1
0
Fork 0
mirror of https://github.com/chainguard-dev/clog synced 2026-07-06 22:12:46 +00:00
Commit graph

54 commits

Author SHA1 Message Date
Zack Crosley
01a02443da
fix: convert WARN string for cloud batch (#76)
### What

Convert WARN string to WARNING for compatibility with Cloud Batch

### Why

We have a service running in Cloud Batch which alerts on any warning
log. Digging into this, it appears Cloud Batch does not convert WARN ->
WARNING and thus interprets the unidentifiable log level as error.

Looking at logs for this service, the `jsonPayload.severity` is removed
for all log levels except for WARN, which ends up interpreted as an
ERROR level:
```
for level in DEBUG INFO WARN WARNING ERROR CRITICAL; do
  count=$(gcloud logging read "resource.type=\"batch.googleapis.com/Job\" labels.component=\"...\" jsonPayload.severity=\"${level}\"" \
    --project=... --limit=1 \
    --format="value(severity)" 2>/dev/null)
  echo "${level} -> ${count:-<no results>}"
done
DEBUG -> <no results>
INFO -> <no results>
WARN -> ERROR
WARNING -> <no results>
ERROR -> <no results>
CRITICAL -> <no results>
```

Signed-off-by: Zackary Crosley <zackary.crosley@chainguard.dev>
2026-06-25 14:02:33 -05:00
Steve Beattie
e522bdd603
fix(ci): add persist-credentials: false and zizmor pedantic config (#69)
## Summary

This patch series addresses GitHub Actions security findings in
`chainguard-dev/clog`
as part of the PSEC-923 hardening campaign.

## Patches

### 0001 — `fix(ci): add persist-credentials: false to checkout steps`

Adds `persist-credentials: false` to the `actions/checkout` step in:

- `.github/workflows/go.yml` — build/test job; no downstream git write
operations

The `zizmor.yaml` and `actionlint.yaml` workflows already had
`persist-credentials: false`
on their checkout steps. This patch completes coverage for the remaining
workflow.

Resolves: 1 `artipacked` finding (zizmor)

### 0002 — `fix(ci): add pedantic persona and suppress noisy zizmor
rules`

- Creates `.github/zizmor.yml` disabling three pedantic-only rules that
have no direct
security value (`anonymous-definition`, `concurrency-limits`) and
configuring
  `dependabot-cooldown` to use a 3-day threshold.
- Updates `.github/workflows/zizmor.yaml` to run zizmor with `persona:
pedantic` so
  that all template expansions in `run:` blocks are checked, not just
  attacker-controlled ones.
- Extends the `paths:` trigger in `zizmor.yaml` to include
`.github/zizmor.yml` and
`.github/dependabot.yml`, so that changes to those files trigger the
zizmor check.

Resolves: 3 `concurrency-limits` findings, 1 `anonymous-definition`
finding,
2 `dependabot-cooldown` findings (all suppressed via config)

## Testing

- Validate that the zizmor workflow runs on PRs touching
`.github/zizmor.yml` and
  `.github/dependabot.yml`.
- Confirm zizmor passes in pedantic mode with the new
`.github/zizmor.yml` suppression
  config in place.

