-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: update to upstream 2.4.0 #236
Commits on Feb 22, 2024
-
fix 'go vet -tags e2e ./...' (sigstore#3550)
* fix 'go vet -tags e2e ./...' Signed-off-by: Dmitry S <[email protected]> * fix typo in 'concatenating' Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d96e379 - Browse repository at this point
Copy the full SHA d96e379View commit details
Commits on Feb 26, 2024
-
chore(deps): bump github.com/xanzy/go-gitlab from 0.97.0 to 0.98.0 (s…
…igstore#3556) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.97.0 to 0.98.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.97.0...v0.98.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for fb70b8e - Browse repository at this point
Copy the full SHA fb70b8eView commit details -
chore(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 (sigs…
…tore#3557) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.165.0 to 0.167.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.165.0...v0.167.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for c061e87 - Browse repository at this point
Copy the full SHA c061e87View commit details
Commits on Feb 27, 2024
-
remove unused rootPool var (sigstore#3559)
Signed-off-by: Dmitry S <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5923d9b - Browse repository at this point
Copy the full SHA 5923d9bView commit details
Commits on Feb 28, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 86921c7 - Browse repository at this point
Copy the full SHA 86921c7View commit details -
Correct help text of triangulate cmd (sigstore#3551)
Signed-off-by: michaelvl <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 40dd4c3 - Browse repository at this point
Copy the full SHA 40dd4c3View commit details -
chore(deps): bump imranismail/setup-kustomize from a76db1c6419124d514…
…70b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198 (sigstore#3554) * chore(deps): bump imranismail/setup-kustomize Bumps [imranismail/setup-kustomize](https://github.com/imranismail/setup-kustomize) from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198. - [Release notes](https://github.com/imranismail/setup-kustomize/releases) - [Commits](imranismail/setup-kustomize@a76db1c...f6959cf) --- updated-dependencies: - dependency-name: imranismail/setup-kustomize dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Update kind-e2e-insecure-registry.yaml Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8dcaf2c - Browse repository at this point
Copy the full SHA 8dcaf2cView commit details
Commits on Feb 29, 2024
-
chore(deps): bump the actions group with 3 updates (sigstore#3564)
Bumps the actions group with 3 updates: [google-github-actions/auth](https://github.com/google-github-actions/auth), [mikefarah/yq](https://github.com/mikefarah/yq) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `google-github-actions/auth` from 2.1.1 to 2.1.2 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@a6e2e39...55bd3a7) Updates `mikefarah/yq` from 4.41.1 to 4.42.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@0476945...9adde1a) Updates `codecov/codecov-action` from 4.0.1 to 4.1.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@e0b68c6...54bcd87) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for a4da0c2 - Browse repository at this point
Copy the full SHA a4da0c2View commit details
Commits on Mar 3, 2024
-
Update builder image, cosign image, golangci-lint (sigstore#3565)
* update cosign and builder image Signed-off-by: cpanato <[email protected]> * update golangci-lint to v1.56 Signed-off-by: cpanato <[email protected]> * update go.mod in fakeoidc Signed-off-by: cpanato <[email protected]> * fix lints Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: cpanato <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7a2d50b - Browse repository at this point
Copy the full SHA 7a2d50bView commit details
Commits on Mar 4, 2024
-
chore(deps): bump the actions group with 1 update (sigstore#3576)
Bumps the actions group with 1 update: [actions/cache](https://github.com/actions/cache). Updates `actions/cache` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@13aacd8...ab5e6d0) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 9a9c6cb - Browse repository at this point
Copy the full SHA 9a9c6cbView commit details -
chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.6…
…2.0 (sigstore#3575) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.61.0 to 0.62.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.61.0...v0.62.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 5019cc4 - Browse repository at this point
Copy the full SHA 5019cc4View commit details -
chore(deps): bump the gomod group with 5 updates (sigstore#3574)
Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.27.1` | `0.27.2` | | [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) | `0.22.0` | `0.22.2` | | [github.com/go-openapi/swag](https://github.com/go-openapi/swag) | `0.22.9` | `0.22.10` | | [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.4.3` | `1.4.4` | | [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.8.4` | `1.9.0` | Updates `github.com/go-openapi/runtime` from 0.27.1 to 0.27.2 - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.27.1...v0.27.2) Updates `github.com/go-openapi/strfmt` from 0.22.0 to 0.22.2 - [Commits](go-openapi/strfmt@v0.22.0...v0.22.2) Updates `github.com/go-openapi/swag` from 0.22.9 to 0.22.10 - [Commits](go-openapi/swag@v0.22.9...v0.22.10) Updates `github.com/sigstore/fulcio` from 1.4.3 to 1.4.4 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.4.3...v1.4.4) Updates `github.com/stretchr/testify` from 1.8.4 to 1.9.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/strfmt dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/swag dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for d38d339 - Browse repository at this point
Copy the full SHA d38d339View commit details
Commits on Mar 7, 2024
-
free up disk space during e2e test runs (sigstore#3579)
Signed-off-by: Bob Callaway <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fb488d7 - Browse repository at this point
Copy the full SHA fb488d7View commit details -
Honor creation timestamp for signatures again (sigstore#3549)
* Honor creation timestamp for signatures again Signed-off-by: ttrabelsi <[email protected]> * setting creation timestamp behind a feature flag to preserve current behavior Signed-off-by: Tobias Trabelsi <[email protected]> * review feedback Signed-off-by: Tobias Trabelsi <[email protected]> * additional review feedback Signed-off-by: Tobias Trabelsi <[email protected]> --------- Signed-off-by: ttrabelsi <[email protected]> Signed-off-by: Tobias Trabelsi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cb01516 - Browse repository at this point
Copy the full SHA cb01516View commit details -
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 (s…
…igstore#3582) Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md) - [Commits](go-jose/go-jose@v3.0.2...v3.0.3) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 4574cd2 - Browse repository at this point
Copy the full SHA 4574cd2View commit details -
chore(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 (si…
…gstore#3581) Bumps gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3. --- updated-dependencies: - dependency-name: gopkg.in/go-jose/go-jose.v2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 6ee5a9c - Browse repository at this point
Copy the full SHA 6ee5a9cView commit details
Commits on Mar 8, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 16a3dda - Browse repository at this point
Copy the full SHA 16a3ddaView commit details
Commits on Mar 11, 2024
-
Clean up READMEs (sigstore#3587)
Remove deprecated markdown files with only links to docs.sigstore.dev, clean up outdated data in README, remove FEATURES which is outdated Signed-off-by: Hayden B <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8ba9a5e - Browse repository at this point
Copy the full SHA 8ba9a5eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0506a69 - Browse repository at this point
Copy the full SHA 0506a69View commit details -
Configuration menu - View commit details
-
Copy full SHA for cdbb891 - Browse repository at this point
Copy the full SHA cdbb891View commit details -
Configuration menu - View commit details
-
Copy full SHA for 693db70 - Browse repository at this point
Copy the full SHA 693db70View commit details -
Update README for contributions (sigstore#3596)
Encourage development on sigstore-go, which is the focus currently. Signed-off-by: Hayden B <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d8a6af9 - Browse repository at this point
Copy the full SHA d8a6af9View commit details -
chore(deps): bump github.com/go-openapi/runtime from 0.27.2 to 0.28.0 (…
…sigstore#3595) Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.27.2 to 0.28.0. - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.27.2...v0.28.0) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 2a96f4c - Browse repository at this point
Copy the full SHA 2a96f4cView commit details -
chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (sigstore…
…#3591) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0. - [Commits](golang/oauth2@v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for b20ff08 - Browse repository at this point
Copy the full SHA b20ff08View commit details -
