Matthias Rampke
9ad799e0b1
repo sync: allow manual triggering
...
Add a [workflow dispatch](https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#workflow_dispatch )
trigger to allow [manual triggering](https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow )
of the repo sync workflow.
I am often behind on merging the repo sync PRs. The script does not update them,
and I don't have the nerve right now to figure _that_ out. As a workaround, it
would be useful to trigger it manually after merging the outstanding ones, so I
can get a fresh round on the same day.
Signed-off-by: Matthias Rampke <matthias@prometheus.io >
2025-08-01 22:24:03 +02:00
Piotr
be46837c12
fix memory corruption in labels when scraping with protbuf
...
Signed-off-by: Piotr <17101802+thampiotr@users.noreply.github.com >
2025-07-30 11:22:59 +01:00
Piotr
0b3ed4020c
reproduce decoder labels memory corruption
...
Signed-off-by: Piotr <17101802+thampiotr@users.noreply.github.com >
2025-07-29 17:22:04 +01:00
dependabot[bot]
74ec898bec
chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 ( #16677 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.4.1 to 2.4.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](f49aabe0b5...05b42c6244support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-11 11:57:05 +02:00
dependabot[bot]
489c22d5b6
chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0 ( #16678 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.4.0 to 5.5.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](0aaccfd150...d35c59abb0support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-11 11:56:37 +02:00
github-actions[bot]
dcdba5fc96
Merge pull request #16676 from prometheus/dependabot/github_actions/dependabot/fetch-metadata-2.4.0
...
chore(deps): bump dependabot/fetch-metadata from 2.3.0 to 2.4.0
2025-07-11 11:56:20 +02:00
github-actions[bot]
6a6682cec0
Merge pull request #16810 from prometheus/dependabot/github_actions/github/codeql-action-3.29.2
...
build(deps): bump github/codeql-action from 3.28.16 to 3.29.2
2025-07-11 11:55:29 +02:00
dependabot[bot]
07028d3cd5
chore(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 ( #16674 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](1481404843...4afd733a84support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-11 11:55:00 +02:00
Cristian Greco
3a5db2d442
ci: address golangci-lint issue with persist-credentials ( #16861 )
...
* ci: address golangci-lint issue with persist-credentials
Fixes the following zizmor warning:
```
warning[artipacked]: credential persistence through GitHub Actions artifacts
--> scripts/golangci-lint.yml:26:9
|
26 | - name: Checkout repository
| _________-
27 | | uses: actions/checkout@11bd71901b # v4.2.2
28 | | # with:
29 | | # persist-credentials: false
| |______________________________________- does not set persist-credentials: false
```
All other actions have been fixed in https://github.com/prometheus/prometheus/pull/16530
Credit to @jharvey10 who also addressed this particular issue in
a5bf67d897cristian@regolo.cc >
* update golangci-lint to v2.2.1
Signed-off-by: Cristian Greco <cristian@regolo.cc >
---------
Signed-off-by: Cristian Greco <cristian@regolo.cc >
2025-07-11 11:53:32 +02:00
dependabot[bot]
5ca501e648
build(deps): bump github/codeql-action from 3.28.16 to 3.29.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.16 to 3.29.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28deaeda66...181d5eefc2support@github.com >
2025-07-01 23:20:21 +00:00
dependabot[bot]
3111370d35
chore(deps): bump dependabot/fetch-metadata from 2.3.0 to 2.4.0
...
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases )
- [Commits](d7267f607e...08eff52bf6support@github.com >
2025-06-02 00:17:27 +00:00
Ayoub Mrini
44f78bb3c8
Merge pull request #16623 from machine424/reprep
...
fix: add reproducer for a dangling-reference issue in parsers and fix
2025-05-27 05:24:48 +02:00
Joe Harvey
79c9e9348f
ci: address zizmor gh action vulnerabilities ( #16530 )
...
* ci: address zizmor gh action vulnerabilities
---------
Signed-off-by: Joe Harvey <51208233+jharvey10@users.noreply.github.com >
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-05-26 15:38:09 +00:00
machine424
2bfbd8a714
fix: add reproducer for a dangling-reference issue in parsers
...
Signed-off-by: machine424 <ayoubmrini424@gmail.com >
2025-05-22 17:22:51 +02:00
Ayoub Mrini
2edc3ed6c5
feat(tsdb): introduce --use-uncached-io feature flag and allow using it for chunks writing ( #15365 )
...