Refs: PSEC-923
2026-05-05 09:23:50 -07:00
dependabot[bot]
a29ba6665f
Bump step-security/harden-runner from 2.18.0 to 2.19.0 (#67)
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.18.0 to 2.19.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.19.0</h2>
<h2>What's Changed</h2>
<h3>New Runner Support</h3>
<p>Harden-Runner now supports Depot, Blacksmith, Namespace, and
WarpBuild runners with the same egress monitoring, runtime monitoring,
and policy enforcement available on GitHub-hosted runners.</p>
<h3>Automated Incident Response for Supply Chain Attacks</h3>
<ul>
<li>Global block list: Outbound connections to known malicious domains
and IPs are now blocked even in audit mode.</li>
<li>System-defined detection rules: Harden-Runner will trigger lockdown
mode when a high risk event is detected during an active supply chain
attack (for example, a process reading the memory of the runner worker
process, a common technique for stealing GitHub Actions secrets).</li>
</ul>
<h3>Bug Fixes</h3>
<p>Windows and macOS: stability and reliability fixes</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0">https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8d3c67de8e"><code>8d3c67d</code></a>
Release v2.19.0 (<a
href="https://redirect.github.com/step-security/harden-runner/issues/661">#661</a>)</li>
<li>See full diff in <a
href="6c3c2f2c1c...8d3c67de8e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.18.0&new-version=2.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 20:31:47 -05:00
dependabot[bot]
f2e76c2e27
Bump step-security/harden-runner from 2.15.1 to 2.18.0 (#65)
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.15.1 to 2.18.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.18.0</h2>
<h2>What's Changed</h2>
<p>Global Block List: During supply chain incidents like the recent
axios and trivy compromises, StepSecurity will add known malicious
domains and IP addresses (IOCs) to a global block list. These will be
automatically blocked, even in audit mode, providing immediate
protection without requiring any workflow changes.</p>
<p>Deploy on Self-Hosted VM: Added <code>deploy-on-self-hosted-vm</code>
input that allows the Harden Runner agent to be installed directly on
ephemeral self-hosted Linux runner VMs at workflow runtime. This is
intended as an alternative when baking the agent into the VM image is
not possible.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0">https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0</a></p>
<h2>v2.17.0</h2>
<h2>What's Changed</h2>
<h3>Policy Store Support</h3>
<p>Added <code>use-policy-store</code> and <code>api-key</code> inputs
to fetch security policies directly from the <a
href="https://docs.stepsecurity.io/harden-runner/policy-store">StepSecurity
Policy Store</a>. Policies can be defined and attached at the workflow,
repo, org, or cluster (ARC) level, with the most granular policy taking
precedence. This is the preferred method over the existing
<code>policy</code> input which requires <code>id-token: write</code>
permission. If no policy is found in the store, the action defaults to
audit mode.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0">https://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0</a></p>
<h2>v2.16.1</h2>
<h2>What's Changed</h2>
<p>Enterprise tier: Added support for direct IP addresses in the allow
list
Community tier: Migrated Harden Runner telemetry to a new endpoint</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.16.0...v2.16.1">https://github.com/step-security/harden-runner/compare/v2.16.0...v2.16.1</a></p>
<h2>v2.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated action.yml to use node24</li>
<li>Security fix: Fixed a medium severity vulnerability where the egress
block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS
queries through a permitted resolver, allowing data exfiltration even
with a restrictive allowed-endpoints list. This issue only affects the
Community Tier; the Enterprise Tier is not affected. See <a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698">GHSA-46g3-37rh-v698</a>
for details.</li>
<li>Security fix: Fixed a medium severity vulnerability where the egress
block policy could be bypassed via DNS queries over TCP to external
resolvers, allowing outbound network communication that evades
configured network restrictions. This issue only affects the Community
Tier; the Enterprise Tier is not affected. See <a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g">GHSA-g699-3x6g-wm3g</a>
for details.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0">https://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6c3c2f2c1c"><code>6c3c2f2</code></a>
Feature/deploy on self hosted vm (<a
href="https://redirect.github.com/step-security/harden-runner/issues/658">#658</a>)</li>
<li><a
href="f808768d15"><code>f808768</code></a>
Feature/policy store (<a
href="https://redirect.github.com/step-security/harden-runner/issues/656">#656</a>)</li>
<li><a
href="fe10465874"><code>fe10465</code></a>
v2.16.1 (<a
href="https://redirect.github.com/step-security/harden-runner/issues/654">#654</a>)</li>
<li><a
href="fa2e9d605c"><code>fa2e9d6</code></a>
Release v2.16.0 (<a
href="https://redirect.github.com/step-security/harden-runner/issues/646">#646</a>)</li>
<li>See full diff in <a
href="https://github.com/step-security/harden-runner/compare/v2.15.1...6c3c2f2c1c457b00c10c4848d6f5491db3b629df">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.15.1&new-version=2.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 17:14:44 -07:00
Steve Beattie
ca1e61d20e
chore(workflows): add actionlint and zizmor action linters [SECINT-75] (#61)
Signed-off-by: Steve Beattie <steve.beattie@chainguard.dev>
2026-04-08 07:53:30 -05:00
dependabot[bot]
0d6447e685
Bump step-security/harden-runner from 2.13.3 to 2.15.1 (#60)
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.13.3 to 2.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.15.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fixes <a
href="https://redirect.github.com/step-security/harden-runner/issues/642">step-security/harden-runner#642</a>
bug due to which post step was failing on Windows ARM runners</li>
<li>Updates npm packages</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1">https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1</a></p>
<h2>v2.15.0</h2>
<h2>What's Changed</h2>
<h3>Windows and macOS runner support</h3>
<p>We are excited to announce that Harden Runner now supports
<strong>Windows and macOS runners</strong>, extending runtime security
beyond Linux for the first time.</p>
<p>Insights for Windows and macOS runners will be displayed in the same
consistent format you are already familiar with from Linux runners,
giving you a unified view of runtime activity across all platforms.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0">https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0</a></p>
<h2>v2.14.2</h2>
<h2>What's Changed</h2>
<p>Security fix: Fixed a medium severity vulnerability where outbound
network connections using sendto, sendmsg, and sendmmsg socket system
calls could bypass audit logging when using egress-policy: audit. This
issue only affects the Community Tier in audit mode; block mode and
Enterprise Tier were not affected. See <a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq">GHSA-cpmj-h4f6-r6pq</a>
for details.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2">https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2</a></p>
<h2>v2.14.1</h2>
<h2>What's Changed</h2>
<ol>
<li>
<p>In some self-hosted environments, the agent could briefly fall back
to public DNS resolvers during startup if the system DNS was not yet
available. This behavior was unintended for GitHub-hosted runners and
has now been fixed to prevent any use of public DNS resolvers.</p>
</li>
<li>
<p>Fixed npm audit vulnerabilities</p>
</li>
</ol>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1">https://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1</a></p>
<h2>v2.14.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Selective installation: Harden-Runner now skips installation on
GitHub-hosted runners when the repository has a custom property
skip_harden_runner, allowing organizations to opt out specific
repos.</li>
<li>Avoid double install: The action no longer installs Harden-Runner if
it’s already present on a GitHub-hosted runner, which could happen when
a composite action also installs it.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0">https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="58077d3c7e"><code>58077d3</code></a>
Release v2.15.1 (<a
href="https://redirect.github.com/step-security/harden-runner/issues/641">#641</a>)</li>
<li><a
href="a90bcbc653"><code>a90bcbc</code></a>
Update readme (<a
href="https://redirect.github.com/step-security/harden-runner/issues/637">#637</a>)</li>
<li><a
href="f0a59d8853"><code>f0a59d8</code></a>
Release v2.15.0 (<a
href="https://redirect.github.com/step-security/harden-runner/issues/639">#639</a>)</li>
<li><a
href="5ef0c079ce"><code>5ef0c07</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/635">#635</a>
from step-security/rc-34</li>
<li><a
href="eb43c7b3fd"><code>eb43c7b</code></a>
update agent</li>
<li><a
href="e3f713f2d8"><code>e3f713f</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/631">#631</a>
from step-security/rc-31</li>
<li><a
href="423acdda6f"><code>423acdd</code></a>
chore: fix npm audit vulnerabilities</li>
<li><a
href="0ddb86cf03"><code>0ddb86c</code></a>
update agent</li>
<li><a
href="20cf305ff2"><code>20cf305</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/622">#622</a>
from step-security/feature/custom-property-skip</li>
<li><a
href="c51e8eeb6c"><code>c51e8ee</code></a>
feat: skip agent install and post step on subsequent runs for
GitHub-hosted r...</li>
<li>Additional commits viewable in <a
href="df199fb7be...58077d3c7e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.13.3&new-version=2.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-07 22:41:02 -07:00
dependabot[bot]
6353cd32b4
Bump actions/setup-go from 5.5.0 to 6.1.0 (#49)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.5.0
to 6.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements</h3>
<ul>
<li>Fall back to downloading from go.dev/dl instead of
storage.googleapis.com/golang by <a
href="https://github.com/nicholasngai"><code>@​nicholasngai</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li>
<li>Add support for .tool-versions file and update workflow by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li>
<li>Add comprehensive breaking changes documentation for v6 by <a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li>
</ul>
<h3>Dependency updates</h3>
<ul>
<li>Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document
breaking changes in v6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/617">actions/setup-go#617</a></li>
<li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/641">actions/setup-go#641</a></li>
<li>Upgrade semver and <code>@​types/semver</code> by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/652">actions/setup-go#652</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/nicholasngai"><code>@​nicholasngai</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li>
<li><a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li>