chore(deps): bump google.golang.org/api from 0.167.0 to 0.169.0 (sigs…
…tore#3594) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.167.0 to 0.169.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.167.0...v0.169.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for b551637 - Browse repository at this point
Copy the full SHA b551637View commit details
Commits on Mar 12, 2024
-
Adds Support for Fulcio Client Credentials Flow, and Argument to Set …
…Flow Explicitly (sigstore#3578) * add fulcio oauth flow client credentials Signed-off-by: Noah Kreiger <[email protected]> * fix docgen Signed-off-by: Noah Kreiger <[email protected]> * add options Signed-off-by: Noah Kreiger <[email protected]> --------- Signed-off-by: Noah Kreiger <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5d60a9a - Browse repository at this point
Copy the full SHA 5d60a9aView commit details
Commits on Mar 19, 2024
-
Update the script for working with blobs (sigstore#3610)
The demo script for working with blobs was inaccurate in its current representation. I updated the commands such that they can be easily copied and pasted to get the shown output. Signed-off-by: arewm <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3065e53 - Browse repository at this point
Copy the full SHA 3065e53View commit details -
chore(deps): bump the actions group with 1 update (sigstore#3607)
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...9bb5618) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 0037808 - Browse repository at this point
Copy the full SHA 0037808View commit details -
chore(deps): bump cuelang.org/go from 0.7.1 to 0.8.0 (sigstore#3606)
Bumps cuelang.org/go from 0.7.1 to 0.8.0. --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for aab1b8f - Browse repository at this point
Copy the full SHA aab1b8fView commit details -
chore(deps): bump google.golang.org/api from 0.169.0 to 0.170.0 (sigs…
…tore#3605) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.169.0 to 0.170.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.169.0...v0.170.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 9081f20 - Browse repository at this point
Copy the full SHA 9081f20View commit details -
chore(deps): bump the gomod group with 1 update (sigstore#3603)
Bumps the gomod group with 1 update: [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry). Updates `github.com/google/go-containerregistry` from 0.19.0 to 0.19.1 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.19.0...v0.19.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for fb18bba - Browse repository at this point
Copy the full SHA fb18bbaView commit details
Commits on Mar 21, 2024
-
chore(deps): bump github.com/docker/docker (sigstore#3612)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 24.0.9+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v24.0.7...v24.0.9) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 887f36b - Browse repository at this point
Copy the full SHA 887f36bView commit details -
Put secrets on github organizations (sigstore#3567)
* support for github org secrets Signed-off-by: Marlon Pina Tojal <[email protected]> --------- Signed-off-by: Marlon Pina Tojal <[email protected]> Co-authored-by: Marlon Pina Tojal <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1ea2154 - Browse repository at this point
Copy the full SHA 1ea2154View commit details
Commits on Mar 22, 2024
-
Update CHANGELOG for v1.13.6 (sigstore#3618)
* Update CHANGELOG for v1.13.5 Signed-off-by: Hayden B <[email protected]> * Bump release Signed-off-by: Hayden B <[email protected]> --------- Signed-off-by: Hayden B <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7d56594 - Browse repository at this point
Copy the full SHA 7d56594View commit details
Commits on Mar 25, 2024
-
chore(deps): bump the actions group with 2 updates (sigstore#3623)
Bumps the actions group with 2 updates: [actions/cache](https://github.com/actions/cache) and [mikefarah/yq](https://github.com/mikefarah/yq). Updates `actions/cache` from 4.0.1 to 4.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@ab5e6d0...0c45773) Updates `mikefarah/yq` from 4.42.1 to 4.43.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@9adde1a...c35ec75) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 45ebf49 - Browse repository at this point
Copy the full SHA 45ebf49View commit details -
chore(deps): bump github.com/xanzy/go-gitlab from 0.100.0 to 0.101.0 (s…
…igstore#3624) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.100.0 to 0.101.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.100.0...v0.101.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for c18b043 - Browse repository at this point
Copy the full SHA c18b043View commit details -
chore(deps): bump google.golang.org/api from 0.170.0 to 0.171.0 (sigs…
…tore#3626) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.170.0 to 0.171.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.170.0...v0.171.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 45f626a - Browse repository at this point
Copy the full SHA 45f626aView commit details
Commits on Mar 26, 2024
-
chore(deps): bump go.step.sm/crypto from 0.43.1 to 0.44.1 (sigstore#3625
) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.43.1 to 0.44.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.43.1...v0.44.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for ba9898c - Browse repository at this point
Copy the full SHA ba9898cView commit details
Commits on Mar 29, 2024
-
Clean up and clarify e2e scripts (sigstore#3628)
* Add comment to test/piv_test.go Since f6d8481 it's not clear what this file is for, as it's not run in CI. Add a link to the docs that reference it to make it clear this is still needed. Signed-off-by: Colleen Murphy <[email protected]> * Clean up unused test script e2e_test_secrets.sh is no longer called from CI as of f633221. It's objective is largely redundant with tests already in e2e_test.go, so just remove it. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for abfd1cd - Browse repository at this point
Copy the full SHA abfd1cdView commit details
Commits on Mar 31, 2024
-
Remove cross.yaml workflow (sigstore#3629)
The artifacts uploaded by cross.yaml are not used anywhere. Moreover, the ability to build on all three platforms and use the resulting binary is already tested in e2e-with-binary.yml. This change removes the workflow for the sake of decluttering the workflows and reducing our use of GitHub storage. Signed-off-by: Colleen Murphy <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4824d6c - Browse repository at this point
Copy the full SHA 4824d6cView commit details
Commits on Apr 1, 2024
-
chore(deps): bump the gomod group with 6 updates (sigstore#3633)
Bumps the gomod group with 6 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [go.step.sm/crypto](https://github.com/smallstep/crypto) | `0.44.1` | `0.44.2` | Updates `github.com/sigstore/sigstore` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) Updates `go.step.sm/crypto` from 0.44.1 to 0.44.2 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.44.1...v0.44.2) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for fe51982 - Browse repository at this point
Copy the full SHA fe51982View commit details -
chore(deps): bump google.golang.org/api from 0.171.0 to 0.172.0 (sigs…
…tore#3635) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.171.0 to 0.172.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.171.0...v0.172.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 52233da - Browse repository at this point
Copy the full SHA 52233daView commit details -
chore(deps): bump github.com/open-policy-agent/opa from 0.62.1 to 0.6…
…3.0 (sigstore#3636) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.62.1 to 0.63.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.62.1...v0.63.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for d55b6f2 - Browse repository at this point
Copy the full SHA d55b6f2View commit details
Commits on Apr 2, 2024
-
chore(deps): bump the actions group with 1 update (sigstore#3637)
Bumps the actions group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@54bcd87...c16abc2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 700da0a - Browse repository at this point
Copy the full SHA 700da0aView commit details
Commits on Apr 3, 2024
-
feat: add OVHcloud MPR registry tested with cosign (sigstore#3639)
Signed-off-by: Aurelie Vache <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6206f5a - Browse repository at this point
Copy the full SHA 6206f5aView commit details
Commits on Apr 4, 2024
-
Fixing issue 3642 (sigstore#3643)
Signed-off-by: Mukuls77 <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7001e82 - Browse repository at this point
Copy the full SHA 7001e82View commit details -
Configuration menu - View commit details
-
Copy full SHA for fa504b4 - Browse repository at this point
Copy the full SHA fa504b4View commit details
Commits on Apr 5, 2024
-
add oci bundle spec (sigstore#3622)
* add oci bundle spec Signed-off-by: Brian DeHamer <[email protected]> * clarify annotation scheme Signed-off-by: Brian DeHamer <[email protected]> * add signer annotation Signed-off-by: Brian DeHamer <[email protected]> * update bundle media type Signed-off-by: Brian DeHamer <[email protected]> * remove reference to signer annotation Signed-off-by: Brian DeHamer <[email protected]> --------- Signed-off-by: Brian DeHamer <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3c8170a - Browse repository at this point
