mirror of
https://github.com/chainguard-dev/clog
synced 2026-07-06 22:12:46 +00:00
54 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
01a02443da
|
fix: convert WARN string for cloud batch (#76)
### What
Convert WARN string to WARNING for compatibility with Cloud Batch
### Why
We have a service running in Cloud Batch which alerts on any warning
log. Digging into this, it appears Cloud Batch does not convert WARN ->
WARNING and thus interprets the unidentifiable log level as error.
Looking at logs for this service, the `jsonPayload.severity` is removed
for all log levels except for WARN, which ends up interpreted as an
ERROR level:
```
for level in DEBUG INFO WARN WARNING ERROR CRITICAL; do
count=$(gcloud logging read "resource.type=\"batch.googleapis.com/Job\" labels.component=\"...\" jsonPayload.severity=\"${level}\"" \
--project=... --limit=1 \
--format="value(severity)" 2>/dev/null)
echo "${level} -> ${count:-<no results>}"
done
DEBUG -> <no results>
INFO -> <no results>
WARN -> ERROR
WARNING -> <no results>
ERROR -> <no results>
CRITICAL -> <no results>
```
Signed-off-by: Zackary Crosley <zackary.crosley@chainguard.dev>
|
||
|
|
e522bdd603
|
fix(ci): add persist-credentials: false and zizmor pedantic config (#69)
## Summary This patch series addresses GitHub Actions security findings in `chainguard-dev/clog` as part of the PSEC-923 hardening campaign. ## Patches ### 0001 — `fix(ci): add persist-credentials: false to checkout steps` Adds `persist-credentials: false` to the `actions/checkout` step in: - `.github/workflows/go.yml` — build/test job; no downstream git write operations The `zizmor.yaml` and `actionlint.yaml` workflows already had `persist-credentials: false` on their checkout steps. This patch completes coverage for the remaining workflow. Resolves: 1 `artipacked` finding (zizmor) ### 0002 — `fix(ci): add pedantic persona and suppress noisy zizmor rules` - Creates `.github/zizmor.yml` disabling three pedantic-only rules that have no direct security value (`anonymous-definition`, `concurrency-limits`) and configuring `dependabot-cooldown` to use a 3-day threshold. - Updates `.github/workflows/zizmor.yaml` to run zizmor with `persona: pedantic` so that all template expansions in `run:` blocks are checked, not just attacker-controlled ones. - Extends the `paths:` trigger in `zizmor.yaml` to include `.github/zizmor.yml` and `.github/dependabot.yml`, so that changes to those files trigger the zizmor check. Resolves: 3 `concurrency-limits` findings, 1 `anonymous-definition` finding, 2 `dependabot-cooldown` findings (all suppressed via config) ## Testing - Validate that the zizmor workflow runs on PRs touching `.github/zizmor.yml` and `.github/dependabot.yml`. - Confirm zizmor passes in pedantic mode with the new `.github/zizmor.yml` suppression config in place. Refs: PSEC-923 |
||
|
|
a29ba6665f
|
Bump step-security/harden-runner from 2.18.0 to 2.19.0 (#67)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.18.0 to 2.19.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.19.0</h2> <h2>What's Changed</h2> <h3>New Runner Support</h3> <p>Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.</p> <h3>Automated Incident Response for Supply Chain Attacks</h3> <ul> <li>Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.</li> <li>System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).</li> </ul> <h3>Bug Fixes</h3> <p>Windows and macOS: stability and reliability fixes</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0">https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
f2e76c2e27
|
Bump step-security/harden-runner from 2.15.1 to 2.18.0 (#65)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.15.1 to 2.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.18.0</h2> <h2>What's Changed</h2> <p>Global Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.</p> <p>Deploy on Self-Hosted VM: Added <code>deploy-on-self-hosted-vm</code> input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0">https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0</a></p> <h2>v2.17.0</h2> <h2>What's Changed</h2> <h3>Policy Store Support</h3> <p>Added <code>use-policy-store</code> and <code>api-key</code> inputs to fetch security policies directly from the <a href="https://docs.stepsecurity.io/harden-runner/policy-store">StepSecurity Policy Store</a>. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing <code>policy</code> input which requires <code>id-token: write</code> permission. If no policy is found in the store, the action defaults to audit mode.