dependabot[bot]
5b19ddbcd0
Bump docker/setup-buildx-action from 4.0.0 to 4.1.0 ( #2724 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](4d04d5d948...d7f5e7f509
2026-06-06 16:02:50 +10:00
dependabot[bot]
1ac2a3d96a
Bump docker/setup-qemu-action from 4.0.0 to 4.1.0 ( #2726 )
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](ce360397dd...06116385d9
2026-06-06 16:00:51 +10:00
dependabot[bot]
41377138ef
Bump docker/login-action from 4.1.0 to 4.2.0 ( #2727 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](4907a6ddec...650006c6eb
2026-06-06 15:53:24 +10:00
dependabot[bot]
fe449b956a
Bump actions/checkout from 6.0.2 to 6.0.3 ( #2732 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](de0fac2e45...df4cb1c069
2026-06-06 15:52:53 +10:00
dependabot[bot]
1a433d1035
Bump actions/upload-artifact from 4.6.1 to 7.0.1 ( #2663 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.6.1 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](4cec3d8aa0...043fb46d1a
2026-04-26 09:40:39 +10:00
dependabot[bot]
1c0d8b9da9
Bump actions/checkout from 4.2.2 to 6.0.2 ( #2668 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.2 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.2.2...de0fac2e4500dabe0009e67214ff5f5447ce83dd )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.2
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-26 09:40:25 +10:00
dependabot[bot]
33f3351c01
Bump ossf/scorecard-action from 2.4.1 to 2.4.3 ( #2665 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.4.1 to 2.4.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](f49aabe0b5...4eaacf0543
2026-04-26 09:19:38 +10:00
dependabot[bot]
6679d3c02b
Bump github/codeql-action from 3 to 4 ( #2671 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 21:04:18 +10:00
dependabot[bot]
54a7fc8f0c
Bump softprops/action-gh-release from 2.6.2 to 3.0.0 ( #2672 )
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2.6.2 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](3bb12739c2...b430933298
2026-04-22 21:03:55 +10:00
Mike Farah
6dd681a7c0
Fixing release signing
2026-04-17 16:03:18 +10:00
Mike Farah
602586d8fd
Create scorecard.yml
...
Signed-off-by: Mike Farah <mikefarah@gmail.com>
2026-04-14 18:43:11 +10:00
Copilot
9a0335abb2
fix: restrict GitHub Actions workflow token permissions (OSSF least-privilege) ( #2662 )
...
* Initial plan
* fix: add least-privilege token permissions to GitHub workflows (OSSF)
Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/1b5db5e2-af78-4289-a6e0-2e972fc68ef1
Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
2026-04-13 19:11:10 +10:00
Mike Farah
c8f6c1a042
Updating release to sign checksums
2026-04-12 19:39:01 +10:00
Copilot
0e803833fb
chore: pin GitHub Actions and Docker base images to full-length hashes (OSSF scorecard) ( #2658 )
...
* Initial plan
* chore: pin GitHub Actions dependencies to specific commit SHAs (OSSF)
Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/cbd03f0a-f2dc-4da4-b01c-7dd06ad83ee9
Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
* chore: pin Dockerfile base images to specific SHA digests (OSSF)
Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/7a8f6690-37fb-42ab-b3dc-0dd23c270fbe
Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
* chore: revert yq pins in test-yq.yml; add release note for github-action/Dockerfile SHA
Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/e1b35d79-92a3-47d5-b4ac-a2efe2fd58ce
Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
2026-04-12 19:31:32 +10:00
dependabot[bot]
68f0322ba3
Bump softprops/action-gh-release from 1 to 2 ( #1978 )
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-06 18:53:44 +10:00
dependabot[bot]
4df6e46f95
Bump docker/setup-buildx-action from 3 to 4 ( #2627 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-21 09:28:17 +11:00
dependabot[bot]
16e4df2304
Bump docker/login-action from 3 to 4 ( #2620 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-07 13:48:13 +11:00
dependabot[bot]
79a92d0478
Bump docker/setup-qemu-action from 3 to 4 ( #2621 )
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 3 to 4.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-07 13:47:56 +11:00
dependabot[bot]
3a27e39778
Bump actions/setup-go from 5 to 6 ( #2471 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-22 13:42:54 +11:00
dependabot[bot]
22510ab8d5
Bump actions/checkout from 5 to 6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-12-06 14:28:39 +11:00
Alexander
588d0bb3dd
Bumped to core24 and removed riscv64
2025-11-26 09:31:58 +11:00
Alexander
5d0481c0d2
Running build step on launchpad remote builder with supported architectures
2025-11-25 08:55:36 +11:00
dependabot[bot]
d5dd338707
Bump github/codeql-action from 3 to 4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-12 13:42:48 +11:00
dependabot[bot]
c34edcf983
Bump actions/checkout from 4 to 5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-09-04 14:18:19 +10:00
Jeremy L. Morris
76c817009f
Use ghcr.io instead of ghrc.io
2025-08-27 08:23:00 +10:00
Ashok Pariya
fe06096514
Add s390x platform support to Docker release workflow
...