<li><a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.1.0">https://github.com/actions/setup-go/compare/v6...v6.1.0</a></p>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<h3>Breaking Changes</h3>
<ul>
<li>Improve toolchain handling to ensure more reliable and consistent
toolchain selection and management by <a
href="https://github.com/matthewhughes934"><code>@​matthewhughes934</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/460">actions/setup-go#460</a></li>
<li>Upgrade Nodejs runtime from node20 to node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/624">actions/setup-go#624</a></li>
</ul>
<p>Make sure your runner is on version v2.327.1 or later to ensure
compatibility with this release. <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">See
Release Notes</a></p>
<h3>Dependency Upgrades</h3>
<ul>
<li>Upgrade <code>@​types/jest</code> from 29.5.12 to 29.5.14 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/589">actions/setup-go#589</a></li>
<li>Upgrade <code>@​actions/tool-cache</code> from 2.0.1 to 2.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/591">actions/setup-go#591</a></li>
<li>Upgrade <code>@​typescript-eslint/parser</code> from 8.31.1 to
8.35.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/590">actions/setup-go#590</a></li>
<li>Upgrade undici from 5.28.5 to 5.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/594">actions/setup-go#594</a></li>
<li>Upgrade typescript from 5.4.2 to 5.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/538">actions/setup-go#538</a></li>
<li>Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/603">actions/setup-go#603</a></li>
<li>Upgrade <code>form-data</code> to bring in fix for critical
vulnerability by <a
href="https://github.com/matthewhughes934"><code>@​matthewhughes934</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/618">actions/setup-go#618</a></li>
<li>Upgrade actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/631">actions/setup-go#631</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/matthewhughes934"><code>@​matthewhughes934</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/618">actions/setup-go#618</a></li>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/624">actions/setup-go#624</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v6.0.0">https://github.com/actions/setup-go/compare/v5...v6.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4dc6199c7b"><code>4dc6199</code></a>
Bump semver and <code>@​types/semver</code> (<a
href="https://redirect.github.com/actions/setup-go/issues/652">#652</a>)</li>
<li><a
href="f3787be646"><code>f3787be</code></a>
Add comprehensive breaking changes documentation for v6 (<a
href="https://redirect.github.com/actions/setup-go/issues/674">#674</a>)</li>
<li><a
href="3a0c2c8245"><code>3a0c2c8</code></a>
Bump actions/publish-action from 0.3.0 to 0.4.0 (<a
href="https://redirect.github.com/actions/setup-go/issues/641">#641</a>)</li>
<li><a
href="faf52423ec"><code>faf5242</code></a>
Add support for .tool-versions file in setup-go, update workflow (<a
href="https://redirect.github.com/actions/setup-go/issues/673">#673</a>)</li>
<li><a
href="7bc60db215"><code>7bc60db</code></a>
Fall back to downloading from go.dev/dl instead of
storage.googleapis.com/gol...</li>
<li><a
href="c0137caad7"><code>c0137ca</code></a>
Bump eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking
chang...</li>
<li><a
href="4469467582"><code>4469467</code></a>
Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/actions/setup-go/issues/631">#631</a>)</li>
<li><a
href="e093d1e9bb"><code>e093d1e</code></a>
Node 24 upgrade (<a
href="https://redirect.github.com/actions/setup-go/issues/624">#624</a>)</li>
<li><a
href="1d76b952eb"><code>1d76b95</code></a>
Improve toolchain handling (<a
href="https://redirect.github.com/actions/setup-go/issues/460">#460</a>)</li>
<li><a
href="e75c3e80bc"><code>e75c3e8</code></a>
Bump <code>form-data</code> to bring in fix for critical vulnerability
(<a
href="https://redirect.github.com/actions/setup-go/issues/618">#618</a>)</li>
<li>Additional commits viewable in <a
href="d35c59abb0...4dc6199c7b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5.5.0&new-version=6.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 14:58:12 -05:00
dependabot[bot]
f6946fdf0d
Bump step-security/harden-runner from 2.12.0 to 2.13.3 (#50)
Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.12.0 to 2.13.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.13.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Fixed an issue where process events were not uploaded in certain
edge cases.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3">https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3</a></p>
<h2>v2.13.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fixed an issue where there was a limit of 512 allowed endpoints when
using block egress policy. This restriction has been removed, allowing
for an unlimited number of endpoints to be configured.</li>
<li>Harden Runner now automatically detects if the agent is already
pre-installed on a custom VM image used by a GitHub-hosted runner. When
detected, the action will skip reinstallation and use the existing
agent.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2">https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2</a></p>
<h2>v2.13.1</h2>
<h2>What's Changed</h2>
<ul>
<li>
<p>Graceful handling of HTTP errors: Improved error handling when
fetching Harden Runner policies from the StepSecurity Policy Store API,
ensuring more reliable execution even in case of temporary network/API
issues.</p>
</li>
<li>
<p>Security updates for npm dependencies: Updated vulnerable npm package
dependencies to the latest secure versions.</p>
</li>
<li>
<p>Faster enterprise agent downloads: The enterprise agent is now
downloaded from GitHub Releases instead of packages.stepsecurity.io,
improving download speed and reliability.</p>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1">https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1</a></p>
<h2>v2.13.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Improved job markdown summary</li>
<li>Https monitoring for all domains (included with the enterprise
tier)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.13.0">https://github.com/step-security/harden-runner/compare/v2...v2.13.0</a></p>
<h2>v2.12.2</h2>
<h2>What's Changed</h2>
<p>Added HTTPS Monitoring for additional destinations -
*.githubusercontent.com
Bug fixes:</p>
<ul>
<li>Implicitly allow local multicast, local unicast and broadcast IP
addresses in block mode</li>
<li>Increased policy map size for block mode</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.12.2">https://github.com/step-security/harden-runner/compare/v2...v2.12.2</a></p>
<h2>v2.12.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Detection capabilities have been upgraded to better recognize
attempts at runner tampering. These improvements are informed by
real-world incident learnings, including analysis of anomalous behaviors
observed in the tj-actions and reviewdog supply chain attack.</li>
<li>Resolved an issue where the block policy was not enforced correctly
when the GitHub Actions job was running inside a container on a
self-hosted VM runner.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.12.1">https://github.com/step-security/harden-runner/compare/v2...v2.12.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="df199fb7be"><code>df199fb</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/620">#620</a>
from step-security/rc-29</li>
<li><a
href="03d096a772"><code>03d096a</code></a>
update agent</li>
<li><a
href="40901073af"><code>4090107</code></a>
fix: update agent</li>
<li><a
href="95d9a5deda"><code>95d9a5d</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/606">#606</a>
from step-security/rc-28</li>
<li><a
href="87e429d3fb"><code>87e429d</code></a>
Update limitations.md</li>
<li><a
href="ef891c3a30"><code>ef891c3</code></a>
feat: add support for custom vm image</li>
<li><a
href="1fa8c8a8b1"><code>1fa8c8a</code></a>
update agent</li>
<li><a
href="92c522aaa6"><code>92c522a</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/593">#593</a>
from step-security/ak-readme-updates</li>
<li><a
href="4719ad5578"><code>4719ad5</code></a>
README updates</li>
<li><a
href="4fde639ab4"><code>4fde639</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/591">#591</a>
from eromosele-stepsecurity/Upd</li>
<li>Additional commits viewable in <a
href="0634a2670c...df199fb7be">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.12.0&new-version=2.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 14:53:18 -05:00
dependabot[bot]
5ca5d64e63
Bump actions/checkout from 4.2.2 to 6.0.1 (#51)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2
to 6.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update all references from v5 and v4 to v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
<li>Clarify v6 README by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker
container action</a> scenarios.</p>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p>
<h2>v4.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>v5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>v5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>v4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>v4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8e8c483db8"><code>8e8c483</code></a>
Clarify v6 README (<a
href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li>
<li><a
href="033fa0dc0b"><code>033fa0d</code></a>
Add worktree support for persist-credentials includeIf (<a
href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li>
<li><a
href="c2d88d3ecc"><code>c2d88d3</code></a>
Update all references from v5 and v4 to v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li>
<li><a
href="1af3b93b68"><code>1af3b93</code></a>
update readme/changelog for v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li>
<li><a
href="71cf2267d8"><code>71cf226</code></a>
v6-beta (<a
href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li>
<li><a
href="069c695914"><code>069c695</code></a>
Persist creds to a separate file (<a
href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li>
<li><a
href="ff7abcd0c3"><code>ff7abcd</code></a>
Update README to include Node.js 24 support details and requirements (<a
href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li>
<li><a
href="08c6903cd8"><code>08c6903</code></a>
Prepare v5.0.0 release (<a
href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li>
<li><a
href="9f265659d3"><code>9f26565</code></a>
Update actions checkout to use node 24 (<a
href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li>
<li><a
href="08eba0b27e"><code>08eba0b</code></a>
Prepare release v4.3.0 (<a
href="https://redirect.github.com/actions/checkout/issues/2237">#2237</a>)</li>
<li>Additional commits viewable in <a
href="11bd71901b...8e8c483db8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4.2.2&new-version=6.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 14:53:01 -05:00
Billy Lynch
3bef2b2727
gcp: Refactor to pass in custom writer (#52)
This enables the ability to output to custom writers (e.g. TeeWriters)
if necessary.
2025-12-10 14:52:38 -05:00
Jason Hall
5a063eb822
slogtest: demonstrate use of t.Context() (#41)
Go 1.24 added [`t.Context()`](https://pkg.go.dev/testing#T.Context),
which is presumably more idiomatic to use with clog than our own
slogtest package.