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0">https://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0</a></p> <h2>v2.16.1</h2> <h2>What's Changed</h2> <p>Enterprise tier: Added support for direct IP addresses in the allow list Community tier: Migrated Harden Runner telemetry to a new endpoint</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.16.0...v2.16.1">https://github.com/step-security/harden-runner/compare/v2.16.0...v2.16.1</a></p> <h2>v2.16.0</h2> <h2>What's Changed</h2> <ul> <li>Updated action.yml to use node24</li> <li>Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS queries through a permitted resolver, allowing data exfiltration even with a restrictive allowed-endpoints list. This issue only affects the Community Tier; the Enterprise Tier is not affected. See <a href="https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698">GHSA-46g3-37rh-v698</a> for details.</li> <li>Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS queries over TCP to external resolvers, allowing outbound network communication that evades configured network restrictions. This issue only affects the Community Tier; the Enterprise Tier is not affected. See <a href="https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g">GHSA-g699-3x6g-wm3g</a> for details.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0">https://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
ca1e61d20e
|
chore(workflows): add actionlint and zizmor action linters [SECINT-75] (#61)
Signed-off-by: Steve Beattie <steve.beattie@chainguard.dev> |
||
|
|
0d6447e685
|
Bump step-security/harden-runner from 2.13.3 to 2.15.1 (#60)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.13.3 to 2.15.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.15.1</h2> <h2>What's Changed</h2> <ul> <li>Fixes <a href="https://redirect.github.com/step-security/harden-runner/issues/642">step-security/harden-runner#642</a> bug due to which post step was failing on Windows ARM runners</li> <li>Updates npm packages</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1">https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1</a></p> <h2>v2.15.0</h2> <h2>What's Changed</h2> <h3>Windows and macOS runner support</h3> <p>We are excited to announce that Harden Runner now supports <strong>Windows and macOS runners</strong>, extending runtime security beyond Linux for the first time.</p> <p>Insights for Windows and macOS runners will be displayed in the same consistent format you are already familiar with from Linux runners, giving you a unified view of runtime activity across all platforms.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0">https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0</a></p> <h2>v2.14.2</h2> <h2>What's Changed</h2> <p>Security fix: Fixed a medium severity vulnerability where outbound network connections using sendto, sendmsg, and sendmmsg socket system calls could bypass audit logging when using egress-policy: audit. This issue only affects the Community Tier in audit mode; block mode and Enterprise Tier were not affected. See <a href="https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq">GHSA-cpmj-h4f6-r6pq</a> for details.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2">https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2</a></p> <h2>v2.14.1</h2> <h2>What's Changed</h2> <ol> <li> <p>In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.</p> </li> <li> <p>Fixed npm audit vulnerabilities</p> </li> </ol> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1">https://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1</a></p> <h2>v2.14.0</h2> <h2>What's Changed</h2> <ul> <li>Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.</li> <li>Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0">https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
6353cd32b4
|
Bump actions/setup-go from 5.5.0 to 6.1.0 (#49)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.5.0 to 6.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancements</h3> <ul> <li>Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by <a href="https://github.com/nicholasngai"><code>@nicholasngai</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li> <li>Add support for .tool-versions file and update workflow by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li> <li>Add comprehensive breaking changes documentation for v6 by <a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li> </ul> <h3>Dependency updates</h3> <ul> <li>Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/617">actions/setup-go#617</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/641">actions/setup-go#641</a></li> <li>Upgrade semver and <code>@types/semver</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/652">actions/setup-go#652</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/nicholasngai"><code>@nicholasngai</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li> <li><a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li> <li><a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.1.0">https://github.com/actions/setup-go/compare/v6...v6.1.0</a></p> <h2>v6.