PR3876 fix #1
Closed
PR3876 fix #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ore#3464) * add --certificate-bundle flag to 'cosign verify' Related to issue sigstore#3462. Current commit adds the flag to verify the CLI options. The new flag doesn't have any effect yet (will add in follow-up PRs). Signed-off-by: Dmitry S <[email protected]> * Add --ca-roots flag for 'cosign verify' Add --ca-roots command-line flag for 'cosign verify' to enable verifying cosign signatures using PEM bundles of CA roots. Whether to also add --ca-intermediates flag is TBD. Unit tests will be added in the next commit(s). Fixes sigstore#3462. Signed-off-by: Dmitry S <[email protected]> * add functional tests for --ca-roots flag Signed-off-by: Dmitry S <[email protected]> * setup-crane action for e2e_test_pkcs11.sh Signed-off-by: Dmitry S <[email protected]> * rebase on trunk Signed-off-by: Dmitry Savintsev <[email protected]> * transform gencert subpackage to helper function Signed-off-by: Dmitry S <[email protected]> * use the trunk version of workflows/e2e-tests.yml Signed-off-by: Dmitry S <[email protected]> * correct certificate generation for e2e tests Signed-off-by: Dmitry S <[email protected]> * refactor test cert/keys generation and corresponding test Signed-off-by: Dmitry S <[email protected]> * add license header Signed-off-by: Dmitry S <[email protected]> * remove test shell scripts Signed-off-by: Dmitry S <[email protected]> * remove unused certFile param to verifyCertBundle Signed-off-by: Dmitry S <[email protected]> * remove duplicate test functions Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Dmitry Savintsev <[email protected]>
…ore#3740) (sigstore#3745) * Set bundleVerified to true after Rekor verification (Resolves sigstore#3740) Signed-off-by: Max Lambrecht <[email protected]> * Add TestImageSignatureVerificationWithRekor Signed-off-by: Max Lambrecht <[email protected]> * Fix lint issues Signed-off-by: Max Lambrecht <[email protected]> * Improve TestImageSignatureVerificationWithRekor Signed-off-by: Max Lambrecht <[email protected]> * Add comments to test functions Signed-off-by: Max Lambrecht <[email protected]> --------- Signed-off-by: Max Lambrecht <[email protected]>
…tore#3755) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.185.0 to 0.186.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.185.0...v0.186.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…6.0 (sigstore#3756) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.65.0 to 0.66.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.65.0...v0.66.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: bminahan73 <[email protected]>
* have a dedicated workflow for golangci-lint and add e2e to it Signed-off-by: cpanato <[email protected]> * clean up ci Signed-off-by: cpanato <[email protected]> * bump go to 1.22.5 in go.mod Signed-off-by: cpanato <[email protected]> * update release builder to use go1.22.5 Signed-off-by: cpanato <[email protected]> * update softhsm2-pkcs11-prox image Signed-off-by: cpanato <[email protected]> * update Signed-off-by: cpanato <[email protected]> * fix lints Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: cpanato <[email protected]>
…igstore#3766) * chore(deps): bump the gomod group across 1 directory with 7 updates Bumps the gomod group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | cuelang.org/go | `0.9.1` | `0.9.2` | | [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) | `3.74.0` | `3.74.1` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | Updates `cuelang.org/go` from 0.9.1 to 0.9.2 Updates `github.com/buildkite/agent/v3` from 3.74.0 to 3.74.1 - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.74.0...v3.74.1) Updates `github.com/sigstore/sigstore` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.4...v1.8.6) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> * update test Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: cpanato <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato <[email protected]>
* fix: extra whitespace in README.md Signed-off-by: Hector Fernandez <[email protected]> * use a different digest for the actions Signed-off-by: Hector Fernandez <[email protected]> --------- Signed-off-by: Hector Fernandez <[email protected]>
) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.47.1 to 0.48.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.47.1...v0.48.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#3771) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.24.0 to 0.25.0. - [Commits](golang/crypto@v0.24.0...v0.25.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.21.0 to 0.22.0. - [Commits](golang/term@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ore#3767) Bumps the gomod group with 1 update: [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils). Updates `sigs.k8s.io/release-utils` from 0.8.2 to 0.8.3 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](kubernetes-sigs/release-utils@v0.8.2...v0.8.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…e#3762) * factor out keyless verification helper function Signed-off-by: Dmitry S <[email protected]> * unit test for loadCertsKeylessVerification helper Signed-off-by: Dmitry S <[email protected]> * remove username from TODOs Signed-off-by: Dmitry Savintsev <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Dmitry Savintsev <[email protected]>
…ore#3774) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.64.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.64.0...v1.64.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…e#3761) Copy the handling of non-Fulcio keys from the verify to all other verify commands (verify-attestation, verify-blob, verify-blob-attestations). Fix sigstore#3759. Signed-off-by: Dmitry S <[email protected]>
…gstore#3776) Document pkg/cosign key utility functions & supported key formats Signed-off-by: Dmitry S <[email protected]>
…sigstore#3785) Bumps the actions group with 2 updates in the / directory: [actions/setup-go](https://github.com/actions/setup-go) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/setup-go` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@cdcb360...0a12ed9) Updates `actions/upload-artifact` from 4.3.3 to 4.3.4 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@6546280...0b2256b) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.48.1 to 0.50.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.48.1...v0.50.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tore#3782) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.187.0 to 0.188.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.187.0...v0.188.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.2 to 0.20.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.19.2...v0.20.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…store#3784) Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.4.5 to 1.5.1. - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.4.5...v1.5.1) --- updated-dependencies: - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | Updates `github.com/sigstore/sigstore` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.6...v1.8.7) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Hayden Blauzvern <[email protected]>
