95 Commits

Author SHA1 Message Date
Rob Herley
24b1443a07
use new @actions/artifact version & update download logic 2023-08-24 11:57:52 -04:00
Brian Flad
e9ef242655
Add download-path output to action.yml (#194)
Reference: https://github.com/actions/download-artifact/issues/153
Reference: https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#outputs-for-docker-container-and-javascript-actions

Prevents false positives from tooling, such as `actionlint`, that depends on the metadata for static analysis.

Co-authored-by: Konrad Pabjan <konradpabjan@github.com>
2023-01-05 17:35:52 -05:00
dependabot[bot]
adf9559c4f
Bump json5 from 1.0.1 to 1.0.2 (#198)
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-05 17:24:04 -05:00
Konrad Pabjan
9bc31d5ccc
Update to latest actions/artifact NPM package (#195)
* Use latest actions/artifact NPM package + misc updates

* Use node 18 + caching in CI

* Run npm release

* Use node 16 for CI + devcontainer
v3.0.2 v3
2023-01-04 17:30:33 -05:00
Konrad Pabjan
d2278a10ef
Update release-new-action-version.yml (#196) 2023-01-04 17:25:27 -05:00
Konrad Pabjan
c1a6d8f06a
Update codeql-analysis.yml (#197) 2023-01-04 17:21:01 -05:00
Francesco Renzi
9782bd6a98
Update @actions/core to 1.10.0 (#178)
* Update @actions/core to 1.10.0

* Update licenses

* solve npm conflicts

* update licenses
v3.0.1
2022-10-20 19:26:49 -04:00
Yang Cao
076f0f7dd0
Merge pull request #156 from actions/dependabot/npm_and_yarn/ansi-regex-4.1.1
Bump ansi-regex from 4.1.0 to 4.1.1
2022-04-25 10:12:25 -04:00
dependabot[bot]
7151be3221
Bump ansi-regex from 4.1.0 to 4.1.1
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 14:08:54 +00:00
Yang Cao
51cbdc41c1
Merge pull request #152 from actions/dependabot/npm_and_yarn/minimist-1.2.6
Bump minimist from 1.2.5 to 1.2.6
2022-04-25 10:08:26 -04:00
dependabot[bot]
e89a529079
Bump minimist from 1.2.5 to 1.2.6
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-26 14:50:08 +00:00
Jonathan Tamsut
fb598a63ae
Merge pull request #136 from actions/jtamsut/update-lockfile-version
Update `lockfileVersion` in `package-lock.json`
v3.0.0
2022-03-02 10:35:41 -08:00
Jonathan Tamsut
a4a09c5d7e regenerate index.js 2022-03-01 14:43:36 -08:00
Jonathan Tamsut
9acf51df79 regenerate package lock 2022-03-01 14:31:56 -08:00
Jonathan Tamsut
8821072325 upgrade artifact version 2022-03-01 14:30:51 -08:00
Jonathan Tamsut
b8bbd3b64f regenerate lockfile 2022-03-01 13:38:43 -08:00
Jonathan Tamsut
6ee3d963e5 revert artifact version 2022-03-01 13:37:07 -08:00
Jonathan Tamsut
d4793f4e27 update docs for v3 2022-03-01 13:27:20 -08:00
Jonathan Tamsut
2d338d2145 upgrade package to v3 2022-03-01 13:18:36 -08:00
Jonathan Tamsut
360d0830b5 update dependency on artifact lib 2022-03-01 13:14:55 -08:00
Jonathan Tamsut
d9b73cccac update lock file 2022-03-01 13:14:35 -08:00
Thomas Boop
a327a9c763
Update default runtime to node16 (#134)
Node 12 has an end of life on April 30, 2022.

This PR updates the default runtime to [node16](https://github.blog/changelog/2021-12-10-github-actions-github-hosted-runners-now-run-node-js-16-by-default/), rather then node12. 

This is supported on all Actions Runners v2.285.0 or later.
2022-02-07 21:18:27 +01:00
Konrad Pabjan
f023be2c48
Update @actions/artifact to version 0.6.0 (#123)
* Update @actions/artifact to version 0.6.0

* update artifact.dep.yml to use version 0.6.0
v2.1.0
2021-12-07 11:44:54 -05:00
Konrad Pabjan
591af65465
Create release-new-action-version.yml (#122) 2021-12-02 11:14:52 -05:00
dependabot[bot]
f2e7c54ea3
Bump path-parse from 1.0.6 to 1.0.7 (#109)
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-02 10:31:46 -05:00
Rob Herley
e15ea60964
Merge pull request #121 from actions/robherley/dupe-issue-template
rm dupe security vulnerability from issue template
2021-11-23 14:48:56 -05:00
Rob Herley
12f9853977
rm dupe security vulnerability from issue template 2021-11-23 14:46:39 -05:00
Rob Herley
b3f61af72c
Merge pull request #120 from actions/robherley/update-issue-templates
Add issue templates
2021-11-22 16:49:17 -05:00
Rob Herley
ad79f6c16c
add issue templates 2021-11-22 10:12:52 -05:00
Brian Cristante
b1985abdea
Create check-dist.yml (#108)
* Add check-dist.yml

