go-version: ‘1.19’
  - run: go run hello.go
Besides, we introduce such changes as

Allow to use only GOCACHE for cache

Bump json5 from 2.2.1 to 2.2.3

Use proper version for primary key in cache

Always add Go bin to the PATH

Add step warning if go-version input is empty

Add support for stable and oldstable aliases

In scope of this release we introduce aliases for the go-version input. The stable alias instals the latest stable version of Go. The oldstable alias installs previous latest minor release (the stable is 1.19.x -> the oldstable is 1.18.x).

Stable
steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'stable'
  - run: go run hello.go
OldStable
steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'oldstable'
  - run: go run hello.go
Add support for go.work and pass the token input through on GHES

In scope of this release we added support for go.work file to pass it in go-version-file input.
steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
</tr></table> 

... (truncated)

Commits

4d34df0 Update configuration files (#348)
fdc0d67 Add Go bin if go-version input is empty (#351)
ebfdf6a add warning if go-version is empty (#350)
b27d769 fix lockfileVersion (#349)
c51a720 Enable caching by default with default input (#332)
6b848af Merge pull request #343 from akv-platform/reusable-workflow
12741cc Format update-config-files.yml
7a77a6a Merge branch 'main' into reusable-workflow
42a0cc8 Add update-config-files.yml
7406d65 Add and configure ESLint and update configuration for Prettier (#341)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

chen-keinan · 2023-06-10T15:06:10Z

dependabot rebase.

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>

* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53 with this change, we are adding 1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53 2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks. 3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397 * add Support VMware Tanzu(TKGI) Benchmarks v1.2.53 with this change, we are adding 1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53 2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks. 3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397 * release: prepare v0.6.15 (#1455) Signed-off-by: chenk <hen.keinan@gmail.com> * build(deps): bump golang from 1.19.4 to 1.20.4 (#1436) Bumps golang from 1.19.4 to 1.20.4. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump actions/setup-go from 3 to 4 (#1402) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com> * Fix test_items in cis-1.7 - node - 4.2.12 (#1469) Related issue: #1468 * Fix node.yaml - 4.1.7 and 4.1.8 audit by adding uniq (#1472) * chore: add fips compliant images (#1473) For fips complaince we need to generate fips compliant images. As part of this change, we will create new kube-bench image which will be fips compliant. Image name follows this tag pattern <version>-ubi-fips * release: prepare v0.6.16-rc (#1476) * release: prepare v0.6.16-rc Signed-off-by: chenk <hen.keinan@gmail.com> * release: prepare v0.6.16-rc Signed-off-by: chenk <hen.keinan@gmail.com> --------- Signed-off-by: chenk <hen.keinan@gmail.com> * release: prepare v0.6.16 official (#1479) Signed-off-by: chenk <hen.keinan@gmail.com> * Update job.yaml (#1477) * Update job.yaml Fix on typo for image version * chore: sync with upstream Signed-off-by: chenk <hen.keinan@gmail.com> --------- Signed-off-by: chenk <hen.keinan@gmail.com> Co-authored-by: chenk <hen.keinan@gmail.com> * release: prepare v0.6.17 (#1480) Signed-off-by: chenk <hen.keinan@gmail.com> * Bump docker base images (#1465) During a recent CVE scan we found kube-bench to use `alpine:3.18` as the final image which has a known high CVE. ``` grype aquasec/kube-bench:v0.6.15 ✔ Vulnerability DB [no update available] ✔ Loaded image ✔ Parsed image ✔ Cataloged packages [73 packages] ✔ Scanning image... [4 vulnerabilities] ├── 0 critical, 4 high, 0 medium, 0 low, 0 negligible └── 4 fixed NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY libcrypto3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High libssl3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High openssl 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High ``` The CVE in question was addressed in the latest [alpine release](https://www.alpinelinux.org/posts/Alpine-3.15.9-3.16.6-3.17.4-3.18.2-released.html), hence updating the dockerfiles accordingly * build(deps): bump golang from 1.20.4 to 1.20.6 (#1475) Bumps golang from 1.20.4 to 1.20.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add CIS Benchmarks support to Rancher Distributions RKE/RKE2/K3s Based on the information furnished in https://ranchermanager.docs.rancher.com/v2.7/pages-for-subheaders/rancher-hardening-guides kube-bench executes CIS-1.23 (Kubernetes v1.23) , CIS-1.24(Kubernetes v1.24),CIS-1.7 (Kubernetes v1.25,v1.26,v1.27) CIS Benchmarks of respective distributions. * RKE/RKE2 CIS Benchmarks Updated the order of checks for RKE and RKE2 Platforms. * fixed vulnerabilities|upgraded package golang.org/x/net to version v0.17.0 * Error handling for RKE Detection Pre-requisites * Based on the information furnished in https://ranchermanager.docs.rancher.com/v2.7/pages-for-subheaders/rancher-hardening-guides#hardening-guides-and-benchmark-versions, kube-bench executes CIS-1.23 (Kubernetes v1.23) , CIS-1.24(Kubernetes v1.24),CIS-1.7 (Kubernetes v1.25,v1.26,v1.27) CIS Benchmarks of respective distributions. updated documentation specific to added rancher platforms * addressed review comments 1.Implemented IsRKE functionality in kube-bench 2. Removed containerd from global level config and accommodated in individual config file 3. Corrected the control id from 1.2.25 to 1.2.23 in master.yaml(k3s-cis-1.23 and k3s-cis-1.24) * Removed unncessary dependency - kubernetes-provider-detector --------- Signed-off-by: chenk <hen.keinan@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: chenk <hen.keinan@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andy Pitcher <andy.pitcher@suse.com> Co-authored-by: Devendra Turkar <devendra.turkar@gmail.com> Co-authored-by: Guille Vigil <contact@guillermotti.com> Co-authored-by: Jonas-Taha El Sesiy <jonas-taha.elsesiy@snowflake.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 20, 2023

dependabot bot force-pushed the dependabot/github_actions/actions/setup-go-4 branch from 5633ade to 1cf1eb4 Compare April 5, 2023 10:03

chen-keinan approved these changes Jun 10, 2023

View reviewed changes

Merge branch 'main' into dependabot/github_actions/actions/setup-go-4

36ee93b

chen-keinan merged commit e2e353a into main Jun 24, 2023

chen-keinan deleted the dependabot/github_actions/actions/setup-go-4 branch June 24, 2023 16:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump actions/setup-go from 3 to 4 #1402

build(deps): bump actions/setup-go from 3 to 4 #1402

dependabot bot commented on behalf of github Mar 20, 2023 •

edited

Loading

chen-keinan commented Jun 10, 2023

build(deps): bump actions/setup-go from 3 to 4 #1402

build(deps): bump actions/setup-go from 3 to 4 #1402

Conversation

dependabot bot commented on behalf of github Mar 20, 2023 • edited Loading

v4.0.0

Add support for stable and oldstable aliases

Stable

OldStable

Add support for go.work and pass the token input through on GHES

chen-keinan commented Jun 10, 2023

dependabot bot commented on behalf of github Mar 20, 2023 •

edited

Loading