Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: rancherlabs/slsactl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.0.7
Choose a base ref
...
head repository: rancherlabs/slsactl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref

Commits on Jan 22, 2025

  1. Copy the full SHA
    8c3eb93 View commit details
  2. Merge pull request #21 from rancherlabs/renovate/actions-checkout-digest

    chore(deps): update actions/checkout digest to 11bd719
    pjbgf authored Jan 22, 2025
    Copy the full SHA
    8c8f12e View commit details
  3. Copy the full SHA
    3eb7045 View commit details
  4. Merge pull request #24 from rancherlabs/deploy-renovate-2025-01-22-18…

    …-46-25
    
    Add initial Renovate configuration
    pjbgf authored Jan 22, 2025
    Copy the full SHA
    81e7678 View commit details
  5. Copy the full SHA
    ac0d912 View commit details
  6. Merge pull request #25 from rancherlabs/renovate/actions-setup-go-5.x

    chore(deps): update actions/setup-go action to v5.3.0
    pjbgf authored Jan 22, 2025
    Copy the full SHA
    0bdad6a View commit details

Commits on Jan 23, 2025

  1. Copy the full SHA
    9ff9d22 View commit details
  2. Copy the full SHA
    6a8913b View commit details
  3. Merge pull request #30 from rancherlabs/renovate/actions-attest-build…

    …-provenance-2.x
    
    chore(deps): update actions/attest-build-provenance action to v2
    pjbgf authored Jan 23, 2025
    Copy the full SHA
    05f69b1 View commit details
  4. Merge pull request #29 from rancherlabs/renovate/sigstore-cosign-inst…

    …aller-3.x
    
    chore(deps): update sigstore/cosign-installer action to v3.7.0
    pjbgf authored Jan 23, 2025
    Copy the full SHA
    fddaef6 View commit details

Commits on Jan 24, 2025

  1. Copy the full SHA
    3801202 View commit details
  2. Merge pull request #31 from rancherlabs/renovate/go-1.x

    chore(deps): update dependency go to v1.23.5
    pjbgf authored Jan 24, 2025
    Copy the full SHA
    118f400 View commit details
  3. Copy the full SHA
    9e1ed4b View commit details
  4. Copy the full SHA
    500ea8c View commit details
  5. Merge pull request #32 from rancherlabs/renovate/github.com-sigstore-…

    …fulcio-1.x
    
    chore(deps): update module github.com/sigstore/fulcio to v1.6.6
    pjbgf authored Jan 24, 2025
    Copy the full SHA
    53a4ab9 View commit details
  6. Merge pull request #28 from rancherlabs/renovate/github.com-docker-cl…

    …i-27.x
    
    chore(deps): update module github.com/docker/cli to v27.5.1+incompatible
    pjbgf authored Jan 24, 2025
    Copy the full SHA
    9fac7f8 View commit details
  7. Copy the full SHA
    668d0b4 View commit details
  8. Merge pull request #27 from rancherlabs/renovate/github.com-docker-bu…

    …ildx-0.x
    
    chore(deps): update module github.com/docker/buildx to v0.20.1
    pjbgf authored Jan 24, 2025
    Copy the full SHA
    a51a755 View commit details
  9. Copy the full SHA
    4ddddf1 View commit details
  10. Merge pull request #26 from rancherlabs/renovate/github.com-anchore-s…

    …yft-1.x
    
    chore(deps): update module github.com/anchore/syft to v1.19.0
    pjbgf authored Jan 24, 2025
    Copy the full SHA
    7488e18 View commit details

Commits on Jan 31, 2025

  1. Copy the full SHA
    39fe97c View commit details
  2. Merge pull request #33 from thardeck/add_fleet_agent_verify_exception

    verify: Add mapping for additional fleet image
    pjbgf authored Jan 31, 2025
    Copy the full SHA
    850e494 View commit details

Commits on Feb 5, 2025

  1. sbom: Add support for windows/amd64

    Part of the ecosystem supports multi-platform images targeting windows/amd64
    this change adds support for it when extracting SBOMs.
    
    This was tested against rancher/rke2-runtime:v1.31.3-rke2r1
    
    Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
    pjbgf committed Feb 5, 2025
    Copy the full SHA
    19641af View commit details
  2. Copy the full SHA
    675b9a5 View commit details
  3. Merge pull request #36 from rancherlabs/renovate/github.com-sigstore-…

    …cosign-v2-2.x
    
    chore(deps): update module github.com/sigstore/cosign/v2 to v2.4.2
    pjbgf authored Feb 5, 2025
    Copy the full SHA
    6c27ba2 View commit details
  4. Copy the full SHA
    84664e5 View commit details
  5. Merge pull request #34 from rancherlabs/windows

    sbom: Add support for `windows/amd64`
    pjbgf authored Feb 5, 2025
    Copy the full SHA
    e144311 View commit details
  6. Merge pull request #37 from rancherlabs/renovate/sigstore-cosign-inst…

    …aller-3.x
    
    chore(deps): update sigstore/cosign-installer action to v3.8.0
    pjbgf authored Feb 5, 2025
    Copy the full SHA
    29a5af9 View commit details

Commits on Feb 10, 2025

  1. Copy the full SHA
    9a7af28 View commit details
  2. Merge pull request #38 from gbuenodevsuse/chore/slsactl-csp-adapter-v…

    …erify
    
    Adds rancher/csp-adapter image mapping
    pjbgf authored Feb 10, 2025
    Copy the full SHA
    98797bd View commit details

Commits on Feb 11, 2025

  1. Copy the full SHA
    84010dc View commit details
  2. Merge pull request #39 from rancherlabs/renovate/goreleaser-gorelease…

