Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update to upstream 2.4.0 #236

Merged
merged 171 commits into from
Sep 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
171 commits
Select commit Hold shift + click to select a range
d96e379
fix 'go vet -tags e2e ./...' (#3550)
dmitris Feb 22, 2024
fb70b8e
chore(deps): bump github.com/xanzy/go-gitlab from 0.97.0 to 0.98.0 (#…
dependabot[bot] Feb 26, 2024
c061e87
chore(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 (#3557)
dependabot[bot] Feb 26, 2024
5923d9b
remove unused rootPool var (#3559)
dmitris Feb 27, 2024
86921c7
Bump sigstore/sigstore to v1.8.2 (#3561)
haydentherapper Feb 28, 2024
40dd4c3
Correct help text of triangulate cmd (#3551)
michaelvl Feb 28, 2024
8dcaf2c
chore(deps): bump imranismail/setup-kustomize from a76db1c6419124d514…
dependabot[bot] Feb 28, 2024
a4da0c2
chore(deps): bump the actions group with 3 updates (#3564)
dependabot[bot] Feb 29, 2024
7a2d50b
Update builder image, cosign image, golangci-lint (#3565)
cpanato Mar 3, 2024
9a9c6cb
chore(deps): bump the actions group with 1 update (#3576)
dependabot[bot] Mar 4, 2024
5019cc4
chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.6…
dependabot[bot] Mar 4, 2024
d38d339
chore(deps): bump the gomod group with 5 updates (#3574)
dependabot[bot] Mar 4, 2024
fb488d7
free up disk space during e2e test runs (#3579)
bobcallaway Mar 7, 2024
cb01516
Honor creation timestamp for signatures again (#3549)
Lerentis Mar 7, 2024
4574cd2
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 (…
dependabot[bot] Mar 7, 2024
6ee5a9c
chore(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 (#3…
dependabot[bot] Mar 7, 2024
16a3dda
bump release to use go 1.21.8 (#3583)
bobcallaway Mar 8, 2024
8ba9a5e
Clean up READMEs (#3587)
haydentherapper Mar 11, 2024
0506a69
chore(deps): bump the actions group with 1 update (#3588)
dependabot[bot] Mar 11, 2024
cdbb891
chore(deps): bump github.com/xanzy/go-gitlab from 0.98.0 to 0.100.0 (…
dependabot[bot] Mar 11, 2024
693db70
chore(deps): bump the gomod group with 4 updates (#3589)
dependabot[bot] Mar 11, 2024
d8a6af9
Update README for contributions (#3596)
haydentherapper Mar 11, 2024
2a96f4c
chore(deps): bump github.com/go-openapi/runtime from 0.27.2 to 0.28.0…
dependabot[bot] Mar 11, 2024
b20ff08
chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#3591)
dependabot[bot] Mar 11, 2024
b551637
chore(deps): bump google.golang.org/api from 0.167.0 to 0.169.0 (#3594)
dependabot[bot] Mar 11, 2024
5d60a9a
Adds Support for Fulcio Client Credentials Flow, and Argument to Set …
nkreiger Mar 12, 2024
3065e53
Update the script for working with blobs (#3610)
arewm Mar 19, 2024
0037808
chore(deps): bump the actions group with 1 update (#3607)
dependabot[bot] Mar 19, 2024
aab1b8f
chore(deps): bump cuelang.org/go from 0.7.1 to 0.8.0 (#3606)
dependabot[bot] Mar 19, 2024
9081f20
chore(deps): bump google.golang.org/api from 0.169.0 to 0.170.0 (#3605)
dependabot[bot] Mar 19, 2024
fb18bba
chore(deps): bump the gomod group with 1 update (#3603)
dependabot[bot] Mar 19, 2024
887f36b
chore(deps): bump github.com/docker/docker (#3612)
dependabot[bot] Mar 21, 2024
1ea2154
Put secrets on github organizations (#3567)
fnxpt Mar 21, 2024
7d56594
