Aliaksandr Valialkin
6183975d45
.github/ISSUE_TEMPLATE/bug_report.md: update the link to troubleshooting docs
2022-12-06 21:11:15 -08:00
Roman Khavronenko
9f8bf524ad
bump go version to 1.19.3 ( #3327 )
...
Signed-off-by: hagen1778 <roman@victoriametrics.com>
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-11-08 16:43:59 +01:00
Denys Holius
b4e6460d2f
.github/workflows/codeql-analysis.yml: specifically setting the Go version ( #3277 )
...
see https://github.com/github/codeql-action/issues/1059
2022-10-27 10:06:33 +02:00
Aliaksandr Valialkin
b47caa86db
all: update the minimum required Go verson from 1.19.1 to 1.19.2
...
This is needed because of security vulnerabilities found in Go 1.19.1
See https://go.dev/doc/devel/release#go1.19.2
2022-10-07 22:43:37 +03:00
Roman Khavronenko
efea51a9ee
bump Go version to 1.19.1 ( #3108 )
...
The reason is to cover vulnerability GO-2022-0969
Found in: net/http@go1.18.5
Fixed in: net/http@go1.19.1
More info: https://pkg.go.dev/vuln/GO-2022-0969
Signed-off-by: hagen1778 <roman@victoriametrics.com>
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-09-14 12:29:19 +02:00
Aliaksandr Valialkin
28b6dec1f4
.github/workflows/main.yml: stop setting GO111MODULE=on env var, since it is unnecessary in Go1.18 and newer versions
2022-09-08 18:41:56 +03:00
Aliaksandr Valialkin
7b8bc8ad59
all: bump the minimum supported version of Go from 1.17 to 1.18
...
This is needed because some dependencies uses generics, which have been appeared in Go1.18
This is a follow-up for caf3dd4fa2
2022-08-08 13:39:38 +03:00
Roman Khavronenko
caf3dd4fa2
workflows: bump go version ( #2955 )
...
Some new dependencies contain generics, so we bump go version for CI.
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-08-08 09:24:15 +02:00
Aliaksandr Valialkin
ed93330e66
all: follow-up for d99ba3481b
2022-07-13 16:44:39 +03:00
naveensrinivasan
cb1ded8d9f
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-17 17:04:04 +03:00
Dima Lazerka
60ad8c74bc
Add GitHub workflow for code scanning ( #2453 )
...
Add pre-generated workflow definition for GitHub's CodeQL code scanning.
2022-04-16 19:00:49 +03:00
Ted Robertson
5e9afcceaa
Fix typo in bug report template ( #2472 )
2022-04-16 13:19:36 +03:00
Roman Khavronenko
453df02e0a
github/dependabot.yml: disable versions update for vmui ( #2449 )
...
The change disables versions autopupdate for vmui package.
The change has no impact on security updates, which have a separate,
internal limit of ten open pull requests.
See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-04-12 14:26:14 +03:00
dependabot[bot]
d7f86f111b
build(deps): bump codecov/codecov-action from 2.1.0 to 3 ( #2407 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v2.1.0...v3 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-08 13:08:09 +03:00
Ted Robertson
fae2b36b58
Fix English in the bug report template ( #2413 )
2022-04-08 13:05:08 +03:00
Aliaksandr Valialkin
f6899cc289
Revert ".github/workflows: disable updating VictoriaMetrics wiki with docs"
...
This reverts commit 2ef3fabcb8
.
The reason: there are many links to https://github.com/VictoriaMetrics/VictoriaMetrics/wiki/ * all over the Internet.
This commit breaks such links :(
2022-01-28 11:43:06 +02:00
Aliaksandr Valialkin
2ef3fabcb8
.github/workflows: disable updating VictoriaMetrics wiki with docs
...
The https://github.com/VictoriaMetrics/VictoriaMetrics/wiki has been broken and unmaintained
after VictoriaMetrics documentation has been moved to https://docs.victoriametrics.com .
Let's remove the broken GitHub action, which tries keeping in sync VictoriaMetrics wiki at https://github.com/VictoriaMetrics/VictoriaMetrics/wiki .
