Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: 0.11.2 #369

Merged
merged 2 commits into from
Apr 18, 2024
Merged

Release: 0.11.2 #369

merged 2 commits into from
Apr 18, 2024

Conversation

sgammon
Copy link
Owner

@sgammon sgammon commented Apr 18, 2024
edited
Loading

Summary

Preps release 0.11.2.

General Notes

Prepares release 0.11.2 of the GraalVM Rules for Bazel. This release updates GraalVM to the latest release version, 22.0.1 (SDK version 24.0.1).

Released PRs

Dependency updates

Changelog

  • fix: token for scorecard workflow
  • chore: bump version for module
  • chore: update readme version info
  • chore: issue release tarballs, sign, upload to sigstore

@sgammon sgammon added the release Package/rules release label Apr 18, 2024
@sgammon sgammon added this to the 1.0.0 milestone Apr 18, 2024
@sgammon sgammon requested a review from darvld April 18, 2024 22:33
@sgammon sgammon self-assigned this Apr 18, 2024
@sgammon

This comment was marked as outdated.

Sign in to view
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 18, 2024
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 11 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: The number of snapshots compared for the base SHA (0) and the head SHA (1) do not match. You may see unexpected additions in the diff.
Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

PackageVersionLicenseIssue Type
org.graalvm.compiler:compiler24.0.1NullUnknown License
org.graalvm.nativeimage:native-image-base24.0.1NullUnknown License
org.graalvm.nativeimage:objectfile24.0.1NullUnknown License
org.graalvm.nativeimage:pointsto24.0.1NullUnknown License
org.graalvm.nativeimage:svm24.0.1NullUnknown License
org.graalvm.polyglot:polyglot24.0.1NullUnknown License
org.graalvm.sdk:collections24.0.1NullUnknown License
org.graalvm.sdk:graal-sdk24.0.1NullUnknown License
org.graalvm.sdk:nativeimage24.0.1NullUnknown License
org.graalvm.sdk:word24.0.1NullUnknown License
org.graalvm.truffle:truffle-compiler24.0.1NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
maven/org.graalvm.compiler:compiler 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.nativeimage:native-image-base 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.nativeimage:objectfile 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.nativeimage:pointsto 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.nativeimage:svm 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.polyglot:polyglot 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.sdk:collections 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.sdk:graal-sdk 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.sdk:nativeimage 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.sdk:word 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
maven/org.graalvm.truffle:truffle-compiler 24.0.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

pom.xml
  • org.graalvm.compiler:compiler@24.0.1
  • org.graalvm.nativeimage:native-image-base@24.0.1
  • org.graalvm.nativeimage:objectfile@24.0.1
  • org.graalvm.nativeimage:pointsto@24.0.1
  • org.graalvm.nativeimage:svm@24.0.1
  • org.graalvm.polyglot:polyglot@24.0.1
  • org.graalvm.sdk:collections@24.0.1
  • org.graalvm.sdk:graal-sdk@24.0.1
  • org.graalvm.sdk:nativeimage@24.0.1
  • org.graalvm.sdk:word@24.0.1
  • org.graalvm.truffle:truffle-compiler@24.0.1

darvld
darvld reviewed Apr 18, 2024
View reviewed changes
docs/index.md Outdated Show resolved Hide resolved
@sgammon
chore: prep release → 0.11.2
7c53c1a 
- chore: bump version for module
- chore: update readme version info
- chore: issue release tarballs, sign, upload to sigstore
- chore: drop tests and other irrelevant material from release

Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
chore: update release hashes
cd0b0db 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Apr 18, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@sgammon sgammon requested a review from darvld April 18, 2024 23:03
@sgammon sgammon merged commit 629ebb1 into main Apr 18, 2024
84 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darvld darvld darvld approved these changes

Assignees

@sgammon sgammon

Labels
release Package/rules release
Projects
GraalVM Rules for Bazel
Status: Done
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@sgammon @darvld