Update CHANGELOG for v1.13.6 (#3618)
haydentherapper Mar 22, 2024
45ebf49
chore(deps): bump the actions group with 2 updates (#3623)
dependabot[bot] Mar 25, 2024
c18b043
chore(deps): bump github.com/xanzy/go-gitlab from 0.100.0 to 0.101.0 …
dependabot[bot] Mar 25, 2024
45f626a
chore(deps): bump google.golang.org/api from 0.170.0 to 0.171.0 (#3626)
dependabot[bot] Mar 25, 2024
ba9898c
chore(deps): bump go.step.sm/crypto from 0.43.1 to 0.44.1 (#3625)
dependabot[bot] Mar 26, 2024
abfd1cd
Clean up and clarify e2e scripts (#3628)
cmurphy Mar 29, 2024
4824d6c
Remove cross.yaml workflow (#3629)
cmurphy Mar 31, 2024
fe51982
chore(deps): bump the gomod group with 6 updates (#3633)
dependabot[bot] Apr 1, 2024
52233da
chore(deps): bump google.golang.org/api from 0.171.0 to 0.172.0 (#3635)
dependabot[bot] Apr 1, 2024
d55b6f2
chore(deps): bump github.com/open-policy-agent/opa from 0.62.1 to 0.6…
dependabot[bot] Apr 1, 2024
700da0a
chore(deps): bump the actions group with 1 update (#3637)
dependabot[bot] Apr 2, 2024
6206f5a
feat: add OVHcloud MPR registry tested with cosign (#3639)
scraly Apr 3, 2024
7001e82
Fixing issue 3642 (#3643)
Mukuls77 Apr 4, 2024
fa504b4
Fixing issue 3642 (#3644)
Mukuls77 Apr 4, 2024
3c8170a
add oci bundle spec (#3622)
bdehamer Apr 5, 2024
f7d867b
chore(deps): bump the actions group with 2 updates (#3647)
dependabot[bot] Apr 8, 2024
d56c9e8
chore(deps): bump the gomod group with 3 updates (#3648)
dependabot[bot] Apr 8, 2024
2d13b65
chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 (#3650)
dependabot[bot] Apr 8, 2024
eba7c59
chore(deps): bump golang.org/x/term from 0.18.0 to 0.19.0 (#3651)
dependabot[bot] Apr 8, 2024
48858a2
chore(deps): bump github.com/xanzy/go-gitlab from 0.101.0 to 0.102.0 …
dependabot[bot] Apr 8, 2024
430c985
chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 (#3655)
dependabot[bot] Apr 9, 2024
c95439b
chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 …
dependabot[bot] Apr 9, 2024
d0b9861
chore(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#3649)
dependabot[bot] Apr 9, 2024
302aee6
Refactor e2e-tests.yml workflow (#3627)
cmurphy Apr 9, 2024
629f5f8
Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661)
haydentherapper Apr 10, 2024
fb651b4
Add v2.2.4 changelog (#3662)
haydentherapper Apr 10, 2024
b15eefa
bump scaffolding to latest release for testing (#3663)
bobcallaway Apr 11, 2024
e23dcd1
fix latest tag not being created and add latest to the dev image as w…
cpanato Apr 11, 2024
db6d13f
chore(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 (#3656)
dependabot[bot] Apr 12, 2024
ba3d36d
switch to community repo of reusable-release (#3666)
bobcallaway Apr 12, 2024
ee4198d
chore(deps): bump the actions group with 3 updates (#3668)
dependabot[bot] Apr 15, 2024
e036af8
chore(deps): bump go.step.sm/crypto in the gomod group (#3667)
dependabot[bot] Apr 15, 2024
02b1b26
add registry options to cosign save (#3645)
JasonPowr Apr 17, 2024
59f0099
chore(deps): bump the actions group with 2 updates (#3676)
dependabot[bot] Apr 22, 2024
3102b3c
chore(deps): bump go.step.sm/crypto in the gomod group (#3672)
dependabot[bot] Apr 23, 2024
5f13e63
chore(deps): bump google.golang.org/api from 0.172.0 to 0.176.0 (#3673)
dependabot[bot] Apr 23, 2024