Copy the full SHA 3c8170aView commit details
Commits on Apr 8, 2024
-
chore(deps): bump the actions group with 2 updates (sigstore#3647)
Bumps the actions group with 2 updates: [cpanato/vault-installer](https://github.com/cpanato/vault-installer) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `cpanato/vault-installer` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/cpanato/vault-installer/releases) - [Commits](cpanato/vault-installer@478a771...df0775e) Updates `codecov/codecov-action` from 4.1.1 to 4.2.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@c16abc2...7afa10e) --- updated-dependencies: - dependency-name: cpanato/vault-installer dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for f7d867b - Browse repository at this point
Copy the full SHA f7d867bView commit details -
chore(deps): bump the gomod group with 3 updates (sigstore#3648)
Bumps the gomod group with 3 updates: cuelang.org/go, [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) and [github.com/sigstore/rekor](https://github.com/sigstore/rekor). Updates `cuelang.org/go` from 0.8.0 to 0.8.1 Updates `github.com/sigstore/fulcio` from 1.4.4 to 1.4.5 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.4.4...v1.4.5) Updates `github.com/sigstore/rekor` from 1.3.5 to 1.3.6 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.3.5...v1.3.6) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/rekor dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for d56c9e8 - Browse repository at this point
Copy the full SHA d56c9e8View commit details -
chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 (sigstore…
…#3650) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.18.0 to 0.19.0. - [Commits](golang/oauth2@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 2d13b65 - Browse repository at this point
Copy the full SHA 2d13b65View commit details -
chore(deps): bump golang.org/x/term from 0.18.0 to 0.19.0 (sigstore#3651
) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.18.0 to 0.19.0. - [Commits](golang/term@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for eba7c59 - Browse repository at this point
Copy the full SHA eba7c59View commit details -
chore(deps): bump github.com/xanzy/go-gitlab from 0.101.0 to 0.102.0 (s…
…igstore#3652) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.101.0 to 0.102.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.101.0...v0.102.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 48858a2 - Browse repository at this point
Copy the full SHA 48858a2View commit details
Commits on Apr 9, 2024
-
chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 (sigstore#3655)
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.6.0 to 0.7.0. - [Commits](golang/sync@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 430c985 - Browse repository at this point
Copy the full SHA 430c985View commit details -
chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 (s…
…igstore#3653) Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.1.7 to 2.2.0. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](spiffe/go-spiffe@v2.1.7...v2.2.0) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for c95439b - Browse repository at this point
Copy the full SHA c95439bView commit details -
chore(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 (sigstore…
…#3649) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.22.0. - [Commits](golang/crypto@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for d0b9861 - Browse repository at this point
Copy the full SHA d0b9861View commit details -
Refactor e2e-tests.yml workflow (sigstore#3627)
* Move attach e2e tests into Go test suite Run the e2e_test_attach.sh tests in Go, as a step toward making all the e2e tests consistent with one another. This also has the added benefit of no longer relying on ttl.sh since test images are hosted in the mock registry server. These tests were being run in CI under Linux and Mac, since they don't rely on a Kind instance or any Sigstore services. This change updates the GitHub workflow for the attach tests to simply run all e2e tests that are compatible with the macos runner. Signed-off-by: Colleen Murphy <[email protected]> * Reorganize cross-platform attach tests Move all the e2e tests for cosign attachments that can be run independently without other Sigstore services into the new e2e_attach_test.go file, to make the main e2e_test.go file a more mantainable size and to get the benefit of running these tests in the e2e-cross job which runs on macos and linux. Signed-off-by: Colleen Murphy <[email protected]> * Move TSA MTLS tests into Go test suite Run the e2e_tsa_mtls.sh tests in Go. With this, a separate step to run the script is unnecessary for the Github workflow, since it will be run as part of the e2e-cross job. Signed-off-by: Colleen Murphy <[email protected]> * Move TSA blob tests into Go test suite Run the e2e_signblob_tsa_mtls.sh tests in Go. The e2e-tsa-mtls job in the e2e-tests workflow is fully removed since these are now all covered in e2e-cross. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 302aee6 - Browse repository at this point
Copy the full SHA 302aee6View commit details
Commits on Apr 10, 2024
-
Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (sigstore#3661)
* Merge pull request from GHSA-95pr-fxf5-86gv An Image may come from an untrusted source and contain an unknown number of signatures in the .sig manifest. A common pattern in cosign is to use the number of signatures as the capacity for a new slice. But this means the size of the slice is based on an unvalidated external input and could result in cosign running out of memory. This change adds validation for certain implementations of the oci.Signatures Get() method to limit the number of image descriptors returned. This way, callers can rely on the returned slice of signatures being a reasonable size to process safely. The limit is set to 1000, which is a generous size based on the practical restrictions that container registries set for image manifest size and approximations of memory allocations for signature layers. Signed-off-by: Colleen Murphy <[email protected]> * Merge pull request from GHSA-88jx-383q-w4qc When downloading an attestation or SBOM from an external source, check its size before reading it into memory. This protects the host from potentially reading a maliciously large attachment into memory and exhausting the system. SBOMs can vary widely in size, and there could be legitimate SBOMs of up to 700MB. However, reading a 700MB SBOM into memory would easily bring down a small cloud VM. Moreover, most SBOMs are not going to be that large. This change sets a reasonable default of 128MiB, and allows overriding the default by setting the environment variable `COSIGN_MAX_ATTACHMENT_SIZE`. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 629f5f8 - Browse repository at this point
Copy the full SHA 629f5f8View commit details -
Add v2.2.4 changelog (sigstore#3662)
Signed-off-by: Hayden Blauzvern <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fb651b4 - Browse repository at this point
Copy the full SHA fb651b4View commit details
Commits on Apr 11, 2024
-
bump scaffolding to latest release for testing (sigstore#3663)
Signed-off-by: Bob Callaway <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b15eefa - Browse repository at this point
Copy the full SHA b15eefaView commit details -
fix latest tag not being created and add latest to the dev image as w…
…ell and go updates (sigstore#3664) * fix latest tag not being created and add latest to the dev image as well Signed-off-by: cpanato <[email protected]> * update cosign to 2.2.4 Signed-off-by: cpanato <[email protected]> * update go for the builder image to use 1.21.9 Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: cpanato <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e23dcd1 - Browse repository at this point
Copy the full SHA e23dcd1View commit details
Commits on Apr 12, 2024
-
chore(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 (sigs…
…tore#3656) Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.7.7 to 0.8.1. - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](kubernetes-sigs/release-utils@v0.7.7...v0.8.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for db6d13f - Browse repository at this point
Copy the full SHA db6d13fView commit details -
switch to community repo of reusable-release (sigstore#3666)
Signed-off-by: Bob Callaway <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ba3d36d - Browse repository at this point
Copy the full SHA ba3d36dView commit details
Commits on Apr 15, 2024
-
Configuration menu - View commit details
-
Copy full SHA for ee4198d - Browse repository at this point
Copy the full SHA ee4198dView commit details -
chore(deps): bump go.step.sm/crypto in the gomod group (sigstore#3667)
Bumps the gomod group with 1 update: [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `go.step.sm/crypto` from 0.44.2 to 0.44.3 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.44.2...v0.44.3) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e036af8 - Browse repository at this point
Copy the full SHA e036af8View commit details
Commits on Apr 17, 2024
-
add registry options to cosign save (sigstore#3645)