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by <a href="https://github.com/matthewhughes934"><code>@matthewhughes934</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/460">actions/setup-go#460</a></li> <li>Upgrade Nodejs runtime from node20 to node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/624">actions/setup-go#624</a></li> </ul> <p>Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">See Release Notes</a></p> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade <code>@types/jest</code> from 29.5.12 to 29.5.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-go/pull/589">actions/setup-go#589</a></li> <li>Upgrade <code>@actions/tool-cache</code> from 2.0.1 to 2.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-go/pull/591">actions/setup-go#591</a></li> <li>Upgrade <code>@typescript-eslint/parser</code> from 8.31.1 to 8.35.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-go/pull/590">actions/setup-go#590</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-go/pull/594">actions/setup-go#594</a></li> <li>Upgrade typescript from 5.4.2 to 5.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-go/pull/538">actions/setup-go#538</a></li> <li>Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-go/pull/603">actions/setup-go#603</a></li> <li>Upgrade <code>form-data</code> to bring in fix for critical vulnerability by <a href="https://github.com/matthewhughes934"><code>@matthewhughes934</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/618">actions/setup-go#618</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-go/pull/631">actions/setup-go#631</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/matthewhughes934"><code>@matthewhughes934</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/618">actions/setup-go#618</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/624">actions/setup-go#624</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v5...v6.0.0">https://github.com/actions/setup-go/compare/v5...v6.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
f6946fdf0d
|
Bump step-security/harden-runner from 2.12.0 to 2.13.3 (#50)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.0 to 2.13.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.13.3</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where process events were not uploaded in certain edge cases.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3">https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3</a></p> <h2>v2.13.2</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.</li> <li>Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2">https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2</a></p> <h2>v2.13.1</h2> <h2>What's Changed</h2> <ul> <li> <p>Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.</p> </li> <li> <p>Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.</p> </li> <li> <p>Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.</p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1">https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1</a></p> <h2>v2.13.0</h2> <h2>What's Changed</h2> <ul> <li>Improved job markdown summary</li> <li>Https monitoring for all domains (included with the enterprise tier)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.13.0">https://github.com/step-security/harden-runner/compare/v2...v2.13.0</a></p> <h2>v2.12.2</h2> <h2>What's Changed</h2> <p>Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:</p> <ul> <li>Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode</li> <li>Increased policy map size for block mode</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.12.2">https://github.com/step-security/harden-runner/compare/v2...v2.12.2</a></p> <h2>v2.12.1</h2> <h2>What's Changed</h2> <ul> <li>Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.</li> <li>Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.12.1">https://github.com/step-security/harden-runner/compare/v2...v2.12.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
5ca5d64e63
|
Bump actions/checkout from 4.2.2 to 6.0.1 (#51)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update all references from v5 and v4 to v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> <li>Clarify v6 README by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
3bef2b2727
|
gcp: Refactor to pass in custom writer (#52)
This enables the ability to output to custom writers (e.g. TeeWriters) if necessary. |
||
|
|
5a063eb822
|
slogtest: demonstrate use of t.Context() (#41)
