1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00
Commit graph

95 commits

Author SHA1 Message Date
dependabot[bot]
8a50f191bf
build(deps): bump actions/upload-artifact from 3 to 4 (#6013)
* build(deps): bump actions/upload-artifact from 3 to 4

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Disable compression

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-02 08:23:25 +00:00
dependabot[bot]
4f3f6e35e8
build(deps): bump actions/setup-go from 4 to 5 (#6012)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-02 07:13:31 +00:00
Benjamin Marwell
7d919af01b
chore: cross-build for AIX (#5971) 2023-12-11 12:55:04 +00:00
Francis Lavoie
fae195ac7e
ci: Force the Go version for govulncheck (#5879) 2023-10-11 20:09:02 +00:00
dependabot[bot]
1405683c2b
build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 00:34:43 +00:00
dependabot[bot]
89c407aa34
build(deps): bump actions/checkout from 3 to 4 (#5846)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-01 20:13:54 -04:00
Đỗ Trọng Hải
2cac3c5491
httpcaddyfile: fix placeholder shorthands in named routes (#5791)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-09-08 14:38:44 -04:00
Đỗ Trọng Hải
50cea4e263
ci: Run govulncheck (#5790)
* feat(ci): check vuln Go mods in CI

* fix(ci): correct directive for govulncheck

* refactor(ci): move govulncheck to lint.yml

* refactor(lint): move govulncheck to different job
2023-09-05 11:31:25 -04:00
Mohammed Al Sahaf
b7e472d548
ci: ensure short-sha is exported correctly on all platforms (#5781) 2023-08-25 16:06:44 +00:00
Jacob Gadikian
d6f86cccf5
ci: use gci linter (#5708)
* use gofmput to format code

* use gci to format imports

* reconfigure gci

* linter autofixes

* rearrange imports a little

* export GOOS=windows golangci-lint run ./... --fix
2023-08-14 09:41:15 -06:00
Matt Holt
6cdcc2a782
ci: Update to Go 1.21 (#5719)
* ci: Update to Go 1.21

* Bump quic-go to v0.37.4

* Check EnableFullDuplex err

* Linter bug suppression

See https://github.com/timakin/bodyclose/issues/52

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-08-09 12:34:28 -04:00
Mohammed Al Sahaf
b07b198764
chore: use --clean instead of --rm-dist for goreleaser (#5691) 2023-08-04 16:08:54 +00:00
Marten Seemann
f45a6de20d
go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644)
* update quic-go to v0.37.0

* Bump to Go 1.20

* Bump golangci-lint version, yml syntax consistency

* Use skip-pkg-cache workaround

* Workaround needed for both?

* Seeding weakrand is no longer necessary

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-07-21 22:00:48 -06:00
Matt Holt
7ceef91295
Minor tweaks to security.md 2023-07-08 14:02:09 -06:00
Francis Lavoie
998c6e06a7
chore: Adjustments to CI caching (#5495) 2023-04-14 21:38:33 -04:00
Matt Holt
ff35ba9ec3
Update contributing guidelines (#5466)
* Update contributing guidelines

* Request disclosure as a courtesy
2023-04-10 13:08:32 -06:00
dependabot[bot]
b1366c7e46
build(deps): bump actions/setup-go from 3 to 4 (#5474)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-02 00:36:16 -04:00
Matthew Holt
167981d258
ci: Update minimum Go version to 1.19 2023-02-24 13:45:44 -07:00
Francis Lavoie
e62b5fb586
chore: Build with Go 1.20, keep minimum at 1.18 for now (#5353) 2023-02-06 11:29:20 -05:00
TAKAHASHI Shuuji
4e54e48409
ci: Update GitHub Actions to avoid set-output deprecation (#5271) 2022-12-28 12:05:42 -05:00
Mohammed Al Sahaf
b166b90083
ci: exclude dependbot from running tests on s390x machine (#5266) 2022-12-22 14:13:47 -05:00
dependabot[bot]
af93517c2d
build(deps): bump goreleaser/goreleaser-action from 2 to 4 (#5264)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 19:47:33 -05:00
dependabot[bot]
3b724a2082
build(deps): bump actions/upload-artifact from 1 to 3 (#5262)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 19:14:43 -05:00
dependabot[bot]
329af5ced9
build(deps): bump actions/cache from 2 to 3 (#5263)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 18:56:52 -05:00
dependabot[bot]
cd49847edb
build(deps): bump peter-evans/repository-dispatch from 1 to 2 (#5261)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 18:44:54 -05:00
John Losito
d3d76d6ac2
ci: Check for github action updates monthly (#5258) 2022-12-19 14:57:56 -07:00
Francis Lavoie
ee7c92ec9b
reverseproxy: Mask the WS close message when we're the client (#5199)
* reverseproxy: Mask the WS close message when we're the client

* weakrand

* Bump golangci-lint version so path ignores work on Windows

* gofmt

* ugh, gofmt everything, I guess
2022-11-14 09:38:02 -07:00
Ashish Kurmi
6efd1b3bb1
ci: set least privilged token for github actions for lint workflow (#5179)
* ci: set least privilged token for github actions

