Skip to content

Commit b28ee26

Browse files
akabarki76akabarki76
authored
Merge branch 'trunk' into trunk
2 parents aaf3394 + fe900f0 commit b28ee26

File tree

18 files changed

+1718
-86
lines changed

18 files changed

+1718
-86
lines changed

.github/workflows/codeql.yml

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,12 +38,25 @@ jobs:
3838
with:
3939
languages: ${{ matrix.language }}
4040
queries: security-and-quality
41-
config: |
42-
paths-ignore:
43-
- 'third-party/**'
44-
- 'third-party-licenses.*.md'
4541

4642
- name: Perform CodeQL Analysis
4743
uses: github/codeql-action/analyze@v3
4844
with:
4945
category: "/language:${{ matrix.language }}"
46+
upload: false
47+
output: sarif-results
48+
49+
- name: Filter SARIF for third-party code
50+
if: matrix.language == 'go'
51+
uses: advanced-security/filter-sarif@f3b8118a9349d88f7b1c0c488476411145b6270d # v1.0.1
52+
with:
53+
patterns: |
54+
-third-party/**
55+
input: sarif-results/${{ matrix.language }}.sarif
56+
output: sarif-results/${{ matrix.language }}.sarif
57+
58+
- name: Upload filtered SARIF
59+
uses: github/codeql-action/upload-sarif@v3
60+
with:
61+
sarif_file: sarif-results/${{ matrix.language }}.sarif
62+
category: "/language:${{ matrix.language }}"

.golangci.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ linters:
88
# set, and we should have separate work to enable them if we truly want them.
99
- staticcheck
1010
- errcheck
11+
exclusions:
12+
paths:
13+
- third-party
1114

1215
formatters:
1316
enable:

acceptance/testdata/repo/repo-rename-transfer-ownership.txtar

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ exec gh repo create $ORG/$SCRIPT_NAME-$RANDOM_STRING --add-readme --private
33

44
# Attempt to rename the repo with a slash in the name
55
! exec gh repo rename $ORG/new-name --repo=$ORG/$SCRIPT_NAME-$RANDOM_STRING --yes
6-
stderr 'New repository name cannot contain \''/\'' character - to transfer a repository to a new owner, you must follow additional steps on <github.com>. For more information on transferring repository ownership, see <https://docs.github.com/en/repositories/creating-and-managing-repositories/transferring-a-repository>.'
6+
stderr 'New repository name cannot contain \''/\'' character - to transfer a repository to a new owner, see <https://docs.github.com/en/repositories/creating-and-managing-repositories/transferring-a-repository>.'
77

88
# Defer repo deletion
9-
defer gh repo delete $ORG/$SCRIPT_NAME-$RANDOM_STRING --yes
9+
defer gh repo delete $ORG/$SCRIPT_NAME-$RANDOM_STRING --yes

go.mod

Lines changed: 55 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,31 +45,56 @@ require (
4545
github.com/rivo/tview v0.0.0-20250625164341-a4a78f1e05cb
4646
github.com/shurcooL/githubv4 v0.0.0-20240727222349-48295856cce7
4747
github.com/sigstore/protobuf-specs v0.5.0
48-
github.com/sigstore/sigstore-go v1.0.0
48+
github.com/sigstore/sigstore-go v1.1.0
4949
github.com/spf13/cobra v1.9.1
5050
github.com/spf13/pflag v1.0.6
5151
github.com/stretchr/testify v1.10.0
5252
github.com/theupdateframework/go-tuf/v2 v2.1.1
5353
github.com/yuin/goldmark v1.7.12
5454
github.com/zalando/go-keyring v0.2.6
5555

56+
golang.org/x/crypto v0.40.0
57+
golang.org/x/sync v0.16.0
58+
golang.org/x/term v0.33.0
59+
golang.org/x/text v0.27.0
60+
google.golang.org/grpc v1.73.0
61+
5662
google.golang.org/protobuf v1.36.6
5763
gopkg.in/h2non/gock.v1 v1.1.2
5864
gopkg.in/yaml.v3 v3.0.1
5965
)
6066

6167
require (
6268

69+
al.essio.dev/pkg/shellescape v1.6.0 // indirect
70+
cel.dev/expr v0.23.1 // indirect
71+
cloud.google.com/go v0.121.1 // indirect
72+
cloud.google.com/go/auth v0.16.2 // indirect
73+
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
74+
cloud.google.com/go/compute/metadata v0.7.0 // indirect
75+
cloud.google.com/go/iam v1.5.2 // indirect
76+
cloud.google.com/go/longrunning v0.6.7 // indirect
77+
cloud.google.com/go/monitoring v1.24.2 // indirect
78+
cloud.google.com/go/spanner v1.82.0 // indirect
79+
cloud.google.com/go/storage v1.55.0 // indirect
80+
dario.cat/mergo v1.0.2 // indirect
81+
github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.2 // indirect
82+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
83+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 // indirect
84+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 // indirect
85+
6386
github.com/Masterminds/goutils v1.1.1 // indirect
6487
github.com/Masterminds/semver/v3 v3.4.0 // indirect
6588
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
6689