2022-01-25 17:43:09 +02:00
Aliaksandr Valialkin
ced5f2e5e7
Revert "Add check-rebased Github action ( #2002 )"
...
This reverts commit 2104330d4c
.
This check doesn't work well for community pull requests, since third-party users
aren't motivated to rebase pull requests to branch head after they are created.
This check is useful for private repositories though.
2022-01-04 11:38:16 +02:00
Dima Lazerka
2104330d4c
Add check-rebased Github action ( #2002 )
...
It will prevent merging in a branch that's not based on its base branch HEAD, leading to streamlined history.
Note it will not prevent squash commits, nor commits directly to base branch.
2021-12-24 11:38:06 +03:00
Aliaksandr Valialkin
0f97c34204
Revert "Add .github/workflows/check-based-on-master ( #1991 )"
...
This reverts commit 06cf4e0f70
.
This break merge requests to non-master branches - see https://github.com/VictoriaMetrics/VictoriaMetrics/pull/1993#issuecomment-999403963
2021-12-22 11:18:11 +02:00
Dima Lazerka
06cf4e0f70
Add .github/workflows/check-based-on-master ( #1991 )
2021-12-21 20:27:41 +02:00
Roman Khavronenko
e5b451a66a
ci: bump go version to 1.17 ( #1895 )
...
The bump was required for `vmalert` package.
`vmalert` docs now also contain an updated description.
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2021-12-02 14:42:25 +02:00
Aliaksandr Valialkin
1ae7ca848c
.github/workflows/main.yml: checkout code before installing dependencies
...
Dependencies depend on Makefile rules from the code, so code checkout must run first
2021-10-26 22:08:58 +03:00
Aliaksandr Valialkin
c560a338e8
.github/workflows/main.yml: re-use makefile rules for installing goling, errcheck and golangci-lint
2021-10-26 21:26:39 +03:00
Denys Holius
d282a7593b
fixed wrong path for npm dependabot checks ( #1744 )
2021-10-26 11:04:32 +03:00
dependabot[bot]
bc2d05be8e
build(deps): bump codecov/codecov-action from 2.0.3 to 2.1.0 ( #1615 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.0.3 to 2.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.3...v2.1.0 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-14 12:23:01 +03:00
Aliaksandr Valialkin
ae90225b46
.github/dependabot.yml: increase check intervals for gomod and docker ecosystems from daily to weekly
...
Daily checks are too verbose and result into too many automatic pull requests and commits
2021-09-01 16:07:00 +03:00
dependabot[bot]
66626db92f
build(deps): bump codecov/codecov-action from 2.0.2 to 2.0.3 ( #1563 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.2...v2.0.3 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-25 13:40:21 +03:00
Artem Navoiev
64d64976e4
add dependency chekcs for ( #1535 )
...
- ruby (for docs)
- gomod for monorepo
- npm for vmui
- gomod go small webserver in vmui
2021-08-15 14:09:34 +03:00
dependabot[bot]
0ef150c14b
build(deps): bump codecov/codecov-action from 2.0.1 to 2.0.2
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.1...v2.0.2 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-07-26 20:42:21 +03:00
dependabot[bot]
bf25a256c5
build(deps): bump codecov/codecov-action from 1.5.2 to 2.0.1 ( #1468 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1.5.2 to 2.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v1.5.2...v2.0.1 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-23 12:01:52 +03:00
Aliaksandr Valialkin
2b0e3efa5c
.github/workflows/wiki.yml: properly copy subdirectories
2021-07-13 17:35:02 +03:00
Roman Khavronenko
bd6b8f7e31
move github-pages docs to the main repo ( #1432 )
...
* move github-pages docs to the main repo
* rm github actions for copying docs to VictoriaMetrics/VictoriaMetrics.github.io
2021-07-05 14:34:10 +03:00
dependabot[bot]
408fc90b40
build(deps): bump codecov/codecov-action from 1.5.0 to 1.5.2 ( #1362 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v1.5.0...v1.5.2 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-09 12:16:46 +03:00
Roman Khavronenko
7ecaa2fe2c
update the issue template ( #1329 )
...