This PR adds a comment mentioning `t.Context` and demonstrates how to
get `t.Context` to have the same behavior as `slogtest.Context(t)`.

Without the `slog.SetDefault` the behavior is different:

```
go test -trimpath ./slogtest -run=SlogTest -v             
=== RUN   TestSlogTest
    slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:13 msg="hello world" foo=bar
    slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:14 msg="me again" bar=baz
    slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:15 msg="okay last one" baz=true
    slogtest.go:36: level=DEBUG source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:17 msg="hello debug"
    slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:18 msg="hello info"
    slogtest.go:36: level=WARN source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:19 msg="hello warn"
    slogtest.go:36: level=ERROR source=github.com/chainguard-dev/clog/slogtest/slogtest_test.go:20 msg="hello error"
    slogtest.go:36: level=INFO source=github.com/chainguard-dev/clog/slogtest/another_test.go:9 msg="hello from fn" foo=bar
--- PASS: TestSlogTest (0.00s)
=== RUN   TestSlogTestTContext
2025/07/08 12:29:28 INFO hello world foo=bar
2025/07/08 12:29:28 INFO me again bar=baz
2025/07/08 12:29:28 INFO okay last one baz=true
2025/07/08 12:29:28 INFO hello info
2025/07/08 12:29:28 WARN hello warn
2025/07/08 12:29:28 ERROR hello error
2025/07/08 12:29:28 INFO hello from fn foo=bar
--- PASS: TestSlogTestTContext (0.00s)
PASS
ok      github.com/chainguard-dev/clog/slogtest 0.211s
```

(debug logs are dropped, no file paths or line numbers, timestamps are
added)

I don't know whether we should officially deprecate `slogtest` in favor
of `clog.FromContext(t.Context())`, but at least this documents an
off-ramp.

Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-08-30 21:11:13 -04:00
dependabot[bot]
f9cf331fa9
Bump actions/setup-go from 5.3.0 to 5.5.0 (#37)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.3.0
to 5.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v5.5.0</h2>
<h2>What's Changed</h2>
<h3>Bug fixes:</h3>
<ul>
<li>Update self-hosted environment validation by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/556">actions/setup-go#556</a></li>
<li>Add manifest validation and improve error handling by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/586">actions/setup-go#586</a></li>
<li>Update template link by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/527">actions/setup-go#527</a></li>
</ul>
<h3>Dependency  updates:</h3>
<ul>
<li>Upgrade <code>@​action/cache</code> from 4.0.2 to 4.0.3 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/574">actions/setup-go#574</a></li>
<li>Upgrade <code>@​actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/573">actions/setup-go#573</a></li>
<li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/582">actions/setup-go#582</a></li>
<li>Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/537">actions/setup-go#537</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/527">actions/setup-go#527</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v5.5.0">https://github.com/actions/setup-go/compare/v5...v5.5.0</a></p>
<h2>v5.4.0</h2>
<h2>What's Changed</h2>
<h3>Dependency updates :</h3>
<ul>
<li>Upgrade semver from 7.6.0 to 7.6.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/535">actions/setup-go#535</a></li>
<li>Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/536">actions/setup-go#536</a></li>
<li>Upgrade <code>@​action/cache</code> from 4.0.0 to 4.0.2 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/568">actions/setup-go#568</a></li>
<li>Upgrade undici from 5.28.4 to 5.28.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/541">actions/setup-go#541</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/568">actions/setup-go#568</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v5.4.0">https://github.com/actions/setup-go/compare/v5...v5.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d35c59abb0"><code>d35c59a</code></a>
chore: update discussions url (<a
href="https://redirect.github.com/actions/setup-go/issues/527">#527</a>)</li>
<li><a
href="29694d72cd"><code>29694d7</code></a>
Add manifest validation and improve error handling (<a
href="https://redirect.github.com/actions/setup-go/issues/586">#586</a>)</li>
<li><a
href="78535dd5f2"><code>78535dd</code></a>
Bump eslint-plugin-jest from 27.9.0 to 28.11.0 (<a
href="https://redirect.github.com/actions/setup-go/issues/537">#537</a>)</li>
<li><a
href="bb65d8857b"><code>bb65d88</code></a>
Bump ts-jest from 29.1.2 to 29.3.2 (<a
href="https://redirect.github.com/actions/setup-go/issues/582">#582</a>)</li>
<li><a
href="7f17e836c0"><code>7f17e83</code></a>
Bump <code>@​actions/glob</code> from 0.4.0 to 0.5.0 (<a
href="https://redirect.github.com/actions/setup-go/issues/573">#573</a>)</li>
<li><a
href="dca8468d37"><code>dca8468</code></a>
Update self-hosted environment validation and bump undici version (<a
href="https://redirect.github.com/actions/setup-go/issues/556">#556</a>)</li>
<li><a
href="691cc3533f"><code>691cc35</code></a>
upgrade actions/cache to 4.0.3 (<a
href="https://redirect.github.com/actions/setup-go/issues/574">#574</a>)</li>
<li><a
href="0aaccfd150"><code>0aaccfd</code></a>
Bump undici from 5.28.4 to 5.28.5 (<a
href="https://redirect.github.com/actions/setup-go/issues/541">#541</a>)</li>
<li><a
href="c4c1141886"><code>c4c1141</code></a>
upgrade actions/cache to 4.0.2 (<a
href="https://redirect.github.com/actions/setup-go/issues/568">#568</a>)</li>
<li><a
href="5a083d0e9a"><code>5a083d0</code></a>
Bump eslint-config-prettier from 8.10.0 to 10.0.1 (<a
href="https://redirect.github.com/actions/setup-go/issues/536">#536</a>)</li>
<li>Additional commits viewable in <a
href="f111f3307d...d35c59abb0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5.3.0&new-version=5.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 08:05:19 -07:00
stepsecurity-app[bot]
e53dba9a34
[StepSecurity] Apply security best practices (#39)
This PR implements [go/ssdlc-2](https://go/ssdlc-2). Please raise issues
to ProdSec's on-call rotation.