Signed-off-by: JasonPowr <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 02b1b26 - Browse repository at this point
Copy the full SHA 02b1b26View commit details
Commits on Apr 22, 2024
-
chore(deps): bump the actions group with 2 updates (sigstore#3676)
Bumps the actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/checkout` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@9bb5618...1d96c77) Updates `actions/upload-artifact` from 4.3.1 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5d5d22a...6546280) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 59f0099 - Browse repository at this point
Copy the full SHA 59f0099View commit details
Commits on Apr 23, 2024
-
chore(deps): bump go.step.sm/crypto in the gomod group (sigstore#3672)
Bumps the gomod group with 1 update: [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `go.step.sm/crypto` from 0.44.3 to 0.44.6 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.44.3...v0.44.6) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 3102b3c - Browse repository at this point
Copy the full SHA 3102b3cView commit details -
chore(deps): bump google.golang.org/api from 0.172.0 to 0.176.0 (sigs…
…tore#3673) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.172.0 to 0.176.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.172.0...v0.176.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 5f13e63 - Browse repository at this point
Copy the full SHA 5f13e63View commit details -
chore(deps): bump github.com/xanzy/go-gitlab from 0.102.0 to 0.103.0 (s…
…igstore#3674) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.102.0 to 0.103.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.102.0...v0.103.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e4197bd - Browse repository at this point
Copy the full SHA e4197bdView commit details
Commits on Apr 29, 2024
-
fix: close attestationFile (sigstore#3679)
Signed-off-by: guangwu <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d33bbc3 - Browse repository at this point
Copy the full SHA d33bbc3View commit details -
chore(deps): bump actions/checkout in the actions group (sigstore#3680)
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@1d96c77...0ad4b8f) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 69f3478 - Browse repository at this point
Copy the full SHA 69f3478View commit details -
chore(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (s…
…igstore#3681) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4.0.0 to 5.1.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@3cfe3a4...9d1e062) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for cd018e9 - Browse repository at this point
Copy the full SHA cd018e9View commit details -
chore(deps): bump the gomod group with 3 updates (sigstore#3682)
Bumps the gomod group with 3 updates: cuelang.org/go, [go.step.sm/crypto](https://github.com/smallstep/crypto) and [google.golang.org/api](https://github.com/googleapis/google-api-go-client). Updates `cuelang.org/go` from 0.8.1 to 0.8.2 Updates `go.step.sm/crypto` from 0.44.6 to 0.44.8 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.44.6...v0.44.8) Updates `google.golang.org/api` from 0.176.0 to 0.176.1 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.176.0...v0.176.1) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for d247bad - Browse repository at this point
Copy the full SHA d247badView commit details -
chore(deps): bump github.com/open-policy-agent/opa from 0.63.0 to 0.6…
…4.1 (sigstore#3683) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.63.0 to 0.64.1. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.63.0...v0.64.1) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e9a3739 - Browse repository at this point
Copy the full SHA e9a3739View commit details
Commits on Apr 30, 2024
-
Refactor KMS E2E tests (sigstore#3684)
* Move KMS tests from shell script to Go test suite Signed-off-by: Colleen Murphy <[email protected]> * Make KMS E2E tests hermetic Use the scaffolding setup action to set up a local sigstore cluster and run the KMS tests against the local rekor instance instead of the public, production instance. Signed-off-by: Colleen Murphy <[email protected]> * Move KMS E2E workflow into main e2e-tests file Condense the E2E tests into fewer workflow files. There are no unique conditions that require them to be in separate files. Condensing them makes them easier to discover, and makes the Actions tab in GitHub cleaner because there are fewer workflows to sort through. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fa17fab - Browse repository at this point
Copy the full SHA fa17fabView commit details
Commits on May 6, 2024
-
chore(deps): bump the actions group with 3 updates (sigstore#3686)
Bumps the actions group with 3 updates: [actions/setup-go](https://github.com/actions/setup-go), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `actions/setup-go` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0c52d54...cdcb360) Updates `codecov/codecov-action` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@8450866...5ecb98a) Updates `golangci/golangci-lint-action` from 5.1.0 to 5.3.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@9d1e062...38e1018) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 0976894 - Browse repository at this point
Copy the full SHA 0976894View commit details -
chore(deps): bump google.golang.org/api from 0.176.1 to 0.177.0 (sigs…
…tore#3687) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.176.1 to 0.177.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.176.1...v0.177.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 2d398bc - Browse repository at this point
Copy the full SHA 2d398bcView commit details -
chore(deps): bump github.com/xanzy/go-gitlab from 0.103.0 to 0.104.0 (s…
…igstore#3688) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.103.0 to 0.104.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.103.0...v0.104.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for f0fd640 - Browse repository at this point
Copy the full SHA f0fd640View commit details -
chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (sigstore…
…#3691) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.19.0 to 0.20.0. - [Commits](golang/oauth2@v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for b3448d4 - Browse repository at this point
Copy the full SHA b3448d4View commit details
Commits on May 13, 2024
-
chore(deps): bump google.golang.org/api from 0.177.0 to 0.180.0 (sigs…
…tore#3698) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.177.0 to 0.180.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.177.0...v0.180.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 50c67f0 - Browse repository at this point
Copy the full SHA 50c67f0View commit details -
chore(deps): bump the actions group with 3 updates (sigstore#3694)
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [mikefarah/yq](https://github.com/mikefarah/yq) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `actions/checkout` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@0ad4b8f...44c2b7a) Updates `mikefarah/yq` from 4.43.1 to 4.44.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@c35ec75...557dcb8) Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...dc50aa9) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 17c9af7 - Browse repository at this point
Copy the full SHA 17c9af7View commit details -
Add PayloadProvider interface to decouple AttestationToPayloadJSON fr…
…om oci.Signature interface (sigstore#3693) * Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface Signed-off-by: Cody Soyland <[email protected]> * Add test for PayloadProvider interface Signed-off-by: Cody Soyland <[email protected]> --------- Signed-off-by: Cody Soyland <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d2766d8 - Browse repository at this point
Copy the full SHA d2766d8View commit details -
chore(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (s…
…igstore#3695) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5.3.0 to 6.0.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@38e1018...a4f60bb) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 40e6740 - Browse repository at this point
Copy the full SHA 40e6740View commit details -
chore(deps): bump sigs.k8s.io/release-utils in the gomod group (sigst…
…ore#3696) Bumps the gomod group with 1 update: [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils). Updates `sigs.k8s.io/release-utils` from 0.8.1 to 0.8.2 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](kubernetes-sigs/release-utils@v0.8.1...v0.8.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 8b498bd - Browse repository at this point
Copy the full SHA 8b498bdView commit details -
chore(deps): bump github.com/xanzy/go-gitlab from 0.104.0 to 0.105.0 (s…
…igstore#3697) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.104.0 to 0.105.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.104.0...v0.105.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 1211157 - Browse repository at this point
Copy the full SHA 1211157View commit details
Commits on May 17, 2024
-
Refactor insecure registry E2E tests (sigstore#3701)