The main changes are:
* ask for Grafana's dashboard screenshots;
* ask only for non-default cmd-line flags;
* explicitly ask about logs;
2021-05-26 12:26:45 +03:00
Aliaksandr Valialkin
3fb3ce2a6d
Revert ".github/dependabot.yml: remove automated dependency version checks"
...
This reverts commit 5b986c95dd
.
This check verifies only dependencies needed for github-actions. This is OK.
2021-05-10 12:05:09 +03:00
Aliaksandr Valialkin
8b65920a8b
Add make check-licenses
rule for the ability to manually check licenses in vendored dependencies
...
This is a follow-up for c687536956
2021-05-10 11:54:43 +03:00
Aliaksandr Valialkin
5b986c95dd
.github/dependabot.yml: remove automated dependency version checks
...
Dependency updates must be under manual control, since the resulting code diffs must be reviewed manually for the sake of security.
It is done with `make vendor-update` now.
2021-05-10 11:41:23 +03:00
Artem Navoiev
c687536956
Add vendor license checker, update codecov action, add dependbot for … ( #1280 )
...
* Add vendor license checker, update codecov action, add dependbot for github actions
* update gitingore, temprorary turn on check
* fix action name
* change action rules to trigger only when vendor changes
* remove obsolete line from main action
2021-05-10 11:38:56 +03:00
Aliaksandr Valialkin
6bc52fe41a
all: rename https://victoriametrics.github.io to https://docs.victoriametrics.com
2021-04-20 20:16:17 +03:00
Aliaksandr Valialkin
90bba22c25
.github/workflows: remove CODECOV_TOKEN
2021-04-19 11:11:14 +03:00
ArtemVoitsekhovskyi
403a7b4a1f
Grammar-correction ( #1210 )
2021-04-14 12:45:22 +03:00
Aliaksandr Valialkin
3792ea4065
.github/workflows/main.yml: update Go version from v1.15 to v1.16
2021-03-01 12:14:20 +02:00
Aliaksandr Valialkin
7cc3d96a41
lib/fs: follow-up after f3a03c4164
2021-02-27 01:01:47 +02:00
Aliaksandr Valialkin
d5c180e680
app/vmctl: move vmctl code from github.com/VictoriaMetrics/vmctl
...
It is better developing vmctl tool in VictoriaMetrics repository, so it could be released
together with the rest of vmutils tools such as vmalert, vmagent, vmbackup, vmrestore and vmauth.
2021-02-01 01:10:20 +02:00
Aliaksandr Valialkin
b9913e151a
.github/workflows/main.yml: fall back to go get
instead of go install
for installing aux tools
...
It is unclear why `go install` doesn't work in Github Actions. Needs additional investigation.
The following error is returned now:
cannot find package "golang.org/x/lint/golint" in any of:
/opt/hostedtoolcache/go/1.15.5/x64/src/golang.org/x/lint/golint (from $GOROOT)
/home/runner/go/src/golang.org/x/lint/golint (from $GOPATH)
2020-12-15 14:17:52 +02:00
Aliaksandr Valialkin
149511f5e9
Do not set GO111MODULE=off
during go install
, since this doesnt work in Go1.14 and Go1.15
2020-12-15 13:13:46 +02:00
Aliaksandr Valialkin
4e48067133
.github/workflows/main.yml: set GO111MODULE=off when installing auxiliary tools via go install
2020-12-15 01:03:11 +02:00
Aliaksandr Valialkin
0b2726c3be
all: use go install
instead of go get
for installing auxiliary tools
...
This is a preparation for Go 1.16, which deprecates `go get` for installing binaries.
See https://tip.golang.org/doc/go1.16#go-command :
go install, with or without a version suffix (as described above), is now the recommended way
to build and install packages in module mode. go get should be used with the -d flag to adjust
the current module's dependencies without building packages, and use of go get to build and install
packages is deprecated. In a future release, the -d flag will always be enabled.
2020-12-14 20:07:50 +02:00
Aliaksandr Valialkin
ae10ff8ccd
.github/ISSUE_TEMPLATE/bug_report.md: add a link to upgrade procedure
2020-12-11 22:09:35 +02:00