dependabot[bot]
127524cf54
Bump github/codeql-action from 2.2.8 to 2.2.9 ( #1001 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](67a35a0858...04df1262e6
2023-04-03 08:57:17 -04:00
dependabot[bot]
0c47ec26aa
Bump actions/stale from 7.0.0 to 8.0.0 ( #996 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](6f05e4244c...1160a22402
2023-03-27 10:17:53 -04:00
dependabot[bot]
bbaea09b5a
Bump github/codeql-action from 2.2.7 to 2.2.8 ( #997 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.7 to 2.2.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](168b99b3c2...67a35a0858
2023-03-27 10:16:53 -04:00
dependabot[bot]
9061326b43
Bump actions/checkout from 3.4.0 to 3.5.0 ( #998 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](24cb908017...8f4b7f8486
2023-03-27 10:16:26 -04:00
Jason Hall
5e7dad5f32
try to fix codeql workflow ( #994 )
2023-03-20 08:18:32 -07:00
Carlos Tadeu Panato Junior
d46bc8c75d
use git hash instead of git tag ( #988 )
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2023-03-17 10:51:07 -04:00
Carlos Tadeu Panato Junior
deb13d71da
refactor release job ( #986 )
...
* add tag name to the provenance
Signed-off-by: cpanato <ctadeu@gmail.com>
* refactor release job
Signed-off-by: cpanato <ctadeu@gmail.com>
---------
Signed-off-by: cpanato <ctadeu@gmail.com>
2023-03-17 09:37:59 -04:00
Batuhan Apaydın
6f371b0291
fix deprecated attestation name ( #983 )
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2023-03-14 15:10:00 -04:00
Jason Hall
0e4dbdda27
fix release workflow ( #977 )
2023-03-14 11:40:41 -07:00
Carlos Tadeu Panato Junior
4cde944f30
Upgrade to go120 ( #984 )
...
* upgrade to use go1.20
Signed-off-by: cpanato <ctadeu@gmail.com>
* bump go module to require minimum go1.19
Signed-off-by: cpanato <ctadeu@gmail.com>
* fix gofmt
Signed-off-by: cpanato <ctadeu@gmail.com>
* update base image
Signed-off-by: cpanato <ctadeu@gmail.com>
---------
Signed-off-by: cpanato <ctadeu@gmail.com>
2023-03-14 10:35:54 -04:00
Ian Lewis
2860fcf5ee
Fix: Use attestation-name output ( #980 )
...
Fixes #978
Uses the `attestation-name` output from `generator_generic_slsa3.yml` to get the artifact name to download.
Also removes the `compile-generator` input as https://github.com/slsa-framework/slsa-github-generator/issues/1163 was fixed.
Signed-off-by: Ian Lewis <ianmlewis@gmail.com>
2023-03-13 12:24:24 -04:00
dependabot[bot]
b4331f36c9
Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 ( #981 )
...
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials ) from 1.7.0 to 2.0.0.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases )
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v1.7.0...v2.0.0 )
---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 12:23:57 -04:00
Jason Hall
7ce947817e
fix cosign by adding --yes ( #973 )
2023-03-07 11:35:10 -08:00
dependabot[bot]
a1588838ba
Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 ( #971 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.8.1 to 3.0.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.8.1...v3.0.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-06 22:41:57 -05:00
dependabot[bot]
86b6c2854f
Bump actions/checkout from 2 to 3 ( #966 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 11:11:08 -05:00
dependabot[bot]
0bd12fb106
Bump slsa-framework/slsa-github-generator from 1.2.1 to 1.5.0 ( #967 )
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.2.1 to 1.5.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.2.1...v1.5.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 11:10:51 -05:00
dependabot[bot]
1864ca129f
Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 ( #952 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4.1.1...v4.2.0 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-15 13:43:05 -05:00
dependabot[bot]
8f56e3de60
Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 ( #947 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 09:46:07 -05:00
Jason Hall
18d3a82e3b
remove 'ko deps' ( #937 )
2023-01-18 13:18:19 -05:00
Matt Moore
72e2752b00
Feature: Add ECR presubmit testing. ( #934 )
...
🎁 This leverages OIDC federation to enable presubmit testing against ECR.
/kind feature
2023-01-16 09:47:25 -08:00
dependabot[bot]
199156fdab
Bump actions/stale from 6 to 7 ( #916 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 6 to 7.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/stale/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 20:40:35 -05:00
dependabot[bot]
cf052157d7
Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 ( #911 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 3.2.0 to 4.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v3.2.0...v4.1.0 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 15:44:03 -05:00
Vincent Demeester
a28ed35cc0
Publish an tagged image on release ( #868 )
...
* Publish an tagged image on release
Fixes #847
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
* Update some comments on the publish job
Thanks @imjasonh
Co-authored-by: Jason Hall <jason@chainguard.dev>
* Remove GITHUB_TOKEN env
No need for GITHUB_TOKEN, setup-ko handles it already.
Co-authored-by: Jason Hall <jason@chainguard.dev>
* Sign the published image with cosign
Co-authored-by: Jason Hall <jason@chainguard.dev>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Co-authored-by: Jason Hall <jason@chainguard.dev>
2022-11-30 11:02:32 -05:00
laurentsimon
3cbbeb3ad3
Fix verifier ( #891 )
2022-11-14 13:49:33 -05:00
laurentsimon
8dbea6b968
Temp fix for SLSA generators ( #886 )
...