Signed-off-by: machine424 <ayoubmrini424@gmail.com >
Signed-off-by: Ayoub Mrini <ayoubmrini424@gmail.com >
2025-05-21 14:42:30 +02:00
dependabot[bot]
c3ce1f1927
chore(deps): bump actions/setup-node from 4.3.0 to 4.4.0 ( #16533 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](cdca7365b2...49933ea528support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-04 11:50:04 +02:00
github-actions[bot]
504a130722
Merge pull request #16535 from prometheus/dependabot/github_actions/github/codeql-action-3.28.16
...
chore(deps): bump github/codeql-action from 3.28.13 to 3.28.16
2025-05-04 11:21:45 +02:00
Matthieu MOREL
9d7a37ae18
Bump golangci-lint to v2.1.5 ( #16545 )
...
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com >
2025-05-04 11:17:22 +02:00
Bryan Boreham
ca416c580c
Merge branch 'main' into slicelabels
...
Signed-off-by: Bryan Boreham <bjboreham@gmail.com >
2025-05-02 10:31:57 +01:00
dependabot[bot]
9dcc160049
chore(deps): bump github/codeql-action from 3.28.13 to 3.28.16
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.13 to 3.28.16.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b549b9259...28deaeda66support@github.com >
2025-05-02 00:14:05 +00:00
machine424
37000f6f3d
chore: sync golang versions
...
use 1.24 as intended in https://github.com/prometheus/prometheus/pull/16180
Signed-off-by: machine424 <ayoubmrini424@gmail.com >
2025-04-17 15:40:13 +02:00
github-actions[bot]
917a26ce97
Merge pull request #16384 from prometheus/dependabot/github_actions/github/codeql-action-3.28.13
...
chore(deps): bump github/codeql-action from 3.28.12 to 3.28.13
2025-04-17 13:05:30 +02:00
Lukasz Mierzwa
bb76966992
Use stringlabels by default
...
This removes the stringlabels build tag, makes that implementation the default one, and moves the old labels implementation under the slicelabels build tag.
Fixes #16064 .
Signed-off-by: Lukasz Mierzwa <l.mierzwa@gmail.com >
2025-04-15 17:52:24 +01:00
Matthieu MOREL
08aa5e3f97
ci: update golangci-lint to v2.0.2 and adjust configuration ( #16356 )
...
* ci: update golangci-lint to v2.0.2 and adjust configuration
---------
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com >
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com >
2025-04-02 13:05:30 +02:00
dependabot[bot]
b76e49d1c1
chore(deps): bump github/codeql-action from 3.28.12 to 3.28.13
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.12 to 3.28.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5f8171a638...1b549b9259support@github.com >
2025-04-02 00:05:16 +00:00
dependabot[bot]
6e508f8553
chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f111f3307d...0aaccfd150support@github.com >
2025-03-27 21:07:19 +00:00
github-actions[bot]
38fe7f463a
Merge pull request #16310 from prometheus/dependabot/github_actions/actions/upload-artifact-4.6.2
...
chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2
2025-03-27 21:49:28 +01:00
dependabot[bot]
8d980bf747
chore(deps): bump actions/setup-node from 4.2.0 to 4.3.0
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](1d0ff469b7...cdca7365b2support@github.com >
2025-03-24 09:56:09 +00:00
dependabot[bot]
c7f4e41e79
chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.6.1 to 4.6.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](4cec3d8aa0...ea165f8d65support@github.com >
2025-03-24 09:56:06 +00:00
Julius Volz
475092ff79
Remove dependabot configs for npm-based dependencies ( #16307 )
...
This is just IMO, but getting my inbox flooded every month with hundreds of
dependabot PRs is annoying, even if I don't end up handling most of them myself
(thanks to others who do!). And then philosophically, I don't know if this is
even the right approach. I don't think that whoever merges these PRs actually
has the capacity or the knowledge to check that everything is still working as
expected. Often subtle things can break after package updates, like a class
name from an npm package not fitting to a style definition in our code anymore
(as happened once with e.g. codemirror in the past, and nobody noticed when
merging, and that bug is still present in Thanos' port of our UI). And you
can't look in detail at the UI for every little PR that dependabot sends.
Node module dependencies are inherently very noisy because there are so many of
them, but I think a better approach would be to update them maybe once or twice
a year (or whenever really needed), with all deps updated together, at a time
when a maintainer has the time to really look at things carefully, and then do
a comprehensive manual check of the UI to see that everything is still behaving
as before.
Signed-off-by: Julius Volz <julius.volz@gmail.com >
2025-03-24 10:55:01 +01:00
dependabot[bot]
dc82666ed4
chore(deps): bump prometheus/promci from 0.4.6 to 0.4.7 ( #16262 )
...
Bumps [prometheus/promci](https://github.com/prometheus/promci ) from 0.4.6 to 0.4.7.