e4197bd
chore(deps): bump github.com/xanzy/go-gitlab from 0.102.0 to 0.103.0 …
dependabot[bot] Apr 23, 2024
d33bbc3
fix: close attestationFile (#3679)
testwill Apr 29, 2024
69f3478
chore(deps): bump actions/checkout in the actions group (#3680)
dependabot[bot] Apr 29, 2024
cd018e9
chore(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (…
dependabot[bot] Apr 29, 2024
d247bad
chore(deps): bump the gomod group with 3 updates (#3682)
dependabot[bot] Apr 29, 2024
e9a3739
chore(deps): bump github.com/open-policy-agent/opa from 0.63.0 to 0.6…
dependabot[bot] Apr 29, 2024
fa17fab
Refactor KMS E2E tests (#3684)
cmurphy Apr 30, 2024
0976894
chore(deps): bump the actions group with 3 updates (#3686)
dependabot[bot] May 6, 2024
2d398bc
chore(deps): bump google.golang.org/api from 0.176.1 to 0.177.0 (#3687)
dependabot[bot] May 6, 2024
f0fd640
chore(deps): bump github.com/xanzy/go-gitlab from 0.103.0 to 0.104.0 …
dependabot[bot] May 6, 2024
b3448d4
chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#3691)
dependabot[bot] May 6, 2024
50c67f0
chore(deps): bump google.golang.org/api from 0.177.0 to 0.180.0 (#3698)
dependabot[bot] May 13, 2024
17c9af7
chore(deps): bump the actions group with 3 updates (#3694)
dependabot[bot] May 13, 2024
d2766d8
Add PayloadProvider interface to decouple AttestationToPayloadJSON fr…
codysoyland May 13, 2024
40e6740
chore(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (…
dependabot[bot] May 13, 2024
8b498bd
chore(deps): bump sigs.k8s.io/release-utils in the gomod group (#3696)
dependabot[bot] May 13, 2024
1211157
chore(deps): bump github.com/xanzy/go-gitlab from 0.104.0 to 0.105.0 …
dependabot[bot] May 13, 2024
62742a1
Refactor insecure registry E2E tests (#3701)
cmurphy May 17, 2024
2e65241
Remove KMS E2E test script (#3702)
cmurphy May 17, 2024
645636e
Remove sign_blob_test.sh test (#3707)
cmurphy May 20, 2024
2bb2e88
Add README.md for tests (#3708)
cmurphy May 20, 2024
6e2fcd6
chore(deps): bump the actions group with 3 updates (#3706)
dependabot[bot] May 21, 2024
2359dbd
chore(deps): bump google.golang.org/api from 0.180.0 to 0.181.0 (#3703)
dependabot[bot] May 21, 2024
5ae2e31
chore(deps): bump go.step.sm/crypto from 0.44.8 to 0.45.0 (#3704)
dependabot[bot] May 21, 2024
550dbf9
chore(deps): bump go.step.sm/crypto in the gomod group (#3710)
dependabot[bot] May 27, 2024
e623217
chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.6…
dependabot[bot] Jun 3, 2024
6b6acc2
chore(deps): bump the gomod group with 5 updates (#3713)
dependabot[bot] Jun 3, 2024
f3225b3
chore(deps): bump google.golang.org/api from 0.181.0 to 0.182.0 (#3716)
dependabot[bot] Jun 3, 2024
d275a27
chore(deps): bump go.step.sm/crypto from 0.45.1 to 0.46.0 (#3717)
dependabot[bot] Jun 3, 2024
098e892
chore(deps): bump cuelang.org/go from 0.8.2 to 0.9.0 (#3725)
dependabot[bot] Jun 10, 2024
eae74ff
chore(deps): bump google.golang.org/api from 0.182.0 to 0.183.0 (#3726)
dependabot[bot] Jun 10, 2024
5bbccd5
chore(deps): bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#3721)
dependabot[bot] Jun 11, 2024
ca1733a
Add debug providers command. (#3728)
wlynch Jun 11, 2024
e72f472
chore(deps): bump go.step.sm/crypto from 0.46.0 to 0.47.0 (#3723)
dependabot[bot] Jun 11, 2024
98fd801
