diff --git a/.github/bulldozer.yml b/.github/bulldozer.yml index caa5ef46..2bbd24e9 100644 --- a/.github/bulldozer.yml +++ b/.github/bulldozer.yml @@ -8,4 +8,4 @@ merge: squash: body: summarize_commits delete_after_merge: true - allow_merge_with_no_checks: false \ No newline at end of file + allow_merge_with_no_checks: false diff --git a/.github/dependabot-circleci.yml b/.github/dependabot-circleci.yml index 1991d2a2..3e65f845 100644 --- a/.github/dependabot-circleci.yml +++ b/.github/dependabot-circleci.yml @@ -1,4 +1,4 @@ -reviewers: +reviewers: - BESTSELLER/engineering-services labels: - - automerge \ No newline at end of file + - automerge diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b56e22c9..80e7e6da 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,7 +13,7 @@ updates: labels: - "automerge" - "dependencies" - reviewers: + reviewers: - BESTSELLER/engineering-services - package-ecosystem: "docker" # See documentation for possible values directory: "/" # Location of package manifests @@ -23,14 +23,14 @@ updates: labels: - "automerge" - "dependencies" - reviewers: + reviewers: - BESTSELLER/engineering-services - package-ecosystem: "terraform" # See documentation for possible values directory: "/terraform" # Location of package manifests open-pull-requests-limit: 10 schedule: interval: "monthly" - reviewers: + reviewers: - BESTSELLER/engineering-services - package-ecosystem: "github-actions" # See documentation for possible values directory: "/" # Location of package manifests @@ -40,6 +40,5 @@ updates: labels: - "automerge" - "dependencies" - reviewers: + reviewers: - BESTSELLER/engineering-services - diff --git a/.github/policy.yml b/.github/policy.yml index 50b7ffe9..71844d09 100644 --- a/.github/policy.yml +++ b/.github/policy.yml @@ -33,4 +33,4 @@ approval_rules: - "dependabot[bot]" - "dependabot-circleci[bot]" requires: - count: 0 \ No newline at end of file + count: 0 diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index e55efa9a..03cb8bc2 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -33,4 +33,4 @@ template: | ## Changes $CHANGES - **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$RESOLVED_VERSION \ No newline at end of file + **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$RESOLVED_VERSION diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 658aee37..b0527ec9 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -29,4 +29,4 @@ jobs: # config-name: my-config.yml # disable-autolabeler: true env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.test_cases/1_docker_quay.yml b/.test_cases/1_docker_quay.yml index 7e32fbc6..ef50f034 100644 --- a/.test_cases/1_docker_quay.yml +++ b/.test_cases/1_docker_quay.yml @@ -3,4 +3,4 @@ jobs: build: docker: - image: quay.io/jetstack/cert-manager-controller:v0.16.1 - command: [--smallfiles] \ No newline at end of file + command: [--smallfiles] diff --git a/.test_cases/2_docker_gcr.yml b/.test_cases/2_docker_gcr.yml index ee60a400..c81a2c7d 100644 --- a/.test_cases/2_docker_gcr.yml +++ b/.test_cases/2_docker_gcr.yml @@ -3,4 +3,4 @@ jobs: build: docker: - image: gcr.io/google-containers/debian-iptables:v11.0.1 - command: ["echo hej"] \ No newline at end of file + command: ["echo hej"] diff --git a/.test_cases/3_orb_regular.yml b/.test_cases/3_orb_regular.yml index 4997ba55..9f2652b1 100644 --- a/.test_cases/3_orb_regular.yml +++ b/.test_cases/3_orb_regular.yml @@ -1,3 +1,3 @@ version: 2.1 orbs: - secret-injector: bestsellerit/secret-injector@1.0.3 \ No newline at end of file + secret-injector: bestsellerit/secret-injector@1.0.3 diff --git a/.test_cases/4_orb_volatile.yml b/.test_cases/4_orb_volatile.yml index 3664c9b2..9f9ac69e 100644 --- a/.test_cases/4_orb_volatile.yml +++ b/.test_cases/4_orb_volatile.yml @@ -1,3 +1,3 @@ version: 2.1 orbs: - secret-injector: bestsellerit/secret-injector@volatile \ No newline at end of file + secret-injector: bestsellerit/secret-injector@volatile diff --git a/.test_cases/5_docker_latest.yml b/.test_cases/5_docker_latest.yml index 766d7924..1604e45e 100644 --- a/.test_cases/5_docker_latest.yml +++ b/.test_cases/5_docker_latest.yml @@ -3,4 +3,4 @@ jobs: build: docker: - image: alpine:latest - command: [--smallfiles] \ No newline at end of file + command: [--smallfiles] diff --git a/.test_cases/6_docker_notag.yml b/.test_cases/6_docker_notag.yml index 9353be71..3e264cf3 100644 --- a/.test_cases/6_docker_notag.yml +++ b/.test_cases/6_docker_notag.yml @@ -3,4 +3,4 @@ jobs: build: docker: - image: alpine - command: [--smallfiles] \ No newline at end of file + command: [--smallfiles] diff --git a/.test_cases/7_docker_mcr.yml b/.test_cases/7_docker_mcr.yml index 0d23f42e..844066cc 100644 --- a/.test_cases/7_docker_mcr.yml +++ b/.test_cases/7_docker_mcr.yml @@ -3,4 +3,4 @@ jobs: build: docker: - image: mcr.microsoft.com/dotnet/sdk:5.0 - command: ["echo hej"] \ No newline at end of file + command: ["echo hej"] diff --git a/CODEOWNERS b/CODEOWNERS index fb08937a..b0044e92 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @BESTSELLER/engineering-services \ No newline at end of file +* @BESTSELLER/engineering-services diff --git a/Dockerfile b/Dockerfile index 34cb02bf..f473a86d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,4 +8,4 @@ FROM alpine COPY --from=builder /tmp/dependabot-circleci /dependabot-circleci ENTRYPOINT ["/dependabot-circleci"] -EXPOSE 3000 \ No newline at end of file +EXPOSE 3000 diff --git a/README.md b/README.md index 87778e55..8e44e1b6 100644 --- a/README.md +++ b/README.md @@ -53,14 +53,14 @@ dependabot-circleci will recursively scan all the files and folders in the direc The `dependabot-circleci` configuration file, dependabot-circleci.yml, uses YAML syntax. You must store this file in the .github directory of your repository. -| Option | Required | Description | Default | -|:----------------------------------|:--------:|:-----------------------------------------------------------------------------------------------|----------------------------| -| [`assignees`](#assignees) | | Assignees to set on pull requests | n/a | -| [`labels`](#labels) | | Labels to set on pull requests | n/a | -| [`reviewers`](#reviewers) | | Reviewers to set on pull requests | n/a | -| [`target-branch`](#target-branch) | | Branch to create pull requests against | Default branch in the repo | -| [`directory`](#directory) | | Path to the circleci config file, or folder to be scanned | `/.circleci/config.yml` | -| [`schedule`](#schedule) | | When to look for updates | daily | +| Option | Required | Description | Default | +| :-------------------------------- | :------: | :-------------------------------------------------------- | -------------------------- | +| [`assignees`](#assignees) | | Assignees to set on pull requests | n/a | +| [`labels`](#labels) | | Labels to set on pull requests | n/a | +| [`reviewers`](#reviewers) | | Reviewers to set on pull requests | n/a | +| [`target-branch`](#target-branch) | | Branch to create pull requests against | Default branch in the repo | +| [`directory`](#directory) | | Path to the circleci config file, or folder to be scanned | `/.circleci/config.yml` | +| [`schedule`](#schedule) | | When to look for updates | daily | ---
@@ -72,11 +72,11 @@ We are open for issues, pull requests etc. ## Running locally 1. Clone the repository -2. Make sure to have your secrets file in place +2. Make sure to have your secrets file in place 2.1 BESTSELLER folks can use Harpocrates to get them from Vault. ```bash harpocrates -f secrets-local.yaml --vault-token $(vault token create -format=json | jq -r '.auth.client_token') - ``` + ``` 2.2 Others will have to fill out this template in any other way. ```json { @@ -119,6 +119,6 @@ We are open for issues, pull requests etc. --header 'Content-Type: application/json' \ --data '{"Org":"BESTSELLER","Repos": ["dependabot-circleci"]}' ``` -5. If you want to debug the worker without docker: +5. If you want to debug the worker without docker: 1. Add the env vars from the docker-compose file to your local environment to match the worker 2. Run/Debug in your IDE with the `-worker` flag \ No newline at end of file diff --git a/api/config_check.go b/api/config_check.go index fc409178..c9a02fd7 100644 --- a/api/config_check.go +++ b/api/config_check.go @@ -10,7 +10,7 @@ import ( "github.com/BESTSELLER/dependabot-circleci/datadog" "github.com/BESTSELLER/dependabot-circleci/db" "github.com/BESTSELLER/dependabot-circleci/gh" - "github.com/google/go-github/v60/github" + "github.com/google/go-github/v62/github" "github.com/palantir/go-githubapp/githubapp" "github.com/pkg/errors" "github.com/rs/zerolog/log" diff --git a/dependabot/dependabot.go b/dependabot/dependabot.go index fc57da68..c31ebff7 100644 --- a/dependabot/dependabot.go +++ b/dependabot/dependabot.go @@ -12,7 +12,7 @@ import ( "github.com/BESTSELLER/dependabot-circleci/config" "github.com/BESTSELLER/dependabot-circleci/datadog" "github.com/BESTSELLER/dependabot-circleci/gh" - "github.com/google/go-github/v60/github" + "github.com/google/go-github/v62/github" "github.com/rs/zerolog/log" ) diff --git a/gh/client.go b/gh/client.go index ceead410..721eda6d 100644 --- a/gh/client.go +++ b/gh/client.go @@ -6,7 +6,7 @@ import ( "net/http" "time" - "github.com/google/go-github/v60/github" + "github.com/google/go-github/v62/github" "github.com/gregjones/httpcache" "github.com/palantir/go-githubapp/githubapp" diff --git a/gh/commit.go b/gh/commit.go index 043bc106..20ae0895 100644 --- a/gh/commit.go +++ b/gh/commit.go @@ -6,7 +6,7 @@ import ( "net/http" "strings" - "github.com/google/go-github/v60/github" + "github.com/google/go-github/v62/github" "github.com/rs/zerolog/log" ) diff --git a/gh/repos.go b/gh/repos.go index c189b5c3..c3805213 100644 --- a/gh/repos.go +++ b/gh/repos.go @@ -3,7 +3,7 @@ package gh import ( "context" - "github.com/google/go-github/v60/github" + "github.com/google/go-github/v62/github" ) // GetRepos returns a list of repos for an orginasation diff --git a/gh/transport.go b/gh/transport.go index 6186badb..2ae8364e 100644 --- a/gh/transport.go +++ b/gh/transport.go @@ -7,7 +7,7 @@ import ( "sync" "time" - "github.com/google/go-github/v60/github" + "github.com/google/go-github/v62/github" "github.com/rs/zerolog/log" ) diff --git a/go.mod b/go.mod index f20d357d..a9268edb 100644 --- a/go.mod +++ b/go.mod @@ -5,12 +5,12 @@ go 1.22 require ( github.com/CircleCI-Public/circleci-cli v0.1.30549 github.com/google/go-containerregistry v0.19.1 - github.com/google/go-github/v60 v60.0.0 + github.com/google/go-github/v62 v62.0.0 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 github.com/hashicorp/go-version v1.6.0 github.com/kelseyhightower/envconfig v1.4.0 github.com/palantir/go-baseapp v0.5.2 - github.com/palantir/go-githubapp v0.24.1 + github.com/palantir/go-githubapp v0.26.0 github.com/pkg/errors v0.9.1 github.com/rs/zerolog v1.33.0 github.com/stretchr/testify v1.9.0 @@ -55,6 +55,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect + github.com/google/go-github/v60 v60.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect @@ -79,7 +80,7 @@ require ( github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/rs/xid v1.5.0 // indirect github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect - github.com/shurcooL/githubv4 v0.0.0-20240120211514-18a1ae0e79dc // indirect + github.com/shurcooL/githubv4 v0.0.0-20240429030203-be2daab69064 // indirect github.com/shurcooL/graphql v0.0.0-20181231061246-d48a9a75455f // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/afero v1.11.0 // indirect diff --git a/go.sum b/go.sum index 1520a711..509444a8 100644 --- a/go.sum +++ b/go.sum @@ -116,6 +116,8 @@ github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-github/v60 