* Fix e2e test copypaste error Signed-off-by: Colleen Murphy <[email protected]> * Clean up kind-e2e-insecure-registry workflow - These tests don't use KinD, don't set it up - Don't install yq, ko, or kustomize - The scripts build cosign, no need to build it in its own step - Don't use global environment variables when they're only needed for individual steps Signed-off-by: Colleen Murphy <[email protected]> * Move insecure OCI 1.0 registry tests to Go suite Signed-off-by: Colleen Murphy <[email protected]> * Move insecure OCI 1.1 registry tests to Go suite Signed-off-by: Colleen Murphy <[email protected]> * Make registry tests hermetic Signed-off-by: Colleen Murphy <[email protected]> * Move insecure registry workflow to e2e tests Condense the kind-e2e-insecure-registry workflow into the rest of the E2E tests workflow. The workflow name was misleading because these tests don't relate to KinD except as an implementation detail of the scaffolding action. Combining it makes it more discoverable and reduces clutter inthe GitHub Actions UI. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 62742a1 - Browse repository at this point
Copy the full SHA 62742a1View commit details -
Remove KMS E2E test script (sigstore#3702)
Should have been removed as part of fa17fab. Signed-off-by: Colleen Murphy <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2e65241 - Browse repository at this point
Copy the full SHA 2e65241View commit details
Commits on May 20, 2024
-
Remove sign_blob_test.sh test (sigstore#3707)
The bug that this test was meant to address[1] applies to a feature that was removed from cosign[2]. The updates made to the script to allow for the breaking changes actually make the test invalid, because while it was once verifying the original artifact signature, the final verification step is now actually verifying against the uploaded rekor entry, so the original signature is inconsequential. [1] sigstore#1673 [2] sigstore#2425 Signed-off-by: Colleen Murphy <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 645636e - Browse repository at this point
Copy the full SHA 645636eView commit details -
Add README.md for tests (sigstore#3708)
Signed-off-by: Colleen Murphy <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2bb2e88 - Browse repository at this point
Copy the full SHA 2bb2e88View commit details
Commits on May 21, 2024
-
chore(deps): bump the actions group with 3 updates (sigstore#3706)
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [google-github-actions/auth](https://github.com/google-github-actions/auth) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `actions/checkout` from 4.1.5 to 4.1.6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@44c2b7a...a5ac7e5) Updates `google-github-actions/auth` from 2.1.2 to 2.1.3 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@55bd3a7...71fee32) Updates `codecov/codecov-action` from 4.3.1 to 4.4.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@5ecb98a...125fc84) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 6e2fcd6 - Browse repository at this point
Copy the full SHA 6e2fcd6View commit details -
chore(deps): bump google.golang.org/api from 0.180.0 to 0.181.0 (sigs…
…tore#3703) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.180.0 to 0.181.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.180.0...v0.181.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 2359dbd - Browse repository at this point
Copy the full SHA 2359dbdView commit details -
chore(deps): bump go.step.sm/crypto from 0.44.8 to 0.45.0 (sigstore#3704
) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.44.8 to 0.45.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.44.8...v0.45.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 5ae2e31 - Browse repository at this point
Copy the full SHA 5ae2e31View commit details
Commits on May 27, 2024
-
chore(deps): bump go.step.sm/crypto in the gomod group (sigstore#3710)
Bumps the gomod group with 1 update: [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `go.step.sm/crypto` from 0.45.0 to 0.45.1 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.45.0...v0.45.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 550dbf9 - Browse repository at this point
Copy the full SHA 550dbf9View commit details
Commits on Jun 3, 2024
-
chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.6…
…5.0 (sigstore#3714) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.64.1 to 0.65.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.64.1...v0.65.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e623217 - Browse repository at this point
Copy the full SHA e623217View commit details -
chore(deps): bump the gomod group with 5 updates (sigstore#3713)
Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.3` | `1.8.4` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.3` | `1.8.4` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.3` | `1.8.4` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.3` | `1.8.4` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.3` | `1.8.4` | Updates `github.com/sigstore/sigstore` from 1.8.3 to 1.8.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.3...v1.8.4) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.3 to 1.8.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.3...v1.8.4) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.3 to 1.8.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.3...v1.8.4) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.3 to 1.8.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.3...v1.8.4) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.3 to 1.8.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.3...v1.8.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 6b6acc2 - Browse repository at this point
Copy the full SHA 6b6acc2View commit details -
chore(deps): bump google.golang.org/api from 0.181.0 to 0.182.0 (sigs…
…tore#3716) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.181.0 to 0.182.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.181.0...v0.182.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for f3225b3 - Browse repository at this point
Copy the full SHA f3225b3View commit details -
chore(deps): bump go.step.sm/crypto from 0.45.1 to 0.46.0 (sigstore#3717
) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.45.1 to 0.46.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.45.1...v0.46.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for d275a27 - Browse repository at this point
Copy the full SHA d275a27View commit details
Commits on Jun 10, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 098e892 - Browse repository at this point
Copy the full SHA 098e892View commit details -
Configuration menu - View commit details
-
Copy full SHA for eae74ff - Browse repository at this point
Copy the full SHA eae74ffView commit details
Commits on Jun 11, 2024
-
chore(deps): bump golang.org/x/crypto from 0.23.0 to 0.24.0 (sigstore…
…#3721) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.23.0 to 0.24.0. - [Commits](golang/crypto@v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 5bbccd5 - Browse repository at this point
Copy the full SHA 5bbccd5View commit details -
Add debug providers command. (sigstore#3728)
When trying to run cosign on a remote workstation it would be nice to have a command to confirm the OIDC provider behavior of what is/isn't enabled and in what order. This PR adds a new hidden debug subcommand, with a debug providers subcommand that prints out the list of orderd providers and whether or not they are enabled. Signed-off-by: Billy Lynch <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ca1733a - Browse repository at this point
Copy the full SHA ca1733aView commit details -
chore(deps): bump go.step.sm/crypto from 0.46.0 to 0.47.0 (sigstore#3723
) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.46.0 to 0.47.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.46.0...v0.47.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e72f472 - Browse repository at this point
Copy the full SHA e72f472View commit details
Commits on Jun 18, 2024
-
Bump scaffolding version (sigstore#3736)
* Bump scaffolding version Signed-off-by: Hayden Blauzvern <[email protected]> * Bump k8s version --------- Signed-off-by: Hayden Blauzvern <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 98fd801 - Browse repository at this point
Copy the full SHA 98fd801View commit details -
bump builder image to ise go1.21.11 and update goreleaser to version 2 (
sigstore#3737) Signed-off-by: cpanato <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ee521e4 - Browse repository at this point
Copy the full SHA ee521e4View commit details -
chore(deps): bump google.golang.org/api from 0.183.0 to 0.184.0 (sigs…
…tore#3734) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.183.0 to 0.184.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.183.0...v0.184.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 598c734 - Browse repository at this point
Copy the full SHA 598c734View commit details -
chore(deps): bump the actions group across 1 directory with 5 updates (…