Bump scaffolding version (#3736)
haydentherapper Jun 18, 2024
ee521e4
bump builder image to ise go1.21.11 and update goreleaser to version …
cpanato Jun 18, 2024
598c734
chore(deps): bump google.golang.org/api from 0.183.0 to 0.184.0 (#3734)
dependabot[bot] Jun 18, 2024
e5937c5
chore(deps): bump the actions group across 1 directory with 5 updates…
dependabot[bot] Jun 18, 2024
2525c93
chore(deps): bump the gomod group with 4 updates (#3731)
dependabot[bot] Jun 18, 2024
9a9447d
chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.2.0 to 2.3.0 …
dependabot[bot] Jun 18, 2024
9f18570
chore(deps): bump github.com/spf13/viper from 1.18.2 to 1.19.0 (#3715)
dependabot[bot] Jun 18, 2024
5209b38
Make config layers in ociremote mountable (#3741)
jonjohnsonjr Jun 18, 2024
9e3811b
upgrade to go1.22 (#3739)
cpanato Jun 19, 2024
2b538f8
adds tsa cert chain check for env var or tuf targets. (#3600)
ianhundere Jun 19, 2024
68d38a8
chore(deps): bump github.com/hashicorp/go-retryablehttp (#3749)
dependabot[bot] Jun 25, 2024
8859e29
chore(deps): bump github.com/xanzy/go-gitlab from 0.105.0 to 0.106.0 …
dependabot[bot] Jun 25, 2024
e924bc8
chore(deps): bump google.golang.org/api from 0.184.0 to 0.185.0 (#3747)
dependabot[bot] Jun 25, 2024
7c20052
Fixing issue 3743 (#3744)
Meeki1l Jun 25, 2024
40fc15f
add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464)
dmitris Jul 1, 2024
8b55af2
Set `bundleVerified` to true after Rekor verification (Resolves #3740…
maxlambrecht Jul 1, 2024
7d74685
chore(deps): bump google.golang.org/api from 0.185.0 to 0.186.0 (#3755)
dependabot[bot] Jul 2, 2024
79db196
chore(deps): bump github.com/open-policy-agent/opa from 0.65.0 to 0.6…
dependabot[bot] Jul 2, 2024
3d622d1
Update README.md to account for necessary new go version (#3764)
bminahan73 Jul 3, 2024
d05a120
General housekeeping and go updates (#3765)
cpanato Jul 5, 2024
bf2067a
chore(deps): bump the gomod group across 1 directory with 7 updates (…
dependabot[bot] Jul 5, 2024
b310bc6
fix: extra whitespace in README.md (#3773)
hectorj2f Jul 8, 2024
58af4bb
chore(deps): bump go.step.sm/crypto from 0.47.1 to 0.48.1 (#3768)
dependabot[bot] Jul 8, 2024
e5afa56
chore(deps): bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#3771)
dependabot[bot] Jul 8, 2024
2dd32f6
chore(deps): bump golang.org/x/term from 0.21.0 to 0.22.0 (#3770)
dependabot[bot] Jul 8, 2024
bc5f6c6
chore(deps): bump sigs.k8s.io/release-utils in the gomod group (#3767)
dependabot[bot] Jul 9, 2024
811dba8
factor out keyless verification certificate loading function (#3762)
dmitris Jul 9, 2024
ca682f2
chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#3774)
dependabot[bot] Jul 10, 2024
bdcbf44
add handling of keyless verification for all verify commands (#3761)
dmitris Jul 11, 2024
f7a5725
Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3…
dmitris Jul 11, 2024
13d3a56
chore(deps): bump the actions group across 1 directory with 2 updates…
dependabot[bot] Jul 15, 2024
4fd699c
chore(deps): bump go.step.sm/crypto from 0.48.1 to 0.50.0 (#3781)
dependabot[bot] Jul 15, 2024
f9270c0
chore(deps): bump google.golang.org/api from 0.187.0 to 0.188.0 (#3782)
dependabot[bot] Jul 15, 2024
05026ee
chore(deps): bump github.com/google/go-containerregistry (#3783)