Updated the list of supported platforms in the GitHub Actions
Docker release workflow to include linux/s390x.
Signed-off-by: Ashok Pariya <ashok.pariya@ibm.com>
2025-04-05 20:18:39 +11:00
Zoltán Reegn
c9766c1cab
Also push docker images to ghcr.io
...
With docker-hub starting to introduce a much stricter limit on anonymous
pulls, it makes sense to also host the image in ghcr.io as well,
allowing users flexibility in where they pull the docker images from.
Also with the github action it makes more sense hosting the docker image
on github infrastructure.
I've introduced a github action for logging into registries as well.
2025-03-25 15:45:15 +11:00
Brian Egge
f76815959a
Create docker image for armv7 / raspberry pi3
2024-12-07 11:10:20 +11:00
Mike Farah
80310eaaac
Removing temp docker fix
2024-11-16 20:37:27 +11:00
Mike Farah
8391193732
Temp fix docker version
2024-11-16 20:34:50 +11:00
Mike Farah
d858ab1644
Removing riscv64 from docker build as its not supported by the base golang:1.23.2 image
2024-11-16 20:31:39 +11:00
Mike Farah
129e597346
Fixing release pipeline
2024-11-16 15:43:21 +11:00
Matheus Macabu
c46c1a7128
build: use goreleaser for building cross-compiled binaries and add riscv64 target ( #2135 )
...
* build: use goreleaser to cross-compile binaries for all platforms and archs
The main motivation behind it is because "gox" is unmaintained and archived
and it does not support "linux/riscv64" as a target.
Right now, goreleaser is only building the binaries, and I've tried to replicate
the exact same way the old script does.
In the future, if so desired, goreleaser could be used to further automate the
build and release pipeline by creating the release in GitHub.
* build: create binaries and OCI image for linux/riscv64
2024-08-20 13:09:12 +10:00
Mike Farah
bf2bc29e47
Dont run release build on v4 branch
2024-02-09 10:23:46 +11:00
dependabot[bot]
16bab88946
Bump github/codeql-action from 2 to 3 ( #1903 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-14 16:32:38 +11:00
dependabot[bot]
c7b14eacbd
Bump actions/setup-go from 4 to 5 ( #1894 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-12 09:55:42 +11:00
Mike Farah
779b26310e
Updating references to yq being a YAML processor
2023-11-30 15:32:21 +11:00
dependabot[bot]
0667500b1b
Bump docker/setup-qemu-action from 2 to 3 ( #1785 )
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-19 09:45:31 +10:00
dependabot[bot]
fa8cfd0400
Bump docker/setup-buildx-action from 2 to 3 ( #1786 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-19 09:44:36 +10:00
dependabot[bot]
0a0182da13
Bump actions/checkout from 3 to 4 ( #1776 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 07:58:30 +10:00
dependabot[bot]
cbe84232a3
Bump actions/setup-go from 3 to 4 ( #1601 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-18 14:22:25 +11:00
Mike Farah
f4e7203a55
Fix github action attempt
2023-02-11 23:50:47 +11:00
Mike Farah
5cb3c876fc
bump to go 1.20
2023-02-11 04:06:16 +11:00
Mike Farah
a6d1a52e33
Fixing versioning code for release
2022-11-15 20:08:58 +11:00
Mike Farah
b202ccc5dc
Updating snapcraft release notes
2022-11-15 11:05:56 +11:00
Mike Farah
9edff1f22c
Use new github action syntax
2022-11-14 17:40:12 +11:00
Mike Farah
67864ffdab
Use new github action syntax
2022-11-14 17:35:52 +11:00
Mike Farah
b55381f34e
fixing snap release
2022-11-14 17:28:44 +11:00
Mike Farah
b6ad314dbb
fixing snap release
2022-11-14 17:28:15 +11:00
Mike Farah
63db5de4e2
(attempt) to automate snap release
2022-11-14 17:00:50 +11:00