…sigstore#3738) Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.6` | `4.1.7` | | [ko-build/setup-ko](https://github.com/ko-build/setup-ko) | `0.6` | `0.7` | | [imjasonh/setup-crane](https://github.com/imjasonh/setup-crane) | `0.3` | `0.4` | | [mikefarah/yq](https://github.com/mikefarah/yq) | `4.44.1` | `4.44.2` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.4.1` | `4.5.0` | Updates `actions/checkout` from 4.1.6 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@a5ac7e5...692973e) Updates `ko-build/setup-ko` from 0.6 to 0.7 - [Release notes](https://github.com/ko-build/setup-ko/releases) - [Commits](ko-build/setup-ko@ace48d7...3aebd05) Updates `imjasonh/setup-crane` from 0.3 to 0.4 - [Release notes](https://github.com/imjasonh/setup-crane/releases) - [Commits](imjasonh/setup-crane@00c9e93...31b88ef) Updates `mikefarah/yq` from 4.44.1 to 4.44.2 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@557dcb8...f15500b) Updates `codecov/codecov-action` from 4.4.1 to 4.5.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@125fc84...e28ff12) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: ko-build/setup-ko dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: imjasonh/setup-crane dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e5937c5 - Browse repository at this point
Copy the full SHA e5937c5View commit details -
chore(deps): bump the gomod group with 4 updates (sigstore#3731)
Bumps the gomod group with 4 updates: cuelang.org/go, [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry), [github.com/spf13/cobra](https://github.com/spf13/cobra) and [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `cuelang.org/go` from 0.9.0 to 0.9.1 Updates `github.com/google/go-containerregistry` from 0.19.1 to 0.19.2 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.19.1...v0.19.2) Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.8.0...v1.8.1) Updates `go.step.sm/crypto` from 0.47.0 to 0.47.1 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.47.0...v0.47.1) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 2525c93 - Browse repository at this point
Copy the full SHA 2525c93View commit details -
chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.2.0 to 2.3.0 (s…
…igstore#3732) Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](spiffe/go-spiffe@v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 9a9447d - Browse repository at this point
Copy the full SHA 9a9447dView commit details -
chore(deps): bump github.com/spf13/viper from 1.18.2 to 1.19.0 (sigst…
…ore#3715) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.2 to 1.19.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](spf13/viper@v1.18.2...v1.19.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 9f18570 - Browse repository at this point
Copy the full SHA 9f18570View commit details -
Make config layers in ociremote mountable (sigstore#3741)
The wrapping that oci.Signatures does hides the ConfigLayer() implementation in remote.Image that remote.Write relies on for determining if it can mount the config blob (vs having to re-upload it), so remote.Write is sending additional blob uploads, which incurs an additional roundtrip that we don't really need to do. Explicitly implement ConfigLayer() in the wrappers by dispatching to the wrapped implementation fixes this. Signed-off-by: Jon Johnson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5209b38 - Browse repository at this point
Copy the full SHA 5209b38View commit details
Commits on Jun 19, 2024
-
upgrade to go1.22 (sigstore#3739)
* upgrade to go1.22 Signed-off-by: cpanato <[email protected]> * bump go.mod to go1.22 Signed-off-by: cpanato <[email protected]> * update some deps Signed-off-by: cpanato <[email protected]> * update test image Signed-off-by: cpanato <[email protected]> * more updates Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: cpanato <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9e3811b - Browse repository at this point
Copy the full SHA 9e3811bView commit details -
adds tsa cert chain check for env var or tuf targets. (sigstore#3600)
* adds tsa cert chain check for env var or tuf targets. Signed-off-by: ianhundere <[email protected]> * adds new flag, --use-signed-timestamps, and adjusts verify_*.go tsa logic. Signed-off-by: ianhundere <[email protected]> --------- Signed-off-by: ianhundere <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2b538f8 - Browse repository at this point
Copy the full SHA 2b538f8View commit details
Commits on Jun 25, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 68d38a8 - Browse repository at this point
Copy the full SHA 68d38a8View commit details -
chore(deps): bump github.com/xanzy/go-gitlab from 0.105.0 to 0.106.0 (s…
…igstore#3748) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.105.0 to 0.106.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.105.0...v0.106.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 8859e29 - Browse repository at this point
Copy the full SHA 8859e29View commit details -
chore(deps): bump google.golang.org/api from 0.184.0 to 0.185.0 (sigs…
…tore#3747) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.184.0 to 0.185.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.184.0...v0.185.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e924bc8 - Browse repository at this point
Copy the full SHA e924bc8View commit details -
Fixing issue 3743 (sigstore#3744)
* Fix get TSA certs from local TUF Signed-off-by: Meeki1l <[email protected]> * Rename var Signed-off-by: Meeki1l <[email protected]> * Pass autotest Signed-off-by: Meeki1l <[email protected]> * Rm autotest Signed-off-by: Meeki1l <[email protected]> --------- Signed-off-by: Meeki1l <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7c20052 - Browse repository at this point
Copy the full SHA 7c20052View commit details
Commits on Jul 1, 2024
-
add --ca-roots and --ca-intermediates flags to 'cosign verify' (sigst…
…ore#3464) * add --certificate-bundle flag to 'cosign verify' Related to issue sigstore#3462. Current commit adds the flag to verify the CLI options. The new flag doesn't have any effect yet (will add in follow-up PRs). Signed-off-by: Dmitry S <[email protected]> * Add --ca-roots flag for 'cosign verify' Add --ca-roots command-line flag for 'cosign verify' to enable verifying cosign signatures using PEM bundles of CA roots. Whether to also add --ca-intermediates flag is TBD. Unit tests will be added in the next commit(s). Fixes sigstore#3462. Signed-off-by: Dmitry S <[email protected]> * add functional tests for --ca-roots flag Signed-off-by: Dmitry S <[email protected]> * setup-crane action for e2e_test_pkcs11.sh Signed-off-by: Dmitry S <[email protected]> * rebase on trunk Signed-off-by: Dmitry Savintsev <[email protected]> * transform gencert subpackage to helper function Signed-off-by: Dmitry S <[email protected]> * use the trunk version of workflows/e2e-tests.yml Signed-off-by: Dmitry S <[email protected]> * correct certificate generation for e2e tests Signed-off-by: Dmitry S <[email protected]> * refactor test cert/keys generation and corresponding test Signed-off-by: Dmitry S <[email protected]> * add license header Signed-off-by: Dmitry S <[email protected]> * remove test shell scripts Signed-off-by: Dmitry S <[email protected]> * remove unused certFile param to verifyCertBundle Signed-off-by: Dmitry S <[email protected]> * remove duplicate test functions Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Dmitry Savintsev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 40fc15f - Browse repository at this point
Copy the full SHA 40fc15fView commit details -
Set
bundleVerified
to true after Rekor verification (Resolves sigst……ore#3740) (sigstore#3745) * Set bundleVerified to true after Rekor verification (Resolves sigstore#3740) Signed-off-by: Max Lambrecht <[email protected]> * Add TestImageSignatureVerificationWithRekor Signed-off-by: Max Lambrecht <[email protected]> * Fix lint issues Signed-off-by: Max Lambrecht <[email protected]> * Improve TestImageSignatureVerificationWithRekor Signed-off-by: Max Lambrecht <[email protected]> * Add comments to test functions Signed-off-by: Max Lambrecht <[email protected]> --------- Signed-off-by: Max Lambrecht <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8b55af2 - Browse repository at this point
Copy the full SHA 8b55af2View commit details
Commits on Jul 2, 2024
-
chore(deps): bump google.golang.org/api from 0.185.0 to 0.186.0 (sigs…
…tore#3755) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.185.0 to 0.186.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.185.0...v0.186.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 7d74685 - Browse repository at this point
Copy the full SHA 7d74685View commit details -
chore(deps): bump github.com/open-policy-agent/opa from 0.65.0 to 0.6…
…6.0 (sigstore#3756) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.65.0 to 0.66.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.65.0...v0.66.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 79db196 - Browse repository at this point
Copy the full SHA 79db196View commit details
Commits on Jul 3, 2024
-
Update README.md to account for necessary new go version (sigstore#3764)
Signed-off-by: bminahan73 <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3d622d1 - Browse repository at this point
Copy the full SHA 3d622d1View commit details
Commits on Jul 5, 2024
-
General housekeeping and go updates (sigstore#3765)
* have a dedicated workflow for golangci-lint and add e2e to it Signed-off-by: cpanato <[email protected]> * clean up ci Signed-off-by: cpanato <[email protected]> * bump go to 1.22.5 in go.mod Signed-off-by: cpanato <[email protected]> * update release builder to use go1.22.5 Signed-off-by: cpanato <[email protected]> * update softhsm2-pkcs11-prox image Signed-off-by: cpanato <[email protected]> * update Signed-off-by: cpanato <[email protected]> * fix lints Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: cpanato <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d05a120 - Browse repository at this point
