dependabot[bot]
77bd16ff51
build(deps): bump github/codeql-action from 4.35.1 to 4.35.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.1 to 4.35.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c10b8064de...95e58e9a2c
2026-04-20 11:12:02 +00:00
Rafael
26c11f5c4d
Switch from draft to pre-release ( #13951 )
...
govulncheck / govulncheck (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
2026-04-16 20:23:48 -03:00
Rafael
663d6f82fe
Switch release workflow trigger and add draft flag for release creation ( #13902 )
...
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
Signed-off-by: Rafael <32229014+rafaelbreno@users.noreply.github.com>
2026-04-16 13:52:00 -03:00
dependabot[bot]
33f9173021
build(deps): bump docker/build-push-action from 7.0.0 to 7.1.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](d08e5c354a...bcafcacb16
2026-04-13 11:08:05 -07:00
dependabot[bot]
32f2169ed3
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](153bb8e044...b430933298
2026-04-13 11:07:48 -07:00
dependabot[bot]
8b6f2a40e7
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](bbbca2ddaa...043fb46d1a
2026-04-13 11:07:38 -07:00
dependabot[bot]
0ae2bb1e6b
build(deps): bump aws-actions/configure-aws-credentials
...
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials ) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases )
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md )
- [Commits](8df5847569...ec61189d14
2026-04-13 11:07:17 -07:00
dependabot[bot]
62ce497982
build(deps): bump actions/github-script from 8.0.0 to 9.0.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](ed597411d8...3a2844b7e9
2026-04-13 11:07:07 -07:00
dependabot[bot]
8a4219e66c
build(deps): bump updatecli/updatecli-action from 2.100.0 to 3.0.0
...
Bumps [updatecli/updatecli-action](https://github.com/updatecli/updatecli-action ) from 2.100.0 to 3.0.0.
- [Release notes](https://github.com/updatecli/updatecli-action/releases )
- [Commits](4b17f4ea78...2cc8e6d8e3
2026-04-09 12:41:39 -07:00
dependabot[bot]
1fe6732169
build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 3.12.0 to 4.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](8d2750c68a...4d04d5d948
2026-04-09 12:41:15 -07:00
dependabot[bot]
91dc10db9c
build(deps): bump github/codeql-action from 4.34.1 to 4.35.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.34.1 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3869755554...c10b8064de
2026-04-09 12:40:57 -07:00
dependabot[bot]
28d434405d
build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaa
2026-04-09 12:40:37 -07:00
Manuel Buil
909ffe67c7
Pin govulncheck GHA version
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2026-04-01 18:08:59 +02:00
Manuel Buil
2a2cd99e3d
Secure the e2e yaml GHA
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2026-04-01 18:07:03 +02:00
Chris Wayne
b483ddc65a
Pin GH Actions to commit sha ( #13861 )
...
Signed-off-by: Chris Wayne <cwayne18@gmail.com>
2026-03-26 14:12:15 -04:00
dependabot[bot]
8183260241
build(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.35.0 ( #13802 )
...
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.34.1 to 0.35.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.1...0.35.0 )
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-version: 0.35.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-17 09:09:15 -07:00
dependabot[bot]
b9f4182d51
build(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 ( #13803 )
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2.5.0 to 2.6.1.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](https://github.com/softprops/action-gh-release/compare/v2.5.0...v2.6.1 )
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-version: 2.6.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-17 09:09:04 -07:00
dependabot[bot]
f29d8288b0
build(deps): bump docker/login-action from 3 to 4 ( #13804 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-17 09:08:56 -07:00
dependabot[bot]
6c6a906ca4
Bump docker/metadata-action from 5 to 6 ( #13748 )
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-10 10:43:27 -07:00
dependabot[bot]
7cd98146d8
Bump docker/setup-docker-action from 4 to 5
...
govulncheck / govulncheck (push) Waiting to run
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Bumps [docker/setup-docker-action](https://github.com/docker/setup-docker-action ) from 4 to 5.
- [Release notes](https://github.com/docker/setup-docker-action/releases )
- [Commits](https://github.com/docker/setup-docker-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: docker/setup-docker-action
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-09 16:37:41 -07:00
dependabot[bot]
3975a57306
Bump docker/setup-qemu-action from 3 to 4
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 3 to 4.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-09 16:37:34 -07:00
dependabot[bot]
be7e63dd59
Bump docker/build-push-action from 6 to 7
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-09 16:37:27 -07:00
dependabot[bot]
de13a6435d
Bump DeterminateSystems/nix-installer-action from 17 to 21
...
Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action ) from 17 to 21.
- [Release notes](https://github.com/determinatesystems/nix-installer-action/releases )
- [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v17...v21 )
---
updated-dependencies:
- dependency-name: DeterminateSystems/nix-installer-action
dependency-version: '21'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-09 16:37:20 -07:00
dependabot[bot]
669bb79f08
Bump softprops/action-gh-release from 2.2.1 to 2.5.0
...
govulncheck / govulncheck (push) Has been cancelled
Install Script / build (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Install Script / Smoke Test (push) Has been cancelled
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2.2.1 to 2.5.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](https://github.com/softprops/action-gh-release/compare/v2.2.1...v2.5.0 )
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-version: 2.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-06 16:28:26 -08:00
dependabot[bot]
340623bf53
build(deps): bump aws-actions/configure-aws-credentials from 5 to 6
...