- [Release notes](https://github.com/prometheus/promci/releases )
- [Commits](c3c93a50d5...443c7fc239support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-22 18:40:11 +01:00
dependabot[bot]
e375e7c84d
chore(deps): bump github/codeql-action from 3.28.10 to 3.28.12 ( #16260 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.10 to 3.28.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b56ba49b26...5f8171a638support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-22 18:40:03 +01:00
dependabot[bot]
b71ad4f6b7
chore(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.2
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 6.5.0 to 6.5.2.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](2226d7cb06...55c2c1448fsupport@github.com >
2025-03-22 16:51:17 +00:00
github-actions[bot]
9b6c8a9ea3
Merge pull request #16259 from prometheus/dependabot/github_actions/actions/cache-4.2.3
...
chore(deps): bump actions/cache from 4.2.2 to 4.2.3
2025-03-22 17:50:28 +01:00
dependabot[bot]
6d45ea4e5b
chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](62b2cac7ed...f49aabe0b5support@github.com >
2025-03-22 13:04:10 +00:00
dependabot[bot]
43b0eac343
chore(deps): bump actions/cache from 4.2.2 to 4.2.3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.2 to 4.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](d4323d4df1...5a3ec84effsupport@github.com >
2025-03-22 13:04:00 +00:00
Matthieu MOREL
64905156f4
chore: use directories to simplify dependabot config ( #16241 )
...
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com >
2025-03-22 14:03:17 +01:00
zhengkezhou1
1b92962484
ci: attempt to run Go tests on Windows
...
Signed-off-by: zhengkezhou1 <madzhou1@gmail.com >
2025-03-10 23:17:46 +08:00
dependabot[bot]
de784ce6e0
chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 ( #16129 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](65c4c4a1dd...4cec3d8aa0support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-07 15:05:03 +01:00
dependabot[bot]
71cb219eb6
chore(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.5.0 ( #16124 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 6.2.0 to 6.5.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](ec5d18412c...2226d7cb06support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-07 13:38:20 +01:00
dependabot[bot]
3de752572e
chore(deps): bump actions/cache from 4.2.0 to 4.2.2 ( #16128 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.0 to 4.2.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](1bd1e32a3b...d4323d4df1support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-07 13:36:53 +01:00
dependabot[bot]
a1430c9766
chore(deps): bump actions/setup-node from 4.1.0 to 4.2.0 ( #16130 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](39370e3970...1d0ff469b7support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-07 13:36:43 +01:00
github-actions[bot]
c4a26a8868
Merge pull request #16126 from prometheus/dependabot/github_actions/github/codeql-action-3.28.10
...
chore(deps): bump github/codeql-action from 3.28.8 to 3.28.10
2025-03-07 12:36:06 +00:00
Arve Knudsen
f2d8af008d
Fix testing of previous Go version
...
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2025-03-07 11:47:33 +01:00
Arve Knudsen
56929ffa42
Upgrade to Go v1.24 ( #16180 )
...
* Upgrade to Go v1.24
* Upgrade golangci-lint
---------
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2025-03-07 11:28:26 +01:00
dependabot[bot]
62715de317
chore(deps): bump github/codeql-action from 3.28.8 to 3.28.10
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.8 to 3.28.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](dd746615b3...b56ba49b26support@github.com >
2025-03-01 23:48:01 +00:00
Jan Fajerski
d5b18be9e2
ci: fix build-all status trigger to contain always
...
Otherwise a failure in the dependent job skips the status job, which is
treated as success.
Signed-off-by: Jan Fajerski <jfajersk@redhat.com >
2025-02-20 11:41:24 +01:00
Bartlomiej Plotka
8fe24ced82
ci: Add GH action that clicks "enable auto-merge" on dependabot PRs ( #15967 )
...
This will merge on green all non-conflicting dependabot PRs.
Signed-off-by: bwplotka <bwplotka@gmail.com >
2025-02-12 16:51:40 +00:00
Bartlomiej Plotka
8baad1a73e
Bump promci to latest to avoid deprecated actions/cache CI issue. ( #16013 )
...
Current main is broken due to:
```
Error: This request has been automatically failed because it uses a deprecated version of `actions/cache: 0c45773b623bea8c8e75f6c82b208c3cf94ea4f9`. Please update your workflow to use v3/v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down
```
This is odd given `actions/cache: 0c45773b623bea8c8e75f6c82b208c3cf94ea4f9` has a comment of v4.0.2 (so not v1 and v2), trying 4.1.0.
https://github.com/prometheus/prometheus/actions/runs/13267052807/job/37037025130?pr=16011
Signed-off-by: bwplotka <bwplotka@gmail.com >
2025-02-11 18:09:21 +00:00
dependabot[bot]
9c5fd0b9fb
chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 ( #15957 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.2.0 to 5.3.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](3041bf56c9...f111f3307dsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-07 19:10:17 +00:00