Copy the full SHA d05a120View commit details -
chore(deps): bump the gomod group across 1 directory with 7 updates (s…
…igstore#3766) * chore(deps): bump the gomod group across 1 directory with 7 updates Bumps the gomod group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | cuelang.org/go | `0.9.1` | `0.9.2` | | [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) | `3.74.0` | `3.74.1` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | Updates `cuelang.org/go` from 0.9.1 to 0.9.2 Updates `github.com/buildkite/agent/v3` from 3.74.0 to 3.74.1 - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.74.0...v3.74.1) Updates `github.com/sigstore/sigstore` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> * update test Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: cpanato <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bf2067a - Browse repository at this point
Copy the full SHA bf2067aView commit details
Commits on Jul 8, 2024
-
fix: extra whitespace in README.md (sigstore#3773)
* fix: extra whitespace in README.md Signed-off-by: Hector Fernandez <[email protected]> * use a different digest for the actions Signed-off-by: Hector Fernandez <[email protected]> --------- Signed-off-by: Hector Fernandez <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b310bc6 - Browse repository at this point
Copy the full SHA b310bc6View commit details -
chore(deps): bump go.step.sm/crypto from 0.47.1 to 0.48.1 (sigstore#3768
) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.47.1 to 0.48.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.47.1...v0.48.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 58af4bb - Browse repository at this point
Copy the full SHA 58af4bbView commit details -
chore(deps): bump golang.org/x/crypto from 0.24.0 to 0.25.0 (sigstore…
…#3771) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.24.0 to 0.25.0. - [Commits](golang/crypto@v0.24.0...v0.25.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e5afa56 - Browse repository at this point
Copy the full SHA e5afa56View commit details -
chore(deps): bump golang.org/x/term from 0.21.0 to 0.22.0 (sigstore#3770
) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.21.0 to 0.22.0. - [Commits](golang/term@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 2dd32f6 - Browse repository at this point
Copy the full SHA 2dd32f6View commit details
Commits on Jul 9, 2024
-
chore(deps): bump sigs.k8s.io/release-utils in the gomod group (sigst…
…ore#3767) Bumps the gomod group with 1 update: [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils). Updates `sigs.k8s.io/release-utils` from 0.8.2 to 0.8.3 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](kubernetes-sigs/release-utils@v0.8.2...v0.8.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for bc5f6c6 - Browse repository at this point
Copy the full SHA bc5f6c6View commit details -
factor out keyless verification certificate loading function (sigstor…
…e#3762) * factor out keyless verification helper function Signed-off-by: Dmitry S <[email protected]> * unit test for loadCertsKeylessVerification helper Signed-off-by: Dmitry S <[email protected]> * remove username from TODOs Signed-off-by: Dmitry Savintsev <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Dmitry Savintsev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 811dba8 - Browse repository at this point
Copy the full SHA 811dba8View commit details
Commits on Jul 10, 2024
-
chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (sigst…
…ore#3774) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.64.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.64.0...v1.64.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for ca682f2 - Browse repository at this point
Copy the full SHA ca682f2View commit details
Commits on Jul 11, 2024
-
add handling of keyless verification for all verify commands (sigstor…
…e#3761) Copy the handling of non-Fulcio keys from the verify to all other verify commands (verify-attestation, verify-blob, verify-blob-attestations). Fix sigstore#3759. Signed-off-by: Dmitry S <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bdcbf44 - Browse repository at this point
Copy the full SHA bdcbf44View commit details -
Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (si…
…gstore#3776) Document pkg/cosign key utility functions & supported key formats Signed-off-by: Dmitry S <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f7a5725 - Browse repository at this point
Copy the full SHA f7a5725View commit details
Commits on Jul 15, 2024
-
chore(deps): bump the actions group across 1 directory with 2 updates (…
…sigstore#3785) Bumps the actions group with 2 updates in the / directory: [actions/setup-go](https://github.com/actions/setup-go) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/setup-go` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@cdcb360...0a12ed9) Updates `actions/upload-artifact` from 4.3.3 to 4.3.4 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@6546280...0b2256b) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 13d3a56 - Browse repository at this point
Copy the full SHA 13d3a56View commit details -
chore(deps): bump go.step.sm/crypto from 0.48.1 to 0.50.0 (sigstore#3781
) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.48.1 to 0.50.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.48.1...v0.50.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 4fd699c - Browse repository at this point
Copy the full SHA 4fd699cView commit details -
chore(deps): bump google.golang.org/api from 0.187.0 to 0.188.0 (sigs…
…tore#3782) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.187.0 to 0.188.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.187.0...v0.188.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for f9270c0 - Browse repository at this point
Copy the full SHA f9270c0View commit details -
chore(deps): bump github.com/google/go-containerregistry (sigstore#3783)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.2 to 0.20.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.19.2...v0.20.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 05026ee - Browse repository at this point
Copy the full SHA 05026eeView commit details
Commits on Jul 16, 2024
-
chore(deps): bump github.com/sigstore/fulcio from 1.4.5 to 1.5.1 (sig…
…store#3784) Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.4.5 to 1.5.1. - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.4.5...v1.5.1) --- updated-dependencies: - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 3c6c5c9 - Browse repository at this point
Copy the full SHA 3c6c5c9View commit details -
chore(deps): bump the gomod group with 5 updates (sigstore#3780)
Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | Updates `github.com/sigstore/sigstore` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 4684fd6 - Browse repository at this point
Copy the full SHA 4684fd6View commit details
Commits on Jul 22, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 20d4724 - Browse repository at this point
Copy the full SHA 20d4724View commit details -
Add CHANGELOG for v2.3.0 (sigstore#3789)
Signed-off-by: Hayden Blauzvern <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for aeba473 - Browse repository at this point
Copy the full SHA aeba473View commit details -
chore(deps): bump github.com/buildkite/agent/v3 from 3.74.1 to 3.75.1 (…
…sigstore#3793) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.74.1 to 3.75.1. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.74.1...v3.75.1) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for c6f89f8 - Browse repository at this point
Copy the full SHA c6f89f8View commit details -
chore(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0 (s…
…igstore#3792) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.106.0 to 0.107.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.106.0...v0.107.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for deed363 - Browse repository at this point
Copy the full SHA deed363View commit details -
chore(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 (sigs…
…tore#3791) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.188.0 to 0.189.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.188.0...v0.189.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for ffde21e - Browse repository at this point
Copy the full SHA ffde21eView commit details
Commits on Jul 23, 2024
-
Adding protobuf bundle support to sign-blob and attest-blob (sigstore…
…#3752) This pull requests addresses the first part of sigstore#3139: adding protobuf bundle support for cosign sign-blob and cosign attest-blob. Signed-off-by: Zach Steindler <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c6cdf1b - Browse repository at this point
Copy the full SHA c6cdf1bView commit details
Commits on Jul 26, 2024
-
Include SCT verification failure details in error message (sigstore#3799
) Signed-off-by: Slavek Kabrda <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 62a2cff - Browse repository at this point
Copy the full SHA 62a2cffView commit details
Commits on Jul 28, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 98c2cab - Browse repository at this point
Copy the full SHA 98c2cabView commit details
Commits on Jul 29, 2024
