go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-14 03:51:24 +02:00
Code Issues Releases Activity

chore(deps): upgrade cosign to 2.4.0 (#5099)

Browse Source 
goreleaser currently uses `cosign` `v2.1.1`, this change switches it to
`v2.4.0`.

While there may be other useful updates, I'd like this update to
workaround a bug which I'm experiencing:
https://github.com/sigstore/cosign/issues/3614#issuecomment-2012521670,
and which is solved by upgrading the `cosign` version.
This commit is contained in:
Andrew Newdigate 2024-08-23 15:53:45 +02:00 committed by GitHub
parent 498b55bcc4
commit e4b91521d0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -13,7 +13,7 @@ RUN apk add --no-cache bash \
tini
# install cosign
COPY --from=gcr.io/projectsigstore/cosign:v2.1.1@sha256:411ace177097a33cb2ee74028a87ffdcb70965003cd1378c1ec7bf9f9dec9359 /ko-app/cosign /usr/bin/cosign
COPY --from=gcr.io/projectsigstore/cosign:v2.4.0@sha256:9d50ceb15f023eda8f58032849eedc0216236d2e2f4cfe1cdf97c00ae7798cfe /ko-app/cosign /usr/bin/cosign
# install syft
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.84.1/install.sh | sh -s -- -b /usr/local/bin