Ref: https://github.com/chainguard-dev/prodsec/issues/138

## Summary

This pull request has been generated by
[StepSecurity](https://app.stepsecurity.io/github/chainguard-dev/actions/dashboard)
as part of your enterprise subscription to ensure compliance with
recommended security best practices. Please review and merge the pull
request to apply these security enhancements.

At a high level, this PR:
- Adds the `harden-runner` Action if not already present
- Pins Actions to a digest rather than mutable tags
- Restricts GitHub token permissions to be as minimal as possible

## Security Fixes

### Harden Runner

Harden-Runner is an open-source security agent for the GitHub-hosted
runner to prevent software supply chain attacks. It prevents
exfiltration of credentials, detects tampering of source code during
build, and enables running jobs without sudo access.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow)
### Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make
authenticated calls to the GitHub API. GitHub recommends setting minimum
token permissions for the GITHUB_TOKEN.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions)


## Feedback

For bug reports, feature requests, and general feedback; please create
an issue in
[step-security/secure-repo](https://github.com/step-security/secure-repo)
or contact us via [our website](https://www.stepsecurity.io/).

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
2025-07-08 08:05:05 -07:00
Markus Thömmes
517105f6ef
gcp: Surface trace propagation functions on context (#40)
Users of clog have to be able to reliably put trace information into the
context to make the logger pick it up correctly. The current
implementation uses a string, which is prone to collisions.

This surfaces context manipulation functions instead that operate on a
private type and allow for easier integration.
2025-07-08 08:04:47 -07:00
Dan Luhring
b5e6d19489
docs: fix doc comments for clog.Logger (#36)
This updates doc comments and parameter names for the Logger type to be
friendlier to docs-aware editors, specifically by:

- Fixing when method name in doc comment didn't match the method name
- Using "msg" instead of "format" to align with the stdlib for when log
messages aren't formats
- Updating to explain how the variadic `args` params are used

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2025-04-23 19:03:34 -04:00
Billy Lynch
fa6bbc4954
Fix duplicate log keys from context. (#34)
Because we were using attr.With, we were setting the logger attributes,
and then appending the log context attributes again later for any
contextf functions. This changes the behavior to use the context for any
log.Info functions.
2025-03-03 18:20:42 -05:00
dependabot[bot]
cedc4c3467
Bump actions/setup-go from 5.2.0 to 5.3.0 (#32)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.2.0
to 5.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v5.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Use the new cache service: upgrade <code>@actions/cache</code> to
<code>^4.0.0</code> by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/setup-go/pull/531">actions/setup-go#531</a></li>
<li>Configure Dependabot settings by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/530">actions/setup-go#530</a></li>
<li>Document update - permission section by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/533">actions/setup-go#533</a></li>
<li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/534">actions/setup-go#534</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Link"><code>@​Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/531">actions/setup-go#531</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v5.3.0">https://github.com/actions/setup-go/compare/v5...v5.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f111f3307d"><code>f111f33</code></a>
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (<a
href="https://redirect.github.com/actions/setup-go/issues/534">#534</a>)</li>
<li><a
href="3d10edb4c2"><code>3d10edb</code></a>
Add new permission section (<a
href="https://redirect.github.com/actions/setup-go/issues/533">#533</a>)</li>
<li><a
href="43e13893cf"><code>43e1389</code></a>
Configure Dependabot settings (<a
href="https://redirect.github.com/actions/setup-go/issues/530">#530</a>)</li>
<li><a
href="f81f022188"><code>f81f022</code></a>
Use the new cache service: upgrade <code>@actions/cache</code> to
<code>^4.0.0</code> (<a
href="https://redirect.github.com/actions/setup-go/issues/531">#531</a>)</li>
<li>See full diff in <a
href="3041bf56c9...f111f3307d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5.2.0&new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-27 15:36:44 -08:00
Billy Lynch
479d6297ce
default client: Use inner handler for log level enabled check. (#33) 2025-01-27 16:29:38 -05:00
Billy Lynch
7b8abfef8a
Wrap context-aware handlers + values around loggers by default. (#31)
Previously, we didn't allowed you to provide any handler you wanted,
which didn't quite meet expectations for using clog. This changes the
behavior to always wrap the logger with a context handler.