* Fix triggers in licensed.yml
2021-08-10 13:59:02 -04:00
Brian Cristante
3be87be14a
Ingest v0.5.2 of @actions/artifact (#100)
* npm install --update @actions/artifact

* Update .licenses file

* npm run release
v2.0.10
2021-06-16 16:19:05 -04:00
Brian Cristante
8bef1ad834
Merge pull request #97 from actions/dependabot/npm_and_yarn/glob-parent-5.1.2
Bump glob-parent from 5.1.1 to 5.1.2
2021-06-16 16:06:52 -04:00
Brian Cristante
2940e0d2ad
Merge pull request #92 from actions/dependabot/npm_and_yarn/hosted-git-info-2.8.9
Bump hosted-git-info from 2.8.5 to 2.8.9
2021-06-16 16:06:23 -04:00
Brian Cristante
bd90b34638
Merge pull request #91 from actions/dependabot/npm_and_yarn/lodash-4.17.21
Bump lodash from 4.17.19 to 4.17.21
2021-06-16 16:06:06 -04:00
Brian Cristante
3b6d0aba35
Merge pull request #99 from actions/brcrista/dependabot-push
Don't trigger CodeQL on Dependabot push
2021-06-16 16:05:29 -04:00
Brian Cristante
46a6d6f216
Don't trigger CodeQL on Dependabot push 2021-06-16 16:01:04 -04:00
dependabot[bot]
246a0f4716
Bump glob-parent from 5.1.1 to 5.1.2
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-11 13:14:19 +00:00
Robert Cannon
df388c92ce
Clarified the v1 and v2 differences (#96)
The original text implies by supplying no inputs all files are placed in the root directory without added directories by focusing only on the `path` input. In practice, supplying no inputs results in the backwards compatible `v1` behavior of creating an extra parameter. This may be obvious in some scenarios and stated somewhat later in the document, but is less obvious when the "name" matches a filename for a single file artifact.
2021-05-21 21:20:10 +02:00
dependabot[bot]
87f717a35d
Bump hosted-git-info from 2.8.5 to 2.8.9
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.5 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-11 17:16:23 +00:00
dependabot[bot]
ae445150c2
Bump lodash from 4.17.19 to 4.17.21
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-11 12:10:53 +00:00
Konrad Pabjan
158ca71f7c
Bump @actions/artifact to version 0.5.1 (#85) v2.0.9 2021-04-06 16:50:27 -04:00
dependabot[bot]
65bdb44741
Bump y18n from 4.0.0 to 4.0.1 (#84)
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-06 15:23:44 -04:00
Josh Gross
782e5ae9ea
Merge pull request #81 from rneatherway/codeql-add-pull-request-trigger
Add on: pull_request trigger to CodeQL workflow
2021-01-14 18:42:16 -05:00
Robin Neatherway
a6ff13d56d Add on: pull_request trigger to CodeQL workflow
From February 2021, in order to provide feedback on pull requests, Code Scanning workflows must be configured with both `push` and `pull_request` triggers. This is because Code Scanning compares the results from a pull request against the results for the base branch to tell you only what has changed between the two.

Early in the beta period we supported displaying results on pull requests for workflows with only `push` triggers, but have discontinued support as this proved to be less robust.

See https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#scanning-pull-requests for more information on how best to configure your Code Scanning workflows.
2021-01-13 11:19:52 +00:00
Konrad Pabjan
4a7a711286
Add retries to all HTTP calls + fix dependabot alerts (#80)
* Update @actions/artifact package to version 0.5.0

* bump eslint-plugin-github to version 4.1.1

* Update artifact.dep.yml
v2.0.8
2021-01-04 15:47:26 +01:00
Konrad Pabjan
f144d3c391
Update @actions/artifact from 0.3.5 to 0.4.2 (#73)
* Update @actions/artifact from 0.3.5 to 0.4.2

* Update package versions in .licenses
v2.0.7
2020-12-15 10:55:26 -05:00
Josh Gross
987de047e8
Merge pull request #71 from actions/joshmgross/fix-codeowners
Fix CODEOWNERS team name
2020-12-07 15:50:08 -05:00
Josh Gross
89cfa805e3
Fix CODEOWNERS team name 2020-12-07 13:35:10 -05:00
Yang Cao
37439a4b3c
Merge pull request #69 from brcrista/patch-1
Add CODEOWNERS file
2020-11-25 15:24:36 -05:00
Brian Cristante
d84bbb4c0a
Create CODEOWNERS 2020-11-25 15:18:14 -05:00