Link & SLSA attestor #381
Merged
Link & SLSA attestor #381
Commits on May 9, 2024
-
Handle multiple results from run
Signed-off-by: John Kjell <[email protected]>
-
Rename exportRun and add better file naming
Signed-off-by: John Kjell <[email protected]>
-
Update go version in actions and point go.mod to WIP go-witness
Signed-off-by: John Kjell <[email protected]>
-
Add explicit setup-go action for workflows and change attestation fil…
…e output to backwards compatible Signed-off-by: John Kjell <[email protected]>
-
Add back license scanning badge (#377)
Signed-off-by: John Kjell <[email protected]>
-
chore: bump github/codeql-action from 3.23.2 to 3.24.0 (#378)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.2 to 3.24.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b7bf0a3...e8893c5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tom Meadows <[email protected]> Signed-off-by: John Kjell <[email protected]>
-
chore: bump step-security/harden-runner from 2.6.1 to 2.7.0 (#379)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@eb238b5...63c24ba) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tom Meadows <[email protected]> Signed-off-by: John Kjell <[email protected]>
-
chore: bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#380)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9614fae...e1523de) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump actions/download-artifact from 4.1.1 to 4.1.2 (#382)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@6b208ae...eaceaf8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump actions/upload-artifact from 4.3.0 to 4.3.1 (#383)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@26f96df...5d5d22a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
Add Tom as a Witness maintainer (#385)
Signed-off-by: John Kjell <[email protected]>
-
chore: bump testifysec/witness-run-action from 0.1.3 to 0.1.5 (#389)
Bumps [testifysec/witness-run-action](https://github.com/testifysec/witness-run-action) from 0.1.3 to 0.1.5. - [Release notes](https://github.com/testifysec/witness-run-action/releases) - [Commits](testifysec/witness-run-action@40aa4ef...2ae7f93) --- updated-dependencies: - dependency-name: testifysec/witness-run-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#387)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@3a91952...3cfe3a4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump fossas/fossa-action from 1.3.1 to 1.3.3 (#390)
Bumps [fossas/fossa-action](https://github.com/fossas/fossa-action) from 1.3.1 to 1.3.3. - [Release notes](https://github.com/fossas/fossa-action/releases) - [Commits](fossas/fossa-action@f61a4c0...47ef11b) --- updated-dependencies: - dependency-name: fossas/fossa-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump github/codeql-action from 3.24.0 to 3.24.3 (#391)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e8893c5...3796146) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump actions/dependency-review-action from 4.0.0 to 4.1.1 (#392)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.0.0 to 4.1.1. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@4901385...fd07d42) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump actions/dependency-review-action from 4.1.1 to 4.1.3 (#395)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.1.1 to 4.1.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@fd07d42...9129d7d) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump github/codeql-action from 3.24.3 to 3.24.5 (#396)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.24.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3796146...47b3d88) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump actions/cache from 4.0.0 to 4.0.1 (#401)
Signed-off-by: John Kjell <[email protected]>
-
chore: bump github/codeql-action from 3.24.5 to 3.24.6 (#400)
Signed-off-by: John Kjell <[email protected]>
-
chore: bump actions/download-artifact from 4.1.2 to 4.1.4 (#399)
Signed-off-by: John Kjell <[email protected]>
-
fix: run e2e test script as part of workflows (#397)
* fix: run e2e test script as part of workflows --------- Signed-off-by: Mikhail Swift <[email protected]> Co-authored-by: John Kjell <[email protected]> Signed-off-by: John Kjell <[email protected]>
-
chore: bump github/codeql-action from 3.24.6 to 3.24.8 (#415)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8a470fd...05963f4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump docker/login-action from 3.0.0 to 3.1.0 (#413)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@343f7c4...e92390c) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump github/codeql-action from 3.24.8 to 3.24.9 (#419)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.8 to 3.24.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@05963f4...1b1aada) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump actions/dependency-review-action from 4.1.3 to 4.2.4 (#420)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.1.3 to 4.2.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@9129d7d...733dd5d) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
chore: bump actions/cache from 4.0.1 to 4.0.2 (#421)
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@ab5e6d0...0c45773) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
Change to group dependency updates per ecosystem (GHA, go-mod) Signed-off-by: John Kjell <[email protected]> Co-authored-by: Tom Meadows <[email protected]> Signed-off-by: John Kjell <[email protected]>
-
chore: bump the all-gha group with 1 update (#426)
Bumps the all-gha group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action). Updates `actions/dependency-review-action` from 4.2.4 to 4.2.5 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@733dd5d...5bbc3ba) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-gha ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
Update GHA triggers to fine tune for code changes vs other updates (#406
) Signed-off-by: John Kjell <[email protected]> Co-authored-by: Tom Meadows <[email protected]> Signed-off-by: John Kjell <[email protected]>
-
chore: bump the all-gha group with 2 updates (#431)
Bumps the all-gha group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `github/codeql-action` from 3.24.9 to 3.24.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@1b1aada...4355270) Updates `sigstore/cosign-installer` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@e1523de...59acb62) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-gha - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-gha ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: John Kjell <[email protected]>
-
Merge branch 'main' into link-attestor
Signed-off-by: John Kjell <[email protected]>
-
Fix breaks from go-witness updates
Signed-off-by: John Kjell <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.