…sigstore#3793) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.74.1 to 3.75.1. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.74.1...v3.75.1) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…igstore#3792) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.106.0 to 0.107.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.106.0...v0.107.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tore#3791) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.188.0 to 0.189.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.188.0...v0.189.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#3752) This pull requests addresses the first part of sigstore#3139: adding protobuf bundle support for cosign sign-blob and cosign attest-blob. Signed-off-by: Zach Steindler <[email protected]>
) Signed-off-by: Slavek Kabrda <[email protected]>
Signed-off-by: Zach Steindler <[email protected]>
Signed-off-by: Zach Steindler <[email protected]>
With `--ignore-sct` to support if you are using keys instead of Fulcio. Signed-off-by: Zach Steindler <[email protected]>
Similar to `--ignore-sct` Signed-off-by: Zach Steindler <[email protected]>
Instead of clients querying remote servers Signed-off-by: Zach Steindler <[email protected]>
Also add ability to specify validity start time for keys Signed-off-by: Zach Steindler <[email protected]>
…ore#3856) Bumps the actions group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/upload-artifact` from 4.3.6 to 4.4.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@834a144...5076954) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the gomod group with 1 update: [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `go.step.sm/crypto` from 0.51.1 to 0.51.2 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.51.1...v0.51.2) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…sigstore#3858) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.78.0 to 3.79.0. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.78.0...v3.79.0) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…igstore#3859) Bumps [github.com/mozillazg/docker-credential-acr-helper](https://github.com/mozillazg/docker-credential-acr-helper) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/mozillazg/docker-credential-acr-helper/releases) - [Changelog](https://github.com/mozillazg/docker-credential-acr-helper/blob/master/.goreleaser.yml) - [Commits](mozillazg/docker-credential-acr-helper@v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: github.com/mozillazg/docker-credential-acr-helper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tore#3860) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.194.0 to 0.195.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.194.0...v0.195.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…8.0 (sigstore#3861) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.67.1 to 0.68.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.67.1...v0.68.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: cpanato <[email protected]>
* update to use go1.22.7 Signed-off-by: cpanato <[email protected]> * update golangci-lint to v1.60 Signed-off-by: cpanato <[email protected]> * fix lints Signed-off-by: cpanato <[email protected]> * update chainguard-dev/actions/kind-diag Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: cpanato <[email protected]>
…sigstore#3874) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.79.0 to 3.81.0. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.79.0...v3.81.0) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…igstore#3867) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.108.0 to 0.109.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.108.0...v0.109.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: sota1235 <[email protected]>
…les (sigstore#3877) * Fix bug in sigstore#3752 When adding bundles support to `attest-blob`, we sent the wrong data to the timestamp authority to sign. Signed-off-by: Zach Steindler <[email protected]> * Only change timestamp authority signature behavior for new bundles Also add TODO when we get to updating `cosign attest` Signed-off-by: Zach Steindler <[email protected]> * Add happy path e2e test Signed-off-by: Zach Steindler <[email protected]> --------- Signed-off-by: Zach Steindler <[email protected]>
Signed-off-by: Hemil K <[email protected]>
) Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.0.0 to 2.0.1. - [Release notes](https://github.com/theupdateframework/go-tuf/releases) - [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml) - [Commits](theupdateframework/go-tuf@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: github.com/theupdateframework/go-tuf/v2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.1.7 to 4.2.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@692973e...d632683) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Bob Callaway <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Bumps the actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.6.0` | `3.7.0` | | [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.5` | `2.1.6` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.0` | `6.1.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.0` | `4.4.1` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.5.0` | `4.6.0` | Updates `sigstore/cosign-installer` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@4959ce0...dc72c7d) Updates `google-github-actions/auth` from 2.1.5 to 2.1.6 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@62cf5bd...8254fb7) Updates `actions/cache` from 4.0.2 to 4.1.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0c45773...2cdf405) Updates `golangci/golangci-lint-action` from 6.1.0 to 6.1.1 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@aaa42aa...971e284) Updates `actions/upload-artifact` from 4.4.0 to 4.4.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5076954...604373d) Updates `codecov/codecov-action` from 4.5.0 to 4.6.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@e28ff12...b9fd7d1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/cache](https://github.com/actions/cache) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/checkout` from 4.2.0 to 4.2.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@d632683...eef6144) Updates `actions/cache` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@2cdf405...3624ceb) Updates `actions/upload-artifact` from 4.4.1 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@604373d...b4b15b8) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add nil check on block before parsing certs. With this small change, I can generate the trusted root json - a long blob that starts with
{"mediaType":"application/vnd.dev.sigstore.trustedroot+json;version=0.1","certificateAuthorities":[{"subject":{"organization"