dependabot[bot] Jul 15, 2024
3c6c5c9
chore(deps): bump github.com/sigstore/fulcio from 1.4.5 to 1.5.1 (#3784)
dependabot[bot] Jul 16, 2024
4684fd6
chore(deps): bump the gomod group with 5 updates (#3780)
dependabot[bot] Jul 16, 2024
20d4724
chore(deps): bump github.com/google/go-containerregistry (#3790)
dependabot[bot] Jul 22, 2024
aeba473
Add CHANGELOG for v2.3.0 (#3789)
haydentherapper Jul 22, 2024
c6f89f8
chore(deps): bump github.com/buildkite/agent/v3 from 3.74.1 to 3.75.1…
dependabot[bot] Jul 22, 2024
deed363
chore(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0 …
dependabot[bot] Jul 22, 2024
ffde21e
chore(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 (#3791)
dependabot[bot] Jul 22, 2024
c6cdf1b
Adding protobuf bundle support to sign-blob and attest-blob (#3752)
steiza Jul 23, 2024
62a2cff
Include SCT verification failure details in error message (#3799)
bkabrda Jul 26, 2024
98c2cab
bump scaffolding version in tests to 0.7.5 (#3800)
bobcallaway Jul 28, 2024
0406602
Add support for recording creation timestamp for cosign attest (#3797)
zshorvath Jul 29, 2024
b4cf37b
Add new bundle support to `verify-blob` and `verify-blob-attestation`…
steiza Jul 29, 2024
973bcd1
chore(deps): bump ossf/scorecard-action in the actions group (#3801)
dependabot[bot] Jul 29, 2024
ec2480e
chore(deps): bump github.com/open-policy-agent/opa from 0.66.0 to 0.6…
dependabot[bot] Jul 29, 2024
f40ad0f
chore(deps): bump sigs.k8s.io/release-utils in the gomod group (#3802)
dependabot[bot] Jul 29, 2024
06d1290
chore(deps): bump github.com/docker/docker (#3804)
dependabot[bot] Jul 30, 2024
7e3c2f5
handle docker-compose v2, free up more space (#3809)
bobcallaway Aug 6, 2024
b61b689
chore(deps): bump the actions group across 1 directory with 4 updates…
dependabot[bot] Aug 6, 2024
71a4952
chore(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#3811)
dependabot[bot] Aug 6, 2024
983a368
chore(deps): bump go.step.sm/crypto from 0.50.0 to 0.51.1 (#3812)
dependabot[bot] Aug 6, 2024
7bac5e9
tidy up validate release script (#3817)
bobcallaway Aug 6, 2024
e3a3914
chore(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 (#3814)
dependabot[bot] Aug 6, 2024
d0492cf
chore(deps): bump github.com/buildkite/agent/v3 from 3.75.1 to 3.76.2…
dependabot[bot] Aug 6, 2024
be43902
move incremental builds per commit to GHCR instead of GCR (#3808)
bobcallaway Aug 6, 2024
2387b50
chore(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 (#3815)
dependabot[bot] Aug 6, 2024
fd0368a
Conformance testing for cosign (#3806)
steiza Aug 6, 2024
c346825
Bump sigstore/sigstore (#3819)
haydentherapper Aug 6, 2024
b5e7dc1
Add login for GHCR (#3820)
haydentherapper Aug 6, 2024
6b54010
Merge tag 'v2.4.0'
lance Aug 20, 2024
5cdc70c
chore(deps): bump github.com/docker/docker (#3823) (#242)
lance Aug 22, 2024
876c2f7
chore(pipelines): remove cosign hermetic builds
lance Sep 4, 2024
b69bf3b
chore: remove git stash/pop from cosign build
lance Sep 4, 2024
899e9be
Merge branch 'main' into lance/update-to-2.4.0
lance Sep 4, 2024
a97db15
fixup: remove prefetch-input task
lance Sep 4, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 17 additions & 8 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,41 +29,50 @@ on:
- main
- release-*

