Skip to content

Commit 83b361a

Browse files
authored
Merge pull request #938 from Wikid82/nightly
Weekly: Promote nightly to main (2026-04-13)
2 parents 7bd3a73 + 062b866 commit 83b361a

42 files changed

Lines changed: 1975 additions & 788 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/renovate.json

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -232,9 +232,24 @@
232232
"datasourceTemplate": "github-releases",
233233
"versioningTemplate": "semver",
234234
"extractVersionTemplate": "^v(?<version>.*)$"
235+
},
236+
{
237+
"customType": "regex",
238+
"description": "Track go-version in skill example workflows",
239+
"managerFilePatterns": ["/^\\.github/skills/examples/.*\\.yml$/"],
240+
"matchStrings": [
241+
"go-version: [\"']?(?<currentValue>[\\d\\.]+)[\"']?"
242+
],
243+
"depNameTemplate": "golang/go",
244+
"datasourceTemplate": "golang-version",
245+
"versioningTemplate": "semver"
235246
}
236247
],
237248

249+
"github-actions": {
250+
"fileMatch": ["^\\.github/skills/examples/.*\\.ya?ml$"]
251+
},
252+
238253
"packageRules": [
239254
{
240255
"description": "THE MEGAZORD: Group ALL non-major updates (NPM, Docker, Go, Actions) into one PR",
@@ -277,6 +292,24 @@
277292
"matchPackageNames": ["caddy"],
278293
"allowedVersions": "<3.0.0"
279294
},
295+
{
296+
"description": "Go: keep pgx within v4 (CrowdSec requires pgx/v4 module path)",
297+
"matchDatasources": ["go"],
298+
"matchPackageNames": ["github.com/jackc/pgx/v4"],
299+
"allowedVersions": "<5.0.0"
300+
},
301+
{
302+
"description": "Go: keep go-jose/v3 within v3 (v4 is a different Go module path)",
303+
"matchDatasources": ["go"],
304+
"matchPackageNames": ["github.com/go-jose/go-jose/v3"],
305+
"allowedVersions": "<4.0.0"
306+
},
307+
{
308+
"description": "Go: keep go-jose/v4 within v4 (v5 would be a different Go module path)",
309+
"matchDatasources": ["go"],
310+
"matchPackageNames": ["github.com/go-jose/go-jose/v4"],
311+
"allowedVersions": "<5.0.0"
312+
},
280313
{
281314
"description": "Safety: Keep MAJOR updates separate and require manual review",
282315
"matchUpdateTypes": ["major"],

.github/skills/examples/gorm-scanner-ci-workflow.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ jobs:
2525
- name: Setup Go
2626
uses: actions/setup-go@v5
2727
with:
28-
go-version: "1.26.1"
28+
go-version: "1.26.2"
2929

3030
- name: Run GORM Security Scanner
3131
id: gorm-scan

.github/skills/security-scan-docker-image-scripts/run.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ fi
3535
# Check Grype
3636
if ! command -v grype >/dev/null 2>&1; then
3737
log_error "Grype not found - install from: https://github.com/anchore/grype"
38-
log_error "Installation: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.110.0"
38+
log_error "Installation: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.111.0"
3939
error_exit "Grype is required for vulnerability scanning" 2
4040
fi
4141

@@ -50,8 +50,8 @@ SYFT_INSTALLED_VERSION=$(syft version | grep -oP 'Version:\s*\Kv?[0-9]+\.[0-9]+\
5050
GRYPE_INSTALLED_VERSION=$(grype version | grep -oP 'Version:\s*\Kv?[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "unknown")
5151

5252
# Set defaults matching CI workflow
53-
set_default_env "SYFT_VERSION" "v1.42.3"
54-
set_default_env "GRYPE_VERSION" "v0.110.0"
53+
set_default_env "SYFT_VERSION" "v1.42.4"
54+
set_default_env "GRYPE_VERSION" "v0.111.0"
5555
set_default_env "IMAGE_TAG" "charon:local"
5656
set_default_env "FAIL_ON_SEVERITY" "Critical,High"
5757

.github/workflows/auto-changelog.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,6 @@ jobs:
2424
with:
2525
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
2626
- name: Draft Release
27-
uses: release-drafter/release-drafter@139054aeaa9adc52ab36ddf67437541f039b88e2 # v7
27+
uses: release-drafter/release-drafter@5de93583980a40bd78603b6dfdcda5b4df377b32 # v7
2828
env:
2929
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/auto-label-issues.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
issues: write
1919
steps:
2020
- name: Auto-label based on title and body
21-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
21+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
2222
with:
2323
script: |
2424
const issue = context.payload.issue;

.github/workflows/benchmark.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ concurrency:
1212
cancel-in-progress: true
1313

1414
env:
15-
GO_VERSION: '1.26.1'
15+
GO_VERSION: '1.26.2'
1616
GOTOOLCHAIN: auto
1717

1818
# Minimal permissions at workflow level; write permissions granted at job level for push only

.github/workflows/caddy-major-monitor.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
runs-on: ubuntu-latest
1919
steps:
2020
- name: Check for Caddy v3 and open issue
21-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
21+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
2222
with:
2323
script: |
2424
const upstream = { owner: 'caddyserver', repo: 'caddy' };

.github/workflows/codecov-upload.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ concurrency:
2323
cancel-in-progress: true
2424

2525
env:
26-
GO_VERSION: '1.26.1'
26+
GO_VERSION: '1.26.2'
2727
NODE_VERSION: '24.12.0'
2828
GOTOOLCHAIN: auto
2929

@@ -139,7 +139,7 @@ jobs:
139139
140140
- name: Upload test output artifact
141141
if: always()
142-
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
142+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
143143
with:
144144
name: backend-test-output
145145
path: backend/test-output.txt

.github/workflows/codeql.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ concurrency:
1515

1616
env:
1717
GOTOOLCHAIN: auto
18-
GO_VERSION: '1.26.1'
18+
GO_VERSION: '1.26.2'
1919

2020
permissions:
2121
contents: read

.github/workflows/container-prune.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ jobs:
8888
8989
- name: Upload GHCR prune artifacts
9090
if: always()
91-
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
91+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
9292
with:
9393
name: prune-ghcr-log-${{ github.run_id }}
9494
path: |
@@ -159,7 +159,7 @@ jobs:
159159
160160
- name: Upload Docker Hub prune artifacts
161161
if: always()
162-
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
162+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
163163
with:
164164
name: prune-dockerhub-log-${{ github.run_id }}
165165
path: |

0 commit comments

Comments
 (0)