Go 1.24 added [`t.Context()`](https://pkg.go.dev/testing#T.Context), which is presumably more idiomatic to use with clog than our own slogtest package. This PR adds a comment mentioning `t.Context` and demonstrates how to get `t.Context` to have the same behavior as `slogtest.Context(t)`. Without the `slog.SetDefault` the behavior is different: ``` go test -trimpath ./slogtest -run=SlogTest -v === RUN TestSlogTest slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:13 msg="hello world" foo=bar slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:14 msg="me again" bar=baz slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:15 msg="okay last one" baz=true slogtest.go:36: level=DEBUG source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:17 msg="hello debug" slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:18 msg="hello info" slogtest.go:36: level=WARN source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:19 msg="hello warn" slogtest.go:36: level=ERROR source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:20 msg="hello error" slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/another_test.go:9 msg="hello from fn" foo=bar --- PASS: TestSlogTest (0.00s) === RUN TestSlogTestTContext 2025/07/08 12:29:28 INFO hello world foo=bar 2025/07/08 12:29:28 INFO me again bar=baz 2025/07/08 12:29:28 INFO okay last one baz=true 2025/07/08 12:29:28 INFO hello info 2025/07/08 12:29:28 WARN hello warn 2025/07/08 12:29:28 ERROR hello error 2025/07/08 12:29:28 INFO hello from fn foo=bar --- PASS: TestSlogTestTContext (0.00s) PASS ok github.com/chainguard-dev/clog/slogtest 0.211s ``` (debug logs are dropped, no file paths or line numbers, timestamps are added) I don't know whether we should officially deprecate `slogtest` in favor of `clog.FromContext(t.Context())`, but at least this documents an off-ramp. Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
f9cf331fa9
|
Bump actions/setup-go from 5.3.0 to 5.5.0 (#37)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.3.0 to 5.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v5.5.0</h2> <h2>What's Changed</h2> <h3>Bug fixes:</h3> <ul> <li>Update self-hosted environment validation by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/556">actions/setup-go#556</a></li> <li>Add manifest validation and improve error handling by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/586">actions/setup-go#586</a></li> <li>Update template link by <a href="https://github.com/jsoref"><code>@jsoref</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/527">actions/setup-go#527</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@action/cache</code> from 4.0.2 to 4.0.3 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/574">actions/setup-go#574</a></li> <li>Upgrade <code>@actions/glob</code> from 0.4.0 to 0.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/573">actions/setup-go#573</a></li> <li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/582">actions/setup-go#582</a></li> <li>Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/537">actions/setup-go#537</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jsoref"><code>@jsoref</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/527">actions/setup-go#527</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v5...v5.5.0">https://github.com/actions/setup-go/compare/v5...v5.5.0</a></p> <h2>v5.4.0</h2> <h2>What's Changed</h2> <h3>Dependency updates :</h3> <ul> <li>Upgrade semver from 7.6.0 to 7.6.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/535">actions/setup-go#535</a></li> <li>Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/536">actions/setup-go#536</a></li> <li>Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.2 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/568">actions/setup-go#568</a></li> <li>Upgrade undici from 5.28.4 to 5.28.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/541">actions/setup-go#541</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/568">actions/setup-go#568</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v5...v5.4.0">https://github.com/actions/setup-go/compare/v5...v5.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
e53dba9a34
|
[StepSecurity] Apply security best practices (#39)
This PR implements [go/ssdlc-2](https://go/ssdlc-2). Please raise issues to ProdSec's on-call rotation. Ref: https://github.com/chainguard-dev/prodsec/issues/138 ## Summary This pull request has been generated by [StepSecurity](https://app.stepsecurity.io/github/chainguard-dev/actions/dashboard) as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements. At a high level, this PR: - Adds the `harden-runner` Action if not already present - Pins Actions to a digest rather than mutable tags - Restricts GitHub token permissions to be as minimal as possible ## Security Fixes ### Harden Runner Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow) ### Least Privileged GitHub Actions Token Permissions The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo) or contact us via [our website](https://www.stepsecurity.io/). Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> |
||
|
|
517105f6ef
|
gcp: Surface trace propagation functions on context (#40)