permissions: read-all
permissions: {}

jobs:
build:
name: build
runs-on: ubuntu-latest

if: github.repository == 'sigstore/cosign'

permissions:
id-token: write
contents: read

steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0

- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.21'
go-version: '1.22'
check-latest: true

# will use the latest release available for ko
- uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
- uses: ko-build/setup-ko@3aebd0597dc1e9d1a26bcfdb7cbeb19c131d3037 # v0.7

- name: Set up Cloud SDK
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4
with:
workload_identity_provider: 'projects/498091336538/locations/global/workloadIdentityPools/githubactions/providers/sigstore-cosign'
service_account: '[email protected]'

- name: creds
run: gcloud auth configure-docker --quiet

- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: containers-cosign
run: make sign-ci-containers
env:
KO_PREFIX: gcr.io/projectsigstore/cosign/ci
KO_PREFIX: ghcr.io/sigstore/cosign/cosign/ci
COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}"
10 changes: 7 additions & 3 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,15 @@ on:
env:
CODEQL_EXTRACTOR_GO_BUILD_TRACING: true

permissions: {}

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest

if: github.repository == 'sigstore/cosign'

permissions:
security-events: write
actions: read
Expand All @@ -47,7 +51,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Utilize Go Module Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
Expand All @@ -60,9 +64,9 @@ jobs:
${{ runner.os }}-go-

- name: Set correct version of Golang to use during CodeQL run
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.21'
go-version: '1.22'
check-latest: true

# Initializes the CodeQL tools for scanning.
Expand Down
42 changes: 42 additions & 0 deletions .github/workflows/conformance.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Copyright 2024 The Sigstore Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Conformance Tests

on:
push:
branches:
- main
pull_request:
branches:
- main

permissions:
contents: read

jobs:
conformance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.22'
check-latest: true

- run: make cosign conformance

- uses: sigstore/sigstore-conformance@ee4de0e602873beed74cf9e49d5332529fe69bf6 # v0.0.11
with:
entrypoint: ${{ github.workspace }}/conformance
17 changes: 16 additions & 1 deletion .github/workflows/cut-release.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
#
# Copyright 2024 The Sigstore Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Cut Release

on:
Expand All @@ -21,7 +36,7 @@ concurrency: cut-release
jobs:
cut-release:
name: Cut release
uses: sigstore/sigstore/.github/workflows/reusable-release.yml@main
uses: sigstore/community/.github/workflows/reusable-release.yml@main
permissions:
id-token: write
contents: read
Expand Down
11 changes: 8 additions & 3 deletions .github/workflows/depsreview.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,15 @@
name: 'Dependency Review'
on: [pull_request]

permissions:
contents: read
#
permissions: {}

jobs:
dependency-review:
name: License and Vulnerability Scan

if: github.repository == 'sigstore/cosign'

permissions:
contents: read

uses: sigstore/community/.github/workflows/reusable-dependency-review.yml@9b1b5aca605f92ec5b1bf3681b1e61b3dbc420cc
29 changes: 25 additions & 4 deletions .github/workflows/donotsubmit.yaml
Original file line number Diff line number Diff line change
@@ -1,20 +1,41 @@
#
# Copyright 2024 The Sigstore Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Do Not Submit

on:
pull_request:
branches: [ 'main', 'release-*' ]
branches:
- 'main'
- 'release-*'

permissions: read-all
permissions: {}

jobs:

donotsubmit:
name: Do Not Submit
runs-on: ubuntu-latest

if: github.repository == 'sigstore/cosign'

permissions:
contents: read

steps:
- name: Check out code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v2.4.0
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v2.4.0

- name: Do Not Submit
uses: chainguard-dev/actions/donotsubmit@84c993eaf02da1c325854fb272a4df9184bd80fc # main
72 changes: 0 additions & 72 deletions .github/workflows/e2e-tests-kms.yml

This file was deleted.

Loading
Loading