6790
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
6891
github.com/atotto/clipboard v0.1.4 // indirect
92+
github.com/avast/retry-go/v4 v4.6.1 // indirect
6993
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
7094
github.com/aymerick/douceur v0.2.0 // indirect
7195
github.com/blang/semver v3.5.1+incompatible // indirect
7296
github.com/catppuccin/go v0.3.0 // indirect
97+
github.com/cespare/xxhash/v2 v2.3.0 // indirect
7398
github.com/charmbracelet/bubbles v0.21.0 // indirect
7499
github.com/charmbracelet/bubbletea v1.3.5 // indirect
75100
github.com/charmbracelet/colorprofile v0.3.1 // indirect
@@ -80,6 +105,7 @@ require (
80105
github.com/charmbracelet/x/term v0.2.1 // indirect
81106
github.com/cli/browser v1.3.0 // indirect
82107
github.com/cli/shurcooL-graphql v0.0.4 // indirect
108+
github.com/cncf/xds/go v0.0.0-20250326154945-ae57f3c0d45f // indirect
83109
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
84110
github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect
85111
github.com/danieljoos/wincred v1.2.2 // indirect
@@ -90,10 +116,14 @@ require (
90116
github.com/docker/distribution v2.8.3+incompatible // indirect
91117
github.com/docker/docker-credential-helpers v0.9.3 // indirect
92118
github.com/dustin/go-humanize v1.0.1 // indirect
119+
github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
120+
github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
93121
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
94122
github.com/fatih/color v1.18.0 // indirect
123+
github.com/felixge/httpsnoop v1.0.4 // indirect
95124
github.com/fsnotify/fsnotify v1.9.0 // indirect
96125
github.com/gdamore/encoding v1.0.1 // indirect
126+
github.com/globocom/go-buffer v1.2.2 // indirect
97127
github.com/go-chi/chi v4.1.2+incompatible // indirect
98128
github.com/go-jose/go-jose/v4 v4.1.1 // indirect
99129
github.com/go-logr/logr v1.4.3 // indirect
@@ -110,11 +140,17 @@ require (
110140
github.com/go-openapi/validate v0.24.0 // indirect
111141
github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
112142
github.com/godbus/dbus/v5 v5.1.0 // indirect
143+
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
113144
github.com/google/certificate-transparency-go v1.3.2 // indirect
145+
github.com/google/s2a-go v0.1.9 // indirect
114146
github.com/google/uuid v1.6.0 // indirect
147+
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
148+
github.com/googleapis/gax-go/v2 v2.14.2 // indirect
115149
github.com/gorilla/css v1.0.1 // indirect
150+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.0 // indirect
116151
github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
117152
github.com/hashicorp/errwrap v1.1.0 // indirect
153+
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
118154
github.com/huandu/xstrings v1.5.0 // indirect
119155
github.com/in-toto/in-toto-golang v0.9.0 // indirect
120156
github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -143,6 +179,7 @@ require (
143179
github.com/opencontainers/image-spec v1.1.1 // indirect
144180
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
145181
github.com/pkg/errors v0.9.1 // indirect
182+
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
146183
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
147184
github.com/rivo/uniseg v0.4.7 // indirect
148185
github.com/rodaine/table v1.3.0 // indirect
@@ -154,34 +191,50 @@ require (
154191
github.com/shopspring/decimal v1.4.0 // indirect
155192
github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 // indirect
156193
github.com/sigstore/rekor v1.3.10 // indirect
194+
github.com/sigstore/rekor-tiles v0.1.7-0.20250624231741-98cd4a77300f // indirect
157195
github.com/sigstore/sigstore v1.9.5 // indirect
158196
github.com/sigstore/timestamp-authority v1.2.8 // indirect
159197
github.com/sirupsen/logrus v1.9.3 // indirect
160198
github.com/sourcegraph/conc v0.3.0 // indirect
161199
github.com/spf13/afero v1.14.0 // indirect
162200
github.com/spf13/cast v1.9.2 // indirect
163201
github.com/spf13/viper v1.20.1 // indirect
202+
github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
164203
github.com/stretchr/objx v0.5.2 // indirect
165204
github.com/subosito/gotenv v1.6.0 // indirect
166205
github.com/theupdateframework/go-tuf v0.7.0 // indirect
167206
github.com/thlib/go-timezone-local v0.0.6 // indirect
168207
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
208+
github.com/transparency-dev/formats v0.0.0-20250421220931-bb8ad4d07c26 // indirect
169209
github.com/transparency-dev/merkle v0.0.2 // indirect
210+
github.com/transparency-dev/tessera v0.2.1-0.20250610150926-8ee4e93b2823 // indirect
170211
github.com/vbatts/tar-split v0.12.1 // indirect
171212
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
172213
github.com/yuin/goldmark-emoji v1.0.6 // indirect
214+
github.com/zeebo/errs v1.4.0 // indirect
173215
go.mongodb.org/mongo-driver v1.17.4 // indirect
216+
go.opencensus.io v0.24.0 // indirect
174217
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
218+
go.opentelemetry.io/contrib/detectors/gcp v1.36.0 // indirect
219+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
220+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
175221
go.opentelemetry.io/otel v1.37.0 // indirect
176222
go.opentelemetry.io/otel/metric v1.37.0 // indirect
223+
go.opentelemetry.io/otel/sdk v1.36.0 // indirect
224+
go.opentelemetry.io/otel/sdk/metric v1.36.0 // indirect
177225
go.opentelemetry.io/otel/trace v1.37.0 // indirect
178226
go.uber.org/multierr v1.11.0 // indirect
179227
go.uber.org/zap v1.27.0 // indirect
180228
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
181-
golang.org/x/mod v0.25.0 // indirect
229+
golang.org/x/mod v0.26.0 // indirect
182230
golang.org/x/net v0.41.0 // indirect
231+
golang.org/x/oauth2 v0.30.0 // indirect
183232
golang.org/x/sys v0.34.0 // indirect
233+
golang.org/x/time v0.12.0 // indirect
184234
golang.org/x/tools v0.34.0 // indirect
235+
google.golang.org/api v0.238.0 // indirect
236+
google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 // indirect
185237
google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect
186238
google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect
239+
k8s.io/klog/v2 v2.130.1 // indirect
187240
)

0 commit comments

Comments
 (0)