Additionally, when a new logger is created any values present in the
context are added to the logger, which should allow the values to be
preserved even if the default slog funcs are used.
2025-01-24 10:21:37 -05:00
Jason Hall
71baa290ad
gcp: avoid type assertion panic (#29)
Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-12-30 14:24:43 -05:00
dependabot[bot]
67ba3d0193
Bump actions/setup-go from 5.1.0 to 5.2.0 (#30)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.1.0
to 5.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v5.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Leveraging the raw API to retrieve the version-manifest, as it does
not impose a rate limit and hence facilitates unrestricted consumption
without the need for a token for Github Enterprise Servers by <a
href="https://github.com/Shegox"><code>@​Shegox</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/496">actions/setup-go#496</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Shegox"><code>@​Shegox</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/496">actions/setup-go#496</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v5.2.0">https://github.com/actions/setup-go/compare/v5...v5.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3041bf56c9"><code>3041bf5</code></a>
feat: fallback to &quot;raw&quot; endpoint for manifest when rate limit
is reached (<a
href="https://redirect.github.com/actions/setup-go/issues/496">#496</a>)</li>
<li>See full diff in <a
href="41dfa10bad...3041bf56c9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5.1.0&new-version=5.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-22 22:55:22 -08:00
dependabot[bot]
e97f0ca65a
Bump actions/checkout from 4.1.7 to 4.2.2 (#27)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7
to 4.2.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependabot updates in <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>
&amp; <a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/yasonk"><code>@​yasonk</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1869">actions/checkout#1869</a></li>
<li><a href="https://github.com/lucacome"><code>@​lucacome</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.1.7...v4.2.0">https://github.com/actions/checkout/compare/v4.1.7...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
<li>README: Suggest <code>user.email</code> to be
<code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li>
</ul>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<ul>
<li>Check git version before attempting to disable
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li>
<li>Add SSH user parameter by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li>
<li>Update <code>actions/checkout</code> version in
<code>update-main-version.yml</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li>
</ul>
<h2>v4.1.2</h2>
<ul>
<li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code>
option is not present <a
href="https://github.com/dscho"><code>@​dscho</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li>
</ul>
<h2>v4.1.1</h2>
<ul>
<li>Correct link to GitHub Docs by <a
href="https://github.com/peterbe"><code>@​peterbe</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li>
<li>Link to release page from what's new section by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li>
</ul>
<h2>v4.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add
support for partial checkout filters</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="11bd71901b"><code>11bd719</code></a>
Prepare 4.2.2 Release (<a
href="https://redirect.github.com/actions/checkout/issues/1953">#1953</a>)</li>
<li><a
href="e3d2460bbb"><code>e3d2460</code></a>
Expand unit test coverage (<a
href="https://redirect.github.com/actions/checkout/issues/1946">#1946</a>)</li>
<li><a
href="163217dfcd"><code>163217d</code></a>
<code>url-helper.ts</code> now leverages well-known environment
variables. (<a
href="https://redirect.github.com/actions/checkout/issues/1941">#1941</a>)</li>
<li><a
href="eef61447b9"><code>eef6144</code></a>
Prepare 4.2.1 release (<a
href="https://redirect.github.com/actions/checkout/issues/1925">#1925</a>)</li>
<li><a
href="6b42224f41"><code>6b42224</code></a>
Add workflow file for publishing releases to immutable action package
(<a
href="https://redirect.github.com/actions/checkout/issues/1919">#1919</a>)</li>
<li><a
href="de5a000abf"><code>de5a000</code></a>
Check out other refs/* by commit if provided, fall back to ref (<a
href="https://redirect.github.com/actions/checkout/issues/1924">#1924</a>)</li>
<li><a
href="d632683dd7"><code>d632683</code></a>
Prepare 4.2.0 release (<a
href="https://redirect.github.com/actions/checkout/issues/1878">#1878</a>)</li>
<li><a
href="6d193bf280"><code>6d193bf</code></a>
Bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/actions/checkout/issues/1777">#1777</a>)</li>
<li><a
href="db0cee9a51"><code>db0cee9</code></a>
Bump the minor-npm-dependencies group across 1 directory with 4 updates
(<a
href="https://redirect.github.com/actions/checkout/issues/1872">#1872</a>)</li>
<li><a
href="b684943689"><code>b684943</code></a>
Add Ref and Commit outputs (<a
href="https://redirect.github.com/actions/checkout/issues/1180">#1180</a>)</li>
<li>Additional commits viewable in <a
href="692973e3d9...11bd71901b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4.1.7&new-version=4.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-25 09:07:55 -08:00
dependabot[bot]
8827246f05
Bump actions/setup-go from 5.0.2 to 5.1.0 (#28)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.2
to 5.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v5.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/500">actions/setup-go#500</a></li>
<li>Upgrade IA Publish by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/502">actions/setup-go#502</a></li>
<li>Add architecture to cache key by <a
href="https://github.com/Zxilly"><code>@​Zxilly</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/493">actions/setup-go#493</a>
This addresses issues with caching by adding the architecture (arch) to
the cache key, ensuring that cache keys are accurate to prevent
conflicts.
Note: This change may break previous cache keys as they will no longer
be compatible with the new format.</li>
<li>Enhance workflows and Upgrade micromatch Dependency by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/510">actions/setup-go#510</a></li>
</ul>
<p><strong>Bug Fixes</strong></p>
<ul>
<li>Revise <code>isGhes</code> logic by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/511">actions/setup-go#511</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Zxilly"><code>@​Zxilly</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/493">actions/setup-go#493</a></li>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/500">actions/setup-go#500</a></li>
<li><a href="https://github.com/jww3"><code>@​jww3</code></a> made their
first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/511">actions/setup-go#511</a></li>
<li><a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/510">actions/setup-go#510</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v5.1.0">https://github.com/actions/setup-go/compare/v5...v5.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="41dfa10bad"><code>41dfa10</code></a>
Enhance workflows and Upgrade micromatch Dependency (<a
href="https://redirect.github.com/actions/setup-go/issues/510">#510</a>)</li>
<li><a
href="941977282c"><code>9419772</code></a>
Revise <code>isGhes</code> logic (<a
href="https://redirect.github.com/actions/setup-go/issues/511">#511</a>)</li>
<li><a
href="d60b41a563"><code>d60b41a</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-go/issues/502">#502</a>
from actions/Jcambass-patch-1</li>
<li><a
href="e09f57f6a9"><code>e09f57f</code></a>
Upgrade IA Publish</li>
<li><a
href="df1a11710e"><code>df1a117</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-go/issues/500">#500</a>
from actions/Jcambass-patch-1</li>
<li><a
href="49582f6476"><code>49582f6</code></a>
Add workflow file for publishing releases to immutable action
package</li>
<li><a
href="b26d40294f"><code>b26d402</code></a>
fix: add arch to cache key (<a
href="https://redirect.github.com/actions/setup-go/issues/493">#493</a>)</li>
<li>See full diff in <a
href="0a12ed9d6a...41dfa10bad">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5.0.2&new-version=5.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-25 09:07:42 -08:00
Jason Hall
4c523ae459
slag: support cobra's pflag interface (#24)
Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-08-11 11:59:37 -07:00
Jason Hall
d36bc967c6
slogtest: include debug logs by default (#23)
https://github.com/chainguard-dev/clog/pull/13#discussion_r1711599434

Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-08-09 14:46:31 +00:00
Jason Hall
56a6d5a0ad
improve slogtest (#13)
Without the slogtest change, with the newly added test:

```
go test ./slogtest/ -v                
=== RUN   TestSlogTest
    slogtest.go:20: time=2024-02-12T16:50:56.437-05:00 level=INFO msg="hello world" foo=bar
        
--- PASS: TestSlogTest (0.00s)
PASS
ok      github.com/chainguard-dev/clog/slogtest 0.116s
```

With this change:

```
go test ./slogtest -v
=== RUN   TestSlogTest
    slogtest.go:31: level=INFO source=/Users/jason/git/clog/slogtest/slogtest_test.go:13 msg="hello world" foo=bar
    slogtest.go:31: level=INFO source=/Users/jason/git/clog/slogtest/slogtest_test.go:14 msg="me again" bar=baz
    slogtest.go:31: level=INFO source=/Users/jason/git/clog/slogtest/slogtest_test.go:15 msg="okay last one" baz=true
```