-
Add support for recording creation timestamp for cosign attest (sigst…
…ore#3797) * add support for recording creation timestamp for cosign attest Signed-off-by: Zsolt Horvath <[email protected]> Signed-off-by: Zsolt Horvath <[email protected]> * Fix cosign attest example in doc/cosign_attest.md Signed-off-by: Zsolt Horvath <[email protected]> --------- Signed-off-by: Zsolt Horvath <[email protected]> Signed-off-by: Zsolt Horvath <[email protected]> Co-authored-by: Zsolt Horvath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0406602 - Browse repository at this point
Copy the full SHA 0406602View commit details -
Add new bundle support to
verify-blob
andverify-blob-attestation
(……sigstore#3796) * Add new bundle support to `verify-blob` and `verify-blob-attestation` Part of sigstore#3139 Signed-off-by: Zach Steindler <[email protected]> * fix error message Signed-off-by: Zach Steindler <[email protected]> * Use sigstore-go v0.5.1 for cert issuer regex support Signed-off-by: Zach Steindler <[email protected]> * Use more specific `WithIntegratedTimestamps` with tlog verification Signed-off-by: Zach Steindler <[email protected]> --------- Signed-off-by: Zach Steindler <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b4cf37b - Browse repository at this point
Copy the full SHA b4cf37bView commit details -
chore(deps): bump ossf/scorecard-action in the actions group (sigstor…
…e#3801) Bumps the actions group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@dc50aa9...62b2cac) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 973bcd1 - Browse repository at this point
Copy the full SHA 973bcd1View commit details -
chore(deps): bump github.com/open-policy-agent/opa from 0.66.0 to 0.6…
…7.0 (sigstore#3803) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.66.0 to 0.67.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.66.0...v0.67.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for ec2480e - Browse repository at this point
Copy the full SHA ec2480eView commit details -
chore(deps): bump sigs.k8s.io/release-utils in the gomod group (sigst…
…ore#3802) Bumps the gomod group with 1 update: [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils). Updates `sigs.k8s.io/release-utils` from 0.8.3 to 0.8.4 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](kubernetes-sigs/release-utils@v0.8.3...v0.8.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for f40ad0f - Browse repository at this point
Copy the full SHA f40ad0fView commit details
Commits on Jul 30, 2024
-
chore(deps): bump github.com/docker/docker (sigstore#3804)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.9+incompatible to 26.1.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v24.0.9...v26.1.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 06d1290 - Browse repository at this point
Copy the full SHA 06d1290View commit details
Commits on Aug 6, 2024
-
handle docker-compose v2, free up more space (sigstore#3809)
* handle docker-compose v2, free up more space Signed-off-by: Bob Callaway <[email protected]> * set docker compose labels on network Signed-off-by: Bob Callaway <[email protected]> * llvm is needed Signed-off-by: Bob Callaway <[email protected]> * try again Signed-off-by: Bob Callaway <[email protected]> * sudo Signed-off-by: Bob Callaway <[email protected]> * try again Signed-off-by: Bob Callaway <[email protected]> * try codeql Signed-off-by: Bob Callaway <[email protected]> * fix yq Signed-off-by: Bob Callaway <[email protected]> * yq e Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: Bob Callaway <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7e3c2f5 - Browse repository at this point
Copy the full SHA 7e3c2f5View commit details -
chore(deps): bump the actions group across 1 directory with 4 updates (…
…sigstore#3818) Bumps the actions group with 4 updates in the / directory: [google-github-actions/auth](https://github.com/google-github-actions/auth), [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action), [mikefarah/yq](https://github.com/mikefarah/yq) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `google-github-actions/auth` from 2.1.3 to 2.1.4 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@71fee32...f112390) Updates `golangci/golangci-lint-action` from 6.0.1 to 6.1.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@a4f60bb...aaa42aa) Updates `mikefarah/yq` from 4.44.2 to 4.44.3 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@f15500b...bbdd974) Updates `actions/upload-artifact` from 4.3.4 to 4.3.5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@0b2256b...89ef406) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for b61b689 - Browse repository at this point
Copy the full SHA b61b689View commit details -
chore(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (sigstore…
…#3811) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.21.0 to 0.22.0. - [Commits](golang/oauth2@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 71a4952 - Browse repository at this point
Copy the full SHA 71a4952View commit details -
chore(deps): bump go.step.sm/crypto from 0.50.0 to 0.51.1 (sigstore#3812
) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.50.0 to 0.51.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.50.0...v0.51.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 983a368 - Browse repository at this point
Copy the full SHA 983a368View commit details -
tidy up validate release script (sigstore#3817)
Signed-off-by: Bob Callaway <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7bac5e9 - Browse repository at this point
Copy the full SHA 7bac5e9View commit details -
chore(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 (sigstore#3814)
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.7.0 to 0.8.0. - [Commits](golang/sync@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e3a3914 - Browse repository at this point
Copy the full SHA e3a3914View commit details -
chore(deps): bump github.com/buildkite/agent/v3 from 3.75.1 to 3.76.2 (…
…sigstore#3813) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.75.1 to 3.76.2. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.75.1...v3.76.2) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for d0492cf - Browse repository at this point
Copy the full SHA d0492cfView commit details -
move incremental builds per commit to GHCR instead of GCR (sigstore#3808
) Signed-off-by: Bob Callaway <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for be43902 - Browse repository at this point
Copy the full SHA be43902View commit details -
chore(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 (sigs…
…tore#3815) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.189.0 to 0.190.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.189.0...v0.190.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 2387b50 - Browse repository at this point
Copy the full SHA 2387b50View commit details -
Conformance testing for cosign (sigstore#3806)
* Adding conformance helper and Action Also add e2e test and some helpful error messages about what flags go together Signed-off-by: Zach Steindler <[email protected]> * Allow conformance driver to call cosign with user-supplied args Signed-off-by: Zach Steindler <[email protected]> * fix e2e test Signed-off-by: Zach Steindler <[email protected]> * Detail TODO comments; remove unneeded trusted root in e2e tests Signed-off-by: Zach Steindler <[email protected]> --------- Signed-off-by: Zach Steindler <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fd0368a - Browse repository at this point
Copy the full SHA fd0368aView commit details -
Bump sigstore/sigstore (sigstore#3819)
Signed-off-by: Hayden Blauzvern <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c346825 - Browse repository at this point
Copy the full SHA c346825View commit details -
Add login for GHCR (sigstore#3820)
Signed-off-by: Hayden B <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b5e7dc1 - Browse repository at this point
Copy the full SHA b5e7dc1View commit details
Commits on Aug 20, 2024
-
v2.4.0 Signed-off-by: Lance Ball <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6b54010 - Browse repository at this point
Copy the full SHA 6b54010View commit details
Commits on Sep 4, 2024
-
chore(deps): bump github.com/docker/docker (sigstore#3823) (#242)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 5cdc70c - Browse repository at this point
Copy the full SHA 5cdc70cView commit details -
chore(pipelines): remove cosign hermetic builds
Do not run hermetic builds for 1.1.0 since Konflux still appears to not have cachi2 support for go 1.22. Signed-off-by: Lance Ball <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 876c2f7 - Browse repository at this point
Copy the full SHA 876c2f7View commit details -
chore: remove git stash/pop from cosign build
Signed-off-by: Lance Ball <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b69bf3b - Browse repository at this point
Copy the full SHA b69bf3bView commit details -
Merge branch 'main' into lance/update-to-2.4.0
Signed-off-by: Lance Ball <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 899e9be - Browse repository at this point
Copy the full SHA 899e9beView commit details -
fixup: remove prefetch-input task
Signed-off-by: Lance Ball <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a97db15 - Browse repository at this point
Copy the full SHA a97db15View commit details