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials ) from 5 to 6.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases )
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-06 16:28:12 -08:00
dependabot[bot]
7563007cd4
build(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.1
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.33.1 to 0.34.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.1 )
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-version: 0.34.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-06 16:27:29 -08:00
dependabot[bot]
d648c8cb89
build(deps): bump actions/stale from 10.1.1 to 10.2.0
...
Bumps [actions/stale](https://github.com/actions/stale ) from 10.1.1 to 10.2.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/stale/compare/v10.1.1...v10.2.0 )
---
updated-dependencies:
- dependency-name: actions/stale
dependency-version: 10.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-06 16:27:22 -08:00
dependabot[bot]
45bdf9c9f8
Bump actions/download-artifact from 7 to 8
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v7...v8 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-06 16:27:13 -08:00
Ada
20c02eda5a
Add nix-snapshotter integration test
...
Docker-based integration test that verifies nix-snapshotter works
with k3s. The test builds a nix hello image, starts k3s with
--snapshotter nix, pulls the image via nix:0 ref, and runs it as
a pod, verifying "Hello, world!" output.
Signed-off-by: Ada <ada@6bit.com>
Co-Authored-By: Joshua Perry <josh@6bit.com>
Signed-off-by: Ada <ada@6bit.com>
2026-03-06 12:36:57 -08:00
Derek Nola
29f92e9d50
Assign github.event to env first ( #13715 )
...
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-03-02 10:20:02 -08:00
Rafael
084d2f44e7
Add registry prefix to image-list file ( #13603 )
...
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
2026-02-10 13:54:23 -03:00
Derek Nola
24d6995cd4
Bump scorecard checkout to match all other versions ( #13568 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-02-05 09:32:22 -08:00
dependabot[bot]
9850c5a3da
Bump aws-actions/configure-aws-credentials from 4 to 5 ( #13185 )
...
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials ) from 4 to 5.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases )
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-04 10:20:06 -08:00
Derek Nola
daa11863d2
Use channel.yaml instead of curling for stable for kubectl install ( #13531 )
...
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
* Use channel.yaml instead of curling for stable for kubectl install
* Stop vex report from leaking out of make local-image
Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-02-03 17:18:16 -08:00
Derek Nola
253f2a91f3
Update install tests with new images, add alma10 ( #13489 )
...
Install Script / build (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Install Script / Smoke Test (push) Has been cancelled
* Update install tests with new images, add alma10
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Stop running each provisioning step individually for install tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-01-23 13:14:51 -08:00
dependabot[bot]
696dd9d99a
Bump actions/stale from 10.1.0 to 10.1.1 ( #13296 )
...
govulncheck / govulncheck (push) Waiting to run
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Bumps [actions/stale](https://github.com/actions/stale ) from 10.1.0 to 10.1.1.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/stale/compare/v10.1.0...v10.1.1 )
---
updated-dependencies:
- dependency-name: actions/stale
dependency-version: 10.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-21 10:19:41 -08:00
Derek Nola
425630ce22
Prevent caching on PR of golangci-lint entries ( #13487 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-01-21 10:09:46 -08:00
Manuel Buil
c24294f24f
Fix lines to satisfy lint
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2026-01-19 15:35:50 +01:00
Brad Davidson
9307d829bf
Remove download/generate from vulncheck
...
This has been broken since july when cb061687d4
2026-01-09 13:37:36 -08:00
Brad Davidson
358c8cc00f
Fix setup-go cache issues
...
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
govulncheck / govulncheck (push) Has been cancelled
Install Script / build (push) Has been cancelled
Install Script / Smoke Test (push) Has been cancelled
* Move cleanup earlier, to prevent running out of space when restoring caches
* Consistently use local setup-go action to avoid saving cache on PR runs
* Update local setup-go action
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-01-09 13:23:28 -08:00
Brad Davidson
9587f67dd1
Update longhorn version in integration test from v1.4.0 to v1.10.1
...
Manifest from https://raw.githubusercontent.com/longhorn/longhorn/v1.10.1/deploy/longhorn.yaml - with modifications to use rancher-mirrored images to avoid image pull rate limits, and allow operation on a node with fewer resources.
Also adds more log dumping on integration test failure.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-01-09 10:40:31 -08:00
Rafael
b167ee165d
Push GA images to staging registry ( #13438 )
...
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
2026-01-08 14:46:19 -03:00
dependabot[bot]
8e416186d7
Bump actions/cache from 4 to 5 ( #13347 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-05 09:41:31 -08:00
dependabot[bot]
eb443b4179
Bump actions/download-artifact from 6 to 7 ( #13346 )
...
Install Script / build (push) Waiting to run
Install Script / Smoke Test (push) Blocked by required conditions
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-22 09:22:56 -08:00
Brad Davidson
421e364cc9
Fix PR lint checkout depth
...
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Need to check out one deeper than the number of commits in order to compare to the target branch
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-18 14:46:59 -08:00
Brad Davidson
900f6cfe8d
Add lint/validate job
...
`make validate` use to run in drone, move it into GHA
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-18 11:20:07 -08:00
dependabot[bot]
e060c0b18f
Bump actions/upload-artifact from 5 to 6
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-12-18 15:29:09 +01:00
Brad Davidson
650fed932d
Validate collected files for release
...
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-15 19:27:56 -08:00
Brad Davidson
7806fa6b9c
Move sha256sum from workflow to script
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-15 19:27:56 -08:00
Brad Davidson
d3732ec3fc
Combine airgap and binary publishing steps
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-15 19:27:56 -08:00