---------

Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-08-09 10:43:25 -04:00
Jason Hall
f6c22babbb
document the slag package (#22)
Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-08-09 10:20:26 -04:00
dependabot[bot]
b42aea849e
Bump actions/setup-go from 5.0.1 to 5.0.2 (#20)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1
to 5.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.2</h2>
<h2>What's Changed</h2>
<h3>Bug fixes:</h3>
<ul>
<li>Fix versions check failure by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/479">actions/setup-go#479</a></li>
</ul>
<h3>Dependency  updates:</h3>
<ul>
<li>Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/actions/setup-go/pull/487">actions/setup-go#487</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/479">actions/setup-go#479</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v5.0.2">https://github.com/actions/setup-go/compare/v5...v5.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0a12ed9d6a"><code>0a12ed9</code></a>
Bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/actions/setup-go/issues/487">#487</a>)</li>
<li><a
href="4ab57d7ea2"><code>4ab57d7</code></a>
Fix versions check failure (<a
href="https://redirect.github.com/actions/setup-go/issues/479">#479</a>)</li>
<li>See full diff in <a
href="cdcb360436...0a12ed9d6a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5.0.1&new-version=5.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-08 18:34:03 -07:00
Jason Hall
c3adc02883
configure log level with env var (#21)
Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-08-08 18:33:48 -07:00
dependabot[bot]
d26a705a05
Bump actions/checkout from 3 to 4 (#19)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to
4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update default runtime to node20 by <a
href="https://github.com/takost"><code>@​takost</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1436">actions/checkout#1436</a></li>
<li>Support fetching without the --progress option by <a
href="https://github.com/simonbaird"><code>@​simonbaird</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1067">actions/checkout#1067</a></li>
<li>Release 4.0.0 by <a
href="https://github.com/takost"><code>@​takost</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1447">actions/checkout#1447</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/takost"><code>@​takost</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1436">actions/checkout#1436</a></li>
<li><a
href="https://github.com/simonbaird"><code>@​simonbaird</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1067">actions/checkout#1067</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3...v4.0.0">https://github.com/actions/checkout/compare/v3...v4.0.0</a></p>
<h2>v3.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Mark test scripts with Bash'isms to be run via Bash by <a
href="https://github.com/dscho"><code>@​dscho</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1377">actions/checkout#1377</a></li>
<li>Add option to fetch tags even if fetch-depth &gt; 0 by <a
href="https://github.com/RobertWieczoreck"><code>@​RobertWieczoreck</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li>
<li>Release 3.6.0 by <a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/RobertWieczoreck"><code>@​RobertWieczoreck</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/579">actions/checkout#579</a></li>
<li><a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1437">actions/checkout#1437</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.5.3...v3.6.0">https://github.com/actions/checkout/compare/v3.5.3...v3.6.0</a></p>
<h2>v3.5.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix: Checkout Issue in self hosted runner due to faulty submodule
check-ins by <a
href="https://github.com/megamanics"><code>@​megamanics</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li>
<li>Fix typos found by codespell by <a
href="https://github.com/DimitriPapadopoulos"><code>@​DimitriPapadopoulos</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li>
<li>Add support for sparse checkouts by <a
href="https://github.com/dscho"><code>@​dscho</code></a> and <a
href="https://github.com/dfdez"><code>@​dfdez</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1369">actions/checkout#1369</a></li>
<li>Release v3.5.3 by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1376">actions/checkout#1376</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/megamanics"><code>@​megamanics</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li>
<li><a
href="https://github.com/DimitriPapadopoulos"><code>@​DimitriPapadopoulos</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li>
<li><a href="https://github.com/dfdez"><code>@​dfdez</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1369">actions/checkout#1369</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3...v3.5.3">https://github.com/actions/checkout/compare/v3...v3.5.3</a></p>
<h2>v3.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix: Use correct API url / endpoint in GHES by <a
href="https://github.com/fhammerl"><code>@​fhammerl</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1289">actions/checkout#1289</a>
based on <a
href="https://redirect.github.com/actions/checkout/issues/1286">#1286</a>
by <a href="https://github.com/1newsr"><code>@​1newsr</code></a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.5.1...v3.5.2">https://github.com/actions/checkout/compare/v3.5.1...v3.5.2</a></p>
<h2>v3.5.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Improve checkout performance on Windows runners by upgrading
<code>@​actions/github</code> dependency by <a
href="https://github.com/BrettDong"><code>@​BrettDong</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/BrettDong"><code>@​BrettDong</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="692973e3d9"><code>692973e</code></a>
Prepare 4.1.7 release (<a
href="https://redirect.github.com/actions/checkout/issues/1775">#1775</a>)</li>
<li><a
href="6ccd57f4c5"><code>6ccd57f</code></a>
Pin actions/checkout's own workflows to a known, good, stable version.
(<a
href="https://redirect.github.com/actions/checkout/issues/1776">#1776</a>)</li>
<li><a
href="b17fe1e4d5"><code>b17fe1e</code></a>
Handle hidden refs (<a
href="https://redirect.github.com/actions/checkout/issues/1774">#1774</a>)</li>
<li><a
href="b80ff79f17"><code>b80ff79</code></a>
Bump actions/checkout from 3 to 4 (<a
href="https://redirect.github.com/actions/checkout/issues/1697">#1697</a>)</li>
<li><a
href="b1ec3021b8"><code>b1ec302</code></a>
Bump the minor-npm-dependencies group across 1 directory with 4 updates
(<a
href="https://redirect.github.com/actions/checkout/issues/1739">#1739</a>)</li>
<li><a
href="a5ac7e51b4"><code>a5ac7e5</code></a>
Update for 4.1.6 release (<a
href="https://redirect.github.com/actions/checkout/issues/1733">#1733</a>)</li>
<li><a
href="24ed1a3528"><code>24ed1a3</code></a>
Check platform for extension (<a
href="https://redirect.github.com/actions/checkout/issues/1732">#1732</a>)</li>
<li><a
href="44c2b7a8a4"><code>44c2b7a</code></a>
README: Suggest <code>user.email</code> to be
`41898282+github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.norepl...</li>
<li><a
href="8459bc0c7e"><code>8459bc0</code></a>
Bump actions/upload-artifact from 2 to 4 (<a
href="https://redirect.github.com/actions/checkout/issues/1695">#1695</a>)</li>
<li><a
href="3f603f6d5e"><code>3f603f6</code></a>
Bump actions/setup-node from 1 to 4 (<a
href="https://redirect.github.com/actions/checkout/issues/1696">#1696</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/checkout/compare/v3...v4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Kenny Leung <kleung@chainguard.dev>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kenny Leung <kleung@chainguard.dev>
2024-06-21 16:33:52 +00:00
Kenny Leung
1a2666f783
setup dependabot for clog (#18)
Signed-off-by: Kenny Leung <kleung@chainguard.dev>
2024-06-21 09:00:44 +02:00
Billy Lynch
40901e8d69
slogtest: Allow passing in logging config options. (#12)
- Enables debug logging by default.
- Adds `TestLoggerWithOptions` to allow overriding default config.
- Adds `Context` as a shorthand for TestContextWithLogger
   (e.g. `slogtest.TestContextWithLogger(t)` -> `slogtest.Context(t)`)
2024-06-20 20:49:22 -07:00
Nghia Tran
6962f14d44
Use traceparent instead of X-Cloud-Trace-Context (#16)
According to
https://cloud.google.com/trace/docs/trace-context#http-requests,
`X-Cloud-Trace-Context` is a legacy header that precedes the W3C
standard `traceparent` header. Google Cloud services that support trace
context propagation typically support both the `traceparent` and the
legacy `X-Cloud-Trace-Context` header.