Users of clog have to be able to reliably put trace information into the context to make the logger pick it up correctly. The current implementation uses a string, which is prone to collisions. This surfaces context manipulation functions instead that operate on a private type and allow for easier integration. |
||
|
|
b5e6d19489
|
docs: fix doc comments for clog.Logger (#36)
This updates doc comments and parameter names for the Logger type to be friendlier to docs-aware editors, specifically by: - Fixing when method name in doc comment didn't match the method name - Using "msg" instead of "format" to align with the stdlib for when log messages aren't formats - Updating to explain how the variadic `args` params are used Signed-off-by: Dan Luhring <dluhring@chainguard.dev> |
||
|
|
fa6bbc4954
|
Fix duplicate log keys from context. (#34)
Because we were using attr.With, we were setting the logger attributes, and then appending the log context attributes again later for any contextf functions. This changes the behavior to use the context for any log.Info functions. |
||
|
|
cedc4c3467
|
Bump actions/setup-go from 5.2.0 to 5.3.0 (#32)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.2.0 to 5.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v5.3.0</h2> <h2>What's Changed</h2> <ul> <li>Use the new cache service: upgrade <code>@actions/cache</code> to <code>^4.0.0</code> by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/setup-go/pull/531">actions/setup-go#531</a></li> <li>Configure Dependabot settings by <a href="https://github.com/HarithaVattikuti"><code>@HarithaVattikuti</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/530">actions/setup-go#530</a></li> <li>Document update - permission section by <a href="https://github.com/HarithaVattikuti"><code>@HarithaVattikuti</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/533">actions/setup-go#533</a></li> <li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/534">actions/setup-go#534</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Link"><code>@Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/531">actions/setup-go#531</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v5...v5.3.0">https://github.com/actions/setup-go/compare/v5...v5.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
479d6297ce
|
default client: Use inner handler for log level enabled check. (#33) | ||
|
|
7b8abfef8a
|
Wrap context-aware handlers + values around loggers by default. (#31)
Previously, we didn't allowed you to provide any handler you wanted, which didn't quite meet expectations for using clog. This changes the behavior to always wrap the logger with a context handler. Additionally, when a new logger is created any values present in the context are added to the logger, which should allow the values to be preserved even if the default slog funcs are used. |
||
|
|
71baa290ad
|
gcp: avoid type assertion panic (#29)
Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
67ba3d0193
|
Bump actions/setup-go from 5.1.0 to 5.2.0 (#30)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.1.0 to 5.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v5.2.0</h2> <h2>What's Changed</h2> <ul> <li>Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by <a href="https://github.com/Shegox"><code>@Shegox</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/496">actions/setup-go#496</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Shegox"><code>@Shegox</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/496">actions/setup-go#496</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v5...v5.2.0">https://github.com/actions/setup-go/compare/v5...v5.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
e97f0ca65a
|
Bump actions/checkout from 4.1.7 to 4.2.2 (#27)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <h2>v4.2.0</h2> <h2>What's Changed</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependabot updates in <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a> & <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yasonk"><code>@yasonk</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1869">actions/checkout#1869</a></li> <li><a href="https://github.com/lucacome"><code>@lucacome</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.1.7...v4.2.0">https://github.com/actions/checkout/compare/v4.1.7...v4.2.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <ul> <li>Check git version before attempting to disable <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li> <li>Add SSH user parameter by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li> <li>Update <code>actions/checkout</code> version in <code>update-main-version.yml</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li> </ul> <h2>v4.1.2</h2> <ul> <li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code> option is not present <a href="https://github.com/dscho"><code>@dscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li> </ul> <h2>v4.1.1</h2> <ul> <li>Correct link to GitHub Docs by <a href="https://github.com/peterbe"><code>@peterbe</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li> <li>Link to release page from what's new section by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li> </ul> <h2>v4.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add support for partial checkout filters</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