v60.0.0 h1:oLG98PsLauFvvu4D/YPxq374jhSxFYdzQGNCyONLfn8= github.com/google/go-github/v60 v60.0.0/go.mod h1:ByhX2dP9XT9o/ll2yXAu2VD8l5eNVg8hD4Cr0S/LmQk= +github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4= +github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= @@ -174,8 +176,8 @@ github.com/outcaste-io/ristretto v0.2.3 h1:AK4zt/fJ76kjlYObOeNwh4T3asEuaCmp26pOv github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac= github.com/palantir/go-baseapp v0.5.2 h1:b1ukx7AXo2/E4NkUvTFlW+185uwCcifzd2XzLrG4oS8= github.com/palantir/go-baseapp v0.5.2/go.mod h1:uijQMPfmgV69oiMu2jkskum/4HiYuEP/gzrnphD+/Co= -github.com/palantir/go-githubapp v0.24.1 h1:LiqaDq587M0Sq0EqwSsme/HTkQTh4wcTd2pgWiBMBf8= -github.com/palantir/go-githubapp v0.24.1/go.mod h1:x3vs+HLKMnRj3/Ut4vq8Q8idHqPforP2OsZrdGiCltM= +github.com/palantir/go-githubapp v0.26.0 h1:YWHqsVWXLED3nXsXLGVKXK6DNPWFytPqcDKU6hBFHUE= +github.com/palantir/go-githubapp v0.26.0/go.mod h1:e4aVb0zbw7+cnIWQg6uQxRVJY4m0JaivRiJ0k/9Rz7o= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw= @@ -201,8 +203,8 @@ github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWR github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg= github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI= -github.com/shurcooL/githubv4 v0.0.0-20240120211514-18a1ae0e79dc h1:vH0NQbIDk+mJLvBliNGfcQgUmhlniWBDXC79oRxfZA0= -github.com/shurcooL/githubv4 v0.0.0-20240120211514-18a1ae0e79dc/go.mod h1:zqMwyHmnN/eDOZOdiTohqIUKUrTFX62PNlu7IJdu0q8= +github.com/shurcooL/githubv4 v0.0.0-20240429030203-be2daab69064 h1:RCQBSFx5JrsbHltqTtJ+kN3U0Y3a/N/GlVdmRSoxzyE= +github.com/shurcooL/githubv4 v0.0.0-20240429030203-be2daab69064/go.mod h1:zqMwyHmnN/eDOZOdiTohqIUKUrTFX62PNlu7IJdu0q8= github.com/shurcooL/graphql v0.0.0-20181231061246-d48a9a75455f h1:tygelZueB1EtXkPI6mQ4o9DQ0+FKW41hTbunoXZCTqk= github.com/shurcooL/graphql v0.0.0-20181231061246-d48a9a75455f/go.mod h1:AuYgA5Kyo4c7HfUmvRGs/6rGlMMV/6B1bVnB9JxJEEg= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= diff --git a/secrets-ci.yaml b/secrets-ci.yaml index 50f70075..810d9ea9 100644 --- a/secrets-ci.yaml +++ b/secrets-ci.yaml @@ -4,4 +4,4 @@ secrets: saveAsFile: true fileName: cloudrun_token format: json - - ES/data/$CIRCLE_PROJECT_REPONAME/db \ No newline at end of file + - ES/data/$CIRCLE_PROJECT_REPONAME/db diff --git a/secrets-local.yaml b/secrets-local.yaml index 30e38dd4..da12f6be 100644 --- a/secrets-local.yaml +++ b/secrets-local.yaml @@ -4,4 +4,4 @@ secrets: - ES/data/dependabot-circleci/prod: filename: app-secrets - ES/data/dependabot-circleci/db: - filename: db-secrets \ No newline at end of file + filename: db-secrets diff --git a/secrets.yml b/secrets.yml index d5dc6aac..d5878133 100644 --- a/secrets.yml +++ b/secrets.yml @@ -1,4 +1,4 @@ format: json output: "/secrets" secrets: - - ES/data/$CIRCLE_PROJECT_REPONAME/v2 \ No newline at end of file + - ES/data/$CIRCLE_PROJECT_REPONAME/v2 diff --git a/terraform/modules/cloud_run/main.tf b/terraform/modules/cloud_run/main.tf index cfc7c027..eb0bafa4 100644 --- a/terraform/modules/cloud_run/main.tf +++ b/terraform/modules/cloud_run/main.tf @@ -125,7 +125,7 @@ resource "google_cloud_run_v2_service" "main" { volumes { name = "secrets" empty_dir { - medium = "MEMORY" + medium = "MEMORY" size_limit = "1Mi" } } diff --git a/terraform/modules/cloud_run/outputs.tf b/terraform/modules/cloud_run/outputs.tf index 56169af6..e1122973 100644 --- a/terraform/modules/cloud_run/outputs.tf +++ b/terraform/modules/cloud_run/outputs.tf @@ -1,4 +1,3 @@ output "url" { value = google_cloud_run_v2_service.main.uri } - diff --git a/terraform/modules/logs/variables.tf b/terraform/modules/logs/variables.tf index ed99af47..7a9c15cb 100644 --- a/terraform/modules/logs/variables.tf +++ b/terraform/modules/logs/variables.tf @@ -4,4 +4,4 @@ variable "project_id" { variable "monitor_project_id" { type = string -} \ No newline at end of file +}