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>

* ci:reverting github actions permissions for all but lint workflow

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
2022-11-06 08:01:36 +00:00
Mohammed Al Sahaf
c28cd29fe7
ci: enhance the CI/CD flow (#5118) 2022-10-04 17:03:10 +03:00
Mohammed Al Sahaf
eead00f54a
ci: extend goreleaser timeout to 1-hour (#5067) 2022-09-22 15:09:18 +00:00
Mohammed Al Sahaf
487217519c
ci: grant the release workflow the write permission to contents (#5017) 2022-09-05 21:35:47 +00:00
Mohammed Al Sahaf
0499d9c1c4
ci: add id-token permission and update the signing command (#5016) 2022-09-05 20:57:27 +00:00
Mohammed Al Sahaf
d6b3c7d262
ci: generate SBOM and sign artifacts using cosign (#4910)
* ci: sign artifacts using cosign

* include SBOM
2022-09-03 03:37:10 +03:00
Matt Holt
bbc923d66b
ci: Increase linter timeout (#4981) 2022-08-23 14:26:19 -06:00
Francis Lavoie
141872ed80
chore: Bump up to Go 1.19, minimum 1.18 (#4925) 2022-08-02 16:39:09 -04:00
Francis Lavoie
2f43aa0629
chore: Add .gitattributes to force *.go to LF (#4919)
* chore: Add .gitattributes to force *.go to LF

* What if I remove this flag
2022-07-29 08:46:45 -04:00
Y.Horie
c833e3b249
ci: Run golangci-lint on multiple os(#4875) (#4913) 2022-07-27 09:27:18 -04:00
Francis Lavoie
ef0aaca0d6
ci: Fix build caching on Windows (#4811)
* ci: Fix build caching on Windows

I was getting tired of Windows being slow as molasses in our CI jobs, so I went to look at our trusty source of github actions + golang information, and found a somewhat recent commit that actually fixed it. See 4b754729ba

I'll do a 2nd empty commit to re-trigger CI shortly to confirm that it actually fixes it.

* Retrigger CI
2022-05-25 11:56:39 -06:00
Mohammed Al Sahaf
d230b33007
ci: use latest Go version on macOS (#4708) 2022-04-15 13:58:48 -04:00
Matthew Holt
0d13173071
ci: Fix typo 2022-04-13 14:11:03 -06:00
Francis Lavoie
c3a82f53d5
ci: Ensure we always check for latest version of Go (#4703)
* ci: Ensure we always check for latest version of Go

* Try to force 1.18.1, 1.17.9

* Use includes for the actual go semver

* Use `~` for semver here, apparently

* Try to make tests still run on 1.18.0 for Mac, for now
2022-04-13 14:03:38 -06:00
cui fliter
e2535233bb
fix typo (#4702)
Signed-off-by: cuishuang <imcusg@gmail.com>
2022-04-13 10:13:28 -06:00
Francis Lavoie
b4f1a71397
chore: Bump minimum Go to 1.17 (#4662) 2022-03-25 14:56:29 -04:00
Francis Lavoie
4e9fbee1e2
ci: Build on Go 1.18, bump actions versions (#4637)
* ci: Build on Go 1.18, bump actions versions

* Revert linter version bump for now

* Try linter again
2022-03-15 22:09:19 +00:00
Matthew Holt
2ebfda1ae9
Make copyright notice more consistent
Some files had the old copyright or were missing the license comment entirely.

Also change Light Code Labs to Dyanim in security contact and releases.
2021-09-16 12:50:32 -06:00
Mohammed Al Sahaf
e0fc46a911
ci: revert workaround implemented in #4306 (#4328) 2021-09-03 10:05:04 -04:00
Francis Lavoie
105dac8c2a
ci: Only test cross-build on latest Go version (#4319)
This generated way too many test jobs, which weren't really that useful. Cross-build is just to keep us posted on which architectures are building okay, so it's not necessary to do it twice. Only plan9 is not working at this point (see https://github.com/caddyserver/caddy/issues/3615)
2021-08-31 13:44:07 -06:00
Mohammed Al Sahaf
19a55d6aeb
chore: promote creating 'caddy-build' to the release action (#4306)
The commit goreleaser/goreleaser@013bd69126 of GoReleaser is now checking the `go version` prior to executing any of the pre-hooks, which involves setting the current dir of the command to the `build.dir` of the build config. At the time of version check, the buil dir does not exist. It's created in the pre-hook. As a workaround, the build-dir is now created in the Github Action prior to executing goreleaser action.
2021-08-25 17:30:24 +00:00
Francis Lavoie
6bc87ea2ff
ci: Start testing on Go 1.17, drop 1.15 (#4283) 2021-08-16 21:56:20 -06:00
Matthew Holt
6d25261c22
Expand and clarify security policy
While the Caddy project has had very few valid security bug reports over the years, we have a low signal-to-noise ratio with them (lots of invalid reports). Most are out of scope, and it can take too much valuable time for us to determine that. We would prefer researchers do this first. Hopefully these paragraphs spell out much more clearly what we do and don't accept.
2021-06-14 14:00:43 -06:00