8827246f05
|
Bump actions/setup-go from 5.0.2 to 5.1.0 (#28)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.2 to 5.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v5.1.0</h2> <h2>What's Changed</h2> <ul> <li>Add workflow file for publishing releases to immutable action package by <a href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/500">actions/setup-go#500</a></li> <li>Upgrade IA Publish by <a href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/502">actions/setup-go#502</a></li> <li>Add architecture to cache key by <a href="https://github.com/Zxilly"><code>@Zxilly</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/493">actions/setup-go#493</a> This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.</li> <li>Enhance workflows and Upgrade micromatch Dependency by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/510">actions/setup-go#510</a></li> </ul> <p><strong>Bug Fixes</strong></p> <ul> <li>Revise <code>isGhes</code> logic by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/511">actions/setup-go#511</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Zxilly"><code>@Zxilly</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/493">actions/setup-go#493</a></li> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/500">actions/setup-go#500</a></li> <li><a href="https://github.com/jww3"><code>@jww3</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/511">actions/setup-go#511</a></li> <li><a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/510">actions/setup-go#510</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v5...v5.1.0">https://github.com/actions/setup-go/compare/v5...v5.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
4c523ae459
|
slag: support cobra's pflag interface (#24)
Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
d36bc967c6
|
slogtest: include debug logs by default (#23)
https://github.com/chainguard-dev/clog/pull/13#discussion_r1711599434 Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
56a6d5a0ad
|
improve slogtest (#13)
Without the slogtest change, with the newly added test:
```
go test ./slogtest/ -v
=== RUN TestSlogTest
slogtest.go:20: time=2024-02-12T16:50:56.437-05:00 level=INFO msg="hello world" foo=bar
--- PASS: TestSlogTest (0.00s)
PASS
ok github.com/chainguard-dev/clog/slogtest 0.116s
```
With this change:
```
go test ./slogtest -v
=== RUN TestSlogTest
slogtest.go:31: level=INFO source=/Users/jason/git/clog/slogtest/slogtest_test.go:13 msg="hello world" foo=bar
slogtest.go:31: level=INFO source=/Users/jason/git/clog/slogtest/slogtest_test.go:14 msg="me again" bar=baz
slogtest.go:31: level=INFO source=/Users/jason/git/clog/slogtest/slogtest_test.go:15 msg="okay last one" baz=true
```
---------
Signed-off-by: Jason Hall <jason@chainguard.dev>
|
||
|
|
f6c22babbb
|
document the slag package (#22)
Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
b42aea849e
|
Bump actions/setup-go from 5.0.1 to 5.0.2 (#20)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v5.0.2</h2> <h2>What's Changed</h2> <h3>Bug fixes:</h3> <ul> <li>Fix versions check failure by <a href="https://github.com/HarithaVattikuti"><code>@HarithaVattikuti</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/479">actions/setup-go#479</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/487">actions/setup-go#487</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/HarithaVattikuti"><code>@HarithaVattikuti</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/479">actions/setup-go#479</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v5...v5.0.2">https://github.com/actions/setup-go/compare/v5...v5.0.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
c3adc02883
|
configure log level with env var (#21)
Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
d26a705a05
|