Sigstore made a breaking change as part of their recent GA announcement. We need a temporary fix to avoid builder failure (see slsa-framework/slsa-github-generator#1163 )
/cc @asraa
2022-11-11 12:48:51 -05:00
Jason Hall
d6db71dfc6
install mkdocs-redirect when publishing site ( #873 )
2022-11-09 09:55:50 -05:00
dependabot[bot]
d7cd9d414a
Bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 ( #861 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v3.1.0...v3.2.0 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-24 09:22:31 -04:00
dependabot[bot]
75e90323d5
Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 ( #860 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.8.0...v2.8.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-24 09:22:20 -04:00
dependabot[bot]
761e25d019
Bump codecov/codecov-action from 3.1.0 to 3.1.1 ( #827 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-18 14:29:50 -04:00
dependabot[bot]
9037d852d6
Bump sigstore/cosign-installer from 2.7.0 to 2.8.0 ( #841 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-10 08:05:18 -04:00
dependabot[bot]
ad90dea6c4
Bump actions/setup-python from 2 to 4 ( #835 )
2022-10-03 05:29:40 -04:00
Jason Hall
e1b4eade08
Move docs to ko.build ( #749 )
...
* Move docs to ko.build
* rm ko_deps.md
* remove trailing whitespace
* add go-import meta tag
* update mkdocs.yml
* update mkdocs.yml
* remove duplicate main.html
* update go.sum
2022-09-30 15:04:37 -04:00
dependabot[bot]
1ce9f7d3b1
Bump sigstore/cosign-installer from 2.6.0 to 2.7.0 ( #828 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.6.0 to 2.7.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.6.0...v2.7.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-27 17:16:44 -04:00
dependabot[bot]
e53b952cd0
Bump actions/stale from 5 to 6 ( #826 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 5 to 6.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/stale/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-27 17:13:24 -04:00
Batuhan Apaydın
5e0452ad67
feat: write sbom result to disk ( #822 )
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2022-09-20 16:44:54 -04:00
dependabot[bot]
516cae1667
Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 ( #816 )
2022-09-11 23:39:12 -04:00
Jason Hall
9a1eae8517
ci: build and test using 1.18 and 1.19 (drop 1.17) ( #812 )
...
* ci: build and test using 1.18 and 1.19 (drop 1.17)
* remove pre-1.18 compat code, update README
* go install goimports before checkout
* update chainguard-dev/actions to versions that go install
2022-09-06 12:59:56 -04:00
dependabot[bot]
ad1de2071b
Bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 ( #802 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v3.0.0...v3.1.0 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-26 12:55:49 -04:00
Puerco
7a8f1b9ec7
SPDX: Fix package manager label ( #801 )
...
* SPDX: Fix package manager label
This commit fixes the package manager label in external references
to make them [conform to the spec](https://spdx.github.io/spdx-spec/package-information/#721-external-reference-field ).
Signed-off-by: Adolfo Garcia Veytia (puerco) <puerco@chainguard.dev>
* Bump SPDX tools to 1.1.0
This commit bumps SPDX tools to 1.1.0 preparing the CI to
validate SPDX 2.3 documents.
Signed-off-by: Adolfo Garcia Veytia (puerco) <puerco@chainguard.dev>
Signed-off-by: Adolfo Garcia Veytia (puerco) <puerco@chainguard.dev>
2022-08-26 12:40:51 -04:00
Jason Hall
f9775dcf6b
Support --tag and --tag-only with nop publisher ( #797 )
...
* Support --tag and --tag-only with nop publisher
* log the output, for debugging
* unset KO_DOCKER_REPO for push=false test
* run e2e test first before other stuff
* review feedback
2022-08-24 10:57:52 -04:00
dependabot[bot]
2c58e4a136
Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 ( #794 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.5.0...v2.5.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-22 09:44:12 -04:00
laurentsimon
14b4fe1c7c
feat: generate SLSA provenance for release binaries ( #730 )
...
* Support for SLSA provenance generation
* updates
* updates
* updates
* updates
* updates
* comment
* update
* update
* update
* update
* update
* update
* update
* update
* update
2022-08-16 18:01:15 -04:00
dependabot[bot]
ad00979ecc
Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 ( #784 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.4.1...v2.5.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-01 04:05:50 -04:00
Jason Hall
d71c0df165
Fix e2e push tests, these registries need --bare ( #780 )
2022-07-22 17:48:51 -04:00
Jason Hall
47fa74e18c
Add tests that ko can push to quay.io and Dockerhub ( #778 )
...
* Add test that ko can push to quay.io
* Also push to dockerhub
* workflow_dispatch
2022-07-22 17:32:31 -04:00
Jason Hall
ccddbb800e
Add kind e2e test for ko run ( #779 )
2022-07-22 17:21:16 -04:00
Jason Hall
890365c4b3
fix GitHub Actions workflows ( #777 )
2022-07-21 10:43:30 -04:00
Jason Hall
3ef2fec866
Use chainguard-dev/actions/setup-registry ( #772 )
...
* Use chainguard-dev/actions/setup-registry
* run -> uses
2022-07-20 14:38:24 -04:00
Jason Hall
a148473bc0
exercise symlink chasing without .git ( #763 )
...
* exercise symlink chasing without .git
* fix b symlink
2022-07-13 17:07:51 -04:00
Matt Moore
2299765c54
Start emitting multi-arch SBOMs for SPDX with ko ( #743 )
...
This plumbs through support for building multi-arch SPDX SBOMs largely based on Puerco's outline, but with a few
adaptations. I added a few minor refactorings to try to enable consistency across the Image/Index SBOMs.
Related: https://github.com/google/ko/issues/655
2022-07-05 12:47:15 -07:00