Switching to use this so that we don't have to use the legacy header
`X-Cloud-Trace-Context` when restoring trace context header for pubsub
eventing, but only using `traceparent` every where.
2024-06-18 19:32:50 -07:00
Nghia Tran
f300b26592
Preserve context in With() calls (#17)
Currently `With()` will reset context back to `context.Background()`,
causing the `wrap/wrapf` calls to lose the original context.

This affects the `clog/gcp` handler who relies on a value keyed with
`"trace"` being set on the context
([see](https://github.com/chainguard-dev/clog/blob/main/gcp/trace.go#L110-L116))
(we should use a typed value though, but that's in a different PR).

---------

Signed-off-by: Nghia Tran <tcnghia@gmail.com>
2024-06-18 20:33:25 -04:00
Jason Hall
cb3093988f
gcp/trace: limit project ID lookups, add tests (#14)
If `WithCloudTraceContext` is called from tests where GCE metadata isn't
available, it hangs indefinitely, which is not a great experience.

Some improvements in this PR:

- project ID lookup will only be performed once, instead of each time
`WithCloudTraceContext` is called
- if we detect we're being called in tests, the project ID won't be
looked up and we won't log with trace context
- add a standard short timeout to metadata requests, consistent with the
official client

Also add a test that shows that the `trace` context value is set when
the project ID env var is set; because this logging must go to stderr,
we can't easily test what actually gets logged, but we can show it
working in the verbose output:

```
go test ./gcp -v -count=1
=== RUN   TestTrace
=== RUN   TestTrace/no_env_set
{"time":"2024-02-12T20:22:14.059143-05:00","severity":"DEBUG","logging.googleapis.com/sourceLocation":{"function":"github.com/chainguard-dev/clog/gcp.insideTest","file":"/Users/jason/git/clog/gcp/trace.go","line":33},"message":"WithCloudTraceContext: inside test","function":"testing.tRunner","file":"/opt/homebrew/Cellar/go/1.21.5/libexec/src/testing/testing.go","line":1595}
{"time":"2024-02-12T20:22:14.059343-05:00","severity":"DEBUG","logging.googleapis.com/sourceLocation":{"function":"github.com/chainguard-dev/clog/gcp.WithCloudTraceContext.func1","file":"/Users/jason/git/clog/gcp/trace.go","line":56},"message":"WithCloudTraceContext: inside test, not looking up project ID"}
{"time":"2024-02-12T20:22:14.060156-05:00","severity":"INFO","logging.googleapis.com/sourceLocation":{"function":"github.com/chainguard-dev/clog/gcp.TestTrace.func2.1","file":"/Users/jason/git/clog/gcp/trace_test.go","line":37},"message":"hello world"}
=== RUN   TestTrace/env_set
{"time":"2024-02-12T20:22:14.060678-05:00","severity":"INFO","logging.googleapis.com/sourceLocation":{"function":"github.com/chainguard-dev/clog/gcp.TestTrace.func2.1","file":"/Users/jason/git/clog/gcp/trace_test.go","line":37},"message":"hello world","logging.googleapis.com/trace":"projects/my-project/traces/trace"}
--- PASS: TestTrace (0.00s)
    --- PASS: TestTrace/no_env_set (0.00s)
    --- PASS: TestTrace/env_set (0.00s)
PASS
ok      github.com/chainguard-dev/clog/gcp      0.166s
```

The test also attempts to check that GCE metadata isn't requested.

Through this work I've found that `clog.FromContext(ctx).Info("hello")`
doesn't carry the `trace` context value, possibly related to
https://github.com/chainguard-dev/clog/pull/11

Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-02-12 21:04:06 -05:00
Billy Lynch
f4145d29d4
Preserve context in logger when calling FromContext. (#11)
Modification of #5 

Allows for passing through the logger while still using default Info
methods. InfoContext remains to override the context with another value.

This changes the stored context value to store the underlying
slog.Logger instead of the wrapped logger so we're not storing a context
within a context.
2024-02-06 12:35:04 -05:00
Jason Hall
4d1a9405b3
add Fatal{Context}{f} (#8)
This adds `clog.Fatal{Context}{f}`, and
`clog.FromContext(ctx).Fatal{Context}{f}`

`Fatal` logs at `LevelError` then calls `os.Exit(1)`, like stdlib
`log.Fatal`:
https://cs.opensource.google/go/go/+/refs/tags/go1.21.6:src/log/log.go;l=413

---------

Signed-off-by: Jason Hall <jason@chainguard.dev>
Co-authored-by: Billy Lynch <1844673+wlynch@users.noreply.github.com>
2024-02-06 11:03:48 -05:00
Jason Hall
83244dc767
add a flag option (#10)
I don't like any of the names here, and we might want it to be in a
separate subpackage. This lets you say `--log-level=DEBUG` to set the
level. The default is still INFO.

---------

Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-02-06 11:01:13 -05:00
Jason Hall
d34ebd4160
add GCP optimized slog package (#9)
Opening this to gather feedback.

This moves https://github.com/imjasonh/gcpslog into this repo, including
https://github.com/imjasonh/gcpslog/pull/2

---------

Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-02-05 17:09:57 -05:00
Jason Hall
fec25b637d
Update README.md (#7)
Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-01-18 11:37:43 -05:00
Jason Hall
04bee692f7
rename to clog (#6)
* rename to clog

Signed-off-by: Jason Hall <jason@chainguard.dev>

* fix example in README

Signed-off-by: Jason Hall <jason@chainguard.dev>

---------

Signed-off-by: Jason Hall <jason@chainguard.dev>
2024-01-16 13:28:27 -05:00
Billy Lynch
c071a43a42
Fix handler example to actually use the handler. (#4) 2024-01-16 11:15:36 -05:00
Billy Lynch
988f6253cd
Add source.yaml (#3) 2023-12-21 17:59:27 +01:00
Carlos Tadeu Panato Junior
7a6e5ac694
update to chainguard-dev (#2) 2023-12-21 11:54:22 -05:00
Billy Lynch
9bf46567a6
Create go.yml 2023-12-12 20:40:15 -05:00
Billy Lynch
0d562667b2
Update godoc 2023-12-12 19:59:57 -05:00
Billy Lynch
3f156fd3a4
Add missing slog.Logger functions.
- WithGroup
- Handler
2023-12-12 19:22:50 -05:00
Billy Lynch
765cf08124
Add slogtest helpers. 2023-12-12 18:45:04 -05:00
Billy Lynch
8aac927af2
Add godoc badge 2023-12-12 18:30:25 -05:00
Billy Lynch
5565dbc976
Add context logger.
This is heavily inspired by https://pkg.go.dev/knative.dev/pkg/logging

Also adds top level logging methods for convinience.
2023-12-12 18:29:22 -05:00