Bump actions/checkout from 3 to 4 (#19)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update default runtime to node20 by <a href="https://github.com/takost"><code>@takost</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1436">actions/checkout#1436</a></li> <li>Support fetching without the --progress option by <a href="https://github.com/simonbaird"><code>@simonbaird</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1067">actions/checkout#1067</a></li> <li>Release 4.0.0 by <a href="https://github.com/takost"><code>@takost</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1447">actions/checkout#1447</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/takost"><code>@takost</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1436">actions/checkout#1436</a></li> <li><a href="https://github.com/simonbaird"><code>@simonbaird</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1067">actions/checkout#1067</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v4.0.0">https://github.com/actions/checkout/compare/v3...v4.0.0</a></p> <h2>v3.6.0</h2> <h2>What's Changed</h2> <ul> <li>Mark test scripts with Bash'isms to be run via Bash by <a href="https://github.com/dscho"><code>@dscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1377">actions/checkout#1377</a></li> <li>Add option to fetch tags even if fetch-depth > 0 by <a href="https://github.com/RobertWieczoreck"><code>@RobertWieczoreck</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li> <li>Release 3.6.0 by <a href="https://github.com/luketomlinson"><code>@luketomlinson</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/RobertWieczoreck"><code>@RobertWieczoreck</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li> <li><a href="https://github.com/luketomlinson"><code>@luketomlinson</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.3...v3.6.0">https://github.com/actions/checkout/compare/v3.5.3...v3.6.0</a></p> <h2>v3.5.3</h2> <h2>What's Changed</h2> <ul> <li>Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by <a href="https://github.com/megamanics"><code>@megamanics</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li> <li>Fix typos found by codespell by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li> <li>Add support for sparse checkouts by <a href="https://github.com/dscho"><code>@dscho</code></a> and <a href="https://github.com/dfdez"><code>@dfdez</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1369">actions/checkout#1369</a></li> <li>Release v3.5.3 by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1376">actions/checkout#1376</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/megamanics"><code>@megamanics</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li> <li><a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li> <li><a href="https://github.com/dfdez"><code>@dfdez</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1369">actions/checkout#1369</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v3.5.3">https://github.com/actions/checkout/compare/v3...v3.5.3</a></p> <h2>v3.5.2</h2> <h2>What's Changed</h2> <ul> <li>Fix: Use correct API url / endpoint in GHES by <a href="https://github.com/fhammerl"><code>@fhammerl</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1289">actions/checkout#1289</a> based on <a href="https://redirect.github.com/actions/checkout/issues/1286">#1286</a> by <a href="https://github.com/1newsr"><code>@1newsr</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.1...v3.5.2">https://github.com/actions/checkout/compare/v3.5.1...v3.5.2</a></p> <h2>v3.5.1</h2> <h2>What's Changed</h2> <ul> <li>Improve checkout performance on Windows runners by upgrading <code>@actions/github</code> dependency by <a href="https://github.com/BrettDong"><code>@BrettDong</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/BrettDong"><code>@BrettDong</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
1a2666f783
|
setup dependabot for clog (#18)
Signed-off-by: Kenny Leung <kleung@chainguard.dev> |
||
|
|
40901e8d69
|
slogtest: Allow passing in logging config options. (#12)
- Enables debug logging by default. - Adds `TestLoggerWithOptions` to allow overriding default config. - Adds `Context` as a shorthand for TestContextWithLogger (e.g. `slogtest.TestContextWithLogger(t)` -> `slogtest.Context(t)`) |
||
|
|
6962f14d44
|
Use traceparent instead of X-Cloud-Trace-Context (#16)
According to https://cloud.google.com/trace/docs/trace-context#http-requests, `X-Cloud-Trace-Context` is a legacy header that precedes the W3C standard `traceparent` header. Google Cloud services that support trace context propagation typically support both the `traceparent` and the legacy `X-Cloud-Trace-Context` header. Switching to use this so that we don't have to use the legacy header `X-Cloud-Trace-Context` when restoring trace context header for pubsub eventing, but only using `traceparent` every where. |
||
|
|
f300b26592
|
Preserve context in With() calls (#17)
Currently `With()` will reset context back to `context.Background()`, causing the `wrap/wrapf` calls to lose the original context. This affects the `clog/gcp` handler who relies on a value keyed with `"trace"` being set on the context ([see](https://github.com/chainguard-dev/clog/blob/main/gcp/trace.go#L110-L116)) (we should use a typed value though, but that's in a different PR). --------- Signed-off-by: Nghia Tran <tcnghia@gmail.com> |
||
|
|
cb3093988f
|
gcp/trace: limit project ID lookups, add tests (#14)
If `WithCloudTraceContext` is called from tests where GCE metadata isn't
available, it hangs indefinitely, which is not a great experience.