    …r-action-6.x
    
    chore(deps): update goreleaser/goreleaser-action action to v6.2.1
    pjbgf authored Feb 11, 2025
    Copy the full SHA
    579dd18 View commit details

Commits on Feb 20, 2025

  1. build: Bump golangci-list to v1.64.5

    Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
    pjbgf committed Feb 20, 2025
    Copy the full SHA
    4756522 View commit details
  2. Merge pull request #46 from rancherlabs/gi

    build: Bump golangci-list to v1.64.5
    pjbgf authored Feb 20, 2025
    Copy the full SHA
    caaa0e8 View commit details
  3. Copy the full SHA
    da64f52 View commit details
  4. Copy the full SHA
    2e5f739 View commit details
  5. Merge pull request #44 from rancherlabs/renovate/sigstore-cosign-inst…

    …aller-3.x
    
    chore(deps): update sigstore/cosign-installer action to v3.8.1
    pjbgf authored Feb 20, 2025
    Copy the full SHA
    b5b9569 View commit details
  6. Merge pull request #45 from rancherlabs/renovate/go-1.x

    chore(deps): update dependency go to v1.24.0
    pjbgf authored Feb 20, 2025
    Copy the full SHA
    8af7c08 View commit details
  7. Copy the full SHA
    ed95e6a View commit details
  8. Copy the full SHA
    034d645 View commit details
  9. Merge pull request #42 from rancherlabs/renovate/github.com-docker-bu…

    …ildx-0.x
    
    chore(deps): update module github.com/docker/buildx to v0.21.0
    pjbgf authored Feb 20, 2025
    Copy the full SHA
    dd37e37 View commit details
  10. Merge pull request #41 from rancherlabs/renovate/github.com-sigstore-…

    …cosign-v2-2.x
    
    chore(deps): update module github.com/sigstore/cosign/v2 to v2.4.3
    pjbgf authored Feb 20, 2025
    Copy the full SHA
    f99c693 View commit details

Commits on Feb 21, 2025

  1. Copy the full SHA
    0b7fae2 View commit details
  2. Merge pull request #47 from rancherlabs/renovate/github.com-docker-cl…

    …i-28.x
    
    chore(deps): update module github.com/docker/cli to v28.0.0+incompatible
    pjbgf authored Feb 21, 2025
    Copy the full SHA
    ec456a1 View commit details

Commits on Feb 22, 2025

  1. Copy the full SHA
    df46386 View commit details
  2. Merge pull request #48 from rancherlabs/renovate/github.com-docker-bu…

    …ildx-0.x
    
    chore(deps): update module github.com/docker/buildx to v0.21.1
    pjbgf authored Feb 22, 2025
    Copy the full SHA
    cdfc127 View commit details

Commits on Feb 23, 2025

  1. Copy the full SHA
    687f6d0 View commit details

Commits on Feb 24, 2025

  1. Merge pull request #49 from rancherlabs/renovate/github.com-anchore-s…

    …yft-1.x
    
    chore(deps): update module github.com/anchore/syft to v1.20.0
    pjbgf authored Feb 24, 2025
    Copy the full SHA
    d4d7d61 View commit details
Showing with 526 additions and 495 deletions.
  1. +5 −5 .github/workflows/release.yml
  2. +5 −1 .github/workflows/{renovate.yml → renovate-vault.yml}
  3. +1 −1 actions/install-slsactl/action.yml
  4. +2 −0 cmd/sbom.go
  5. +134 −128 go.mod
  6. +372 −356 go.sum
  7. +1 −1 hack/base.mk
  8. +4 −3 internal/sbom/sbom.go
  9. +2 −0 pkg/verify/mapping.go
10 changes: 5 additions & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -18,19 +18,19 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.2.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: stable

- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
with:
distribution: goreleaser
version: '~> v2'
@@ -39,6 +39,6 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Attest release artefacts
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0
with:
subject-path: "dist/slsactl*"
Original file line number Diff line number Diff line change
@@ -16,9 +16,13 @@ on:
schedule:
- cron: '30 4,6 * * *'

permissions:
contents: read
id-token: write

jobs:
call-workflow:
uses: rancher/renovate-config/.github/workflows/renovate.yml@release
uses: rancher/renovate-config/.github/workflows/renovate-vault.yml@release
with:
logLevel: ${{ inputs.logLevel || 'info' }}
overrideSchedule: ${{ github.event.inputs.overrideSchedule == 'true' && '{''schedule'':null}' || '' }}
2 changes: 1 addition & 1 deletion actions/install-slsactl/action.yml
Original file line number Diff line number Diff line change
@@ -34,7 +34,7 @@ runs:
go install github.com/rancherlabs/slsactl@${{ inputs.version }}
- name: Install Cosign
uses: sigstore/cosign-installer@v3.5.0
uses: sigstore/cosign-installer@v3.8.1
if: runner.os == 'Linux'

- name: Install slsactl from gh release
2 changes: 2 additions & 0 deletions cmd/sbom.go
Original file line number Diff line number Diff line change
@@ -39,6 +39,8 @@ func sbomCmd(img, outformat, platform string) error {
spdx = data.LinuxAmd64.SPDX
} else if strings.EqualFold(platform, "linux/arm64") && data.LinuxArm64 != nil {
spdx = data.LinuxArm64.SPDX
} else if strings.EqualFold(platform, "windows/amd64") && data.WindowsAmd64 != nil {
spdx = data.WindowsAmd64.SPDX
} else if data.SPDX != nil {
spdx = *data.SPDX
} else {
Loading