Some improvements in this PR:
- project ID lookup will only be performed once, instead of each time
`WithCloudTraceContext` is called
- if we detect we're being called in tests, the project ID won't be
looked up and we won't log with trace context
- add a standard short timeout to metadata requests, consistent with the
official client
Also add a test that shows that the `trace` context value is set when
the project ID env var is set; because this logging must go to stderr,
we can't easily test what actually gets logged, but we can show it
working in the verbose output:
```
go test ./gcp -v -count=1
=== RUN TestTrace
=== RUN TestTrace/no_env_set
{"time":"2024-02-12T20:22:14.059143-05:00","severity":"DEBUG","logging.googleapis.com/sourceLocation":{"function":"github.com/chainguard-dev/clog/gcp.insideTest","file":"/Users/jason/git/clog/gcp/trace.go","line":33},"message":"WithCloudTraceContext: inside test","function":"testing.tRunner","file":"/opt/homebrew/Cellar/go/1.21.5/libexec/src/testing/testing.go","line":1595}
{"time":"2024-02-12T20:22:14.059343-05:00","severity":"DEBUG","logging.googleapis.com/sourceLocation":{"function":"github.com/chainguard-dev/clog/gcp.WithCloudTraceContext.func1","file":"/Users/jason/git/clog/gcp/trace.go","line":56},"message":"WithCloudTraceContext: inside test, not looking up project ID"}
{"time":"2024-02-12T20:22:14.060156-05:00","severity":"INFO","logging.googleapis.com/sourceLocation":{"function":"github.com/chainguard-dev/clog/gcp.TestTrace.func2.1","file":"/Users/jason/git/clog/gcp/trace_test.go","line":37},"message":"hello world"}
=== RUN TestTrace/env_set
{"time":"2024-02-12T20:22:14.060678-05:00","severity":"INFO","logging.googleapis.com/sourceLocation":{"function":"github.com/chainguard-dev/clog/gcp.TestTrace.func2.1","file":"/Users/jason/git/clog/gcp/trace_test.go","line":37},"message":"hello world","logging.googleapis.com/trace":"projects/my-project/traces/trace"}
--- PASS: TestTrace (0.00s)
--- PASS: TestTrace/no_env_set (0.00s)
--- PASS: TestTrace/env_set (0.00s)
PASS
ok github.com/chainguard-dev/clog/gcp 0.166s
```
The test also attempts to check that GCE metadata isn't requested.
Through this work I've found that `clog.FromContext(ctx).Info("hello")`
doesn't carry the `trace` context value, possibly related to
https://github.com/chainguard-dev/clog/pull/11
Signed-off-by: Jason Hall <jason@chainguard.dev>
|
||
|
|
f4145d29d4
|
Preserve context in logger when calling FromContext. (#11)
Modification of #5 Allows for passing through the logger while still using default Info methods. InfoContext remains to override the context with another value. This changes the stored context value to store the underlying slog.Logger instead of the wrapped logger so we're not storing a context within a context. |
||
|
|
4d1a9405b3
|
add Fatal{Context}{f} (#8)
This adds `clog.Fatal{Context}{f}`, and
`clog.FromContext(ctx).Fatal{Context}{f}`
`Fatal` logs at `LevelError` then calls `os.Exit(1)`, like stdlib
`log.Fatal`:
https://cs.opensource.google/go/go/+/refs/tags/go1.21.6:src/log/log.go;l=413
---------
Signed-off-by: Jason Hall <jason@chainguard.dev>
Co-authored-by: Billy Lynch <1844673+wlynch@users.noreply.github.com>
|
||
|
|
83244dc767
|
add a flag option (#10)
I don't like any of the names here, and we might want it to be in a separate subpackage. This lets you say `--log-level=DEBUG` to set the level. The default is still INFO. --------- Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
d34ebd4160
|
add GCP optimized slog package (#9)
Opening this to gather feedback. This moves https://github.com/imjasonh/gcpslog into this repo, including https://github.com/imjasonh/gcpslog/pull/2 --------- Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
fec25b637d
|
Update README.md (#7)
Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
04bee692f7
|
rename to clog (#6)
* rename to clog Signed-off-by: Jason Hall <jason@chainguard.dev> * fix example in README Signed-off-by: Jason Hall <jason@chainguard.dev> --------- Signed-off-by: Jason Hall <jason@chainguard.dev> |
||
|
|
c071a43a42
|
Fix handler example to actually use the handler. (#4) | ||
|
|
988f6253cd
|
Add source.yaml (#3) | ||
|
|
7a6e5ac694
|
update to chainguard-dev (#2) | ||
|
|
9bf46567a6
|
Create go.yml | ||
|
|
0d562667b2
|
Update godoc | ||
|
|
3f156fd3a4
|
Add missing slog.Logger functions.
- WithGroup - Handler |
||
|
|
765cf08124
|
Add slogtest helpers. | ||
|
|
8aac927af2
|
Add godoc badge | ||
|
|
5565dbc976
|
Add context logger.
This is heavily inspired by https://pkg.go.dev/knative.dev/pkg/logging Also adds top level logging methods for convinience. |