7273059cb9
build(deps): bump the ci group with 2 updates
...
Bumps the ci group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go ) and [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ).
Updates `actions/setup-go` from 4.0.1 to 4.1.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/fac708d6674e30b6ba41289acaab6d4b75aa0753...93397bea11091df50f3d7e59dc26a7711a8bcfbe )
Updates `slsa-framework/slsa-github-generator` from 1.7.0 to 1.8.0
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: ci
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: ci
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-09 16:35:22 +00:00
4d76ff4e6a
build(deps): bump the ci group with 2 updates
...
Bumps the ci group with 2 updates: [helm/kind-action](https://github.com/helm/kind-action ) and [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ).
Updates `helm/kind-action` from 1.7.0 to 1.8.0
- [Release notes](https://github.com/helm/kind-action/releases )
- [Commits](https://github.com/helm/kind-action/compare/fa81e57adff234b2908110485695db0f181f3c67...dda0770415bac9fc20092cacbc54aa298604d140 )
Updates `docker/setup-buildx-action` from 2.8.0 to 2.9.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a...4c0219f9ac95b02789c1075625400b2acbff50b1 )
---
updated-dependencies:
- dependency-name: helm/kind-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: ci
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: ci
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-07-17 00:37:57 +00:00
36b39a50a4
ci: release: extract the image tag from GITHUB_REF
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com >
2023-07-06 10:40:50 +03:00
506da2466b
ci: release: disable interpretation backslash esc
...
This ensures `jq` can properly parse the given `ARTIFACTS` JSON blob,
as it contains escaped newlines in for example the Brew formula.
This should address the issue with the generation of SLSA metadata.
Signed-off-by: Hidde Beydals <hidde@hhh.computer >
2023-07-05 17:07:03 +02:00
b4efd15afd
build(deps): bump docker/setup-buildx-action from 2.7.0 to 2.8.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/ecf95283f03858871ff00b787d79c419715afc34...16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-30 14:47:48 +00:00
02b34f05c8
build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-30 14:29:43 +00:00
cf7ee0081c
Add SLSA3 generators to release workflow
...
Generate SLSA level 3 provenance attestations for the release assets and for the multi-arch container images.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com >
2023-06-26 12:40:35 +03:00
0a2945e7f1
build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.5 to 3.1.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-26 08:27:20 +00:00
15a49334d8
build(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.2 to 0.14.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](https://github.com/anchore/sbom-action/compare/4d571ad1038a9cc29d676154ef265ab8f9027042...78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 )
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-26 01:16:48 +00:00
c596c70d42
build(deps): bump docker/setup-buildx-action from 2.6.0 to 2.7.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.6.0 to 2.7.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/6a58db7e0d21ca03e6c44877909e80e45217eed2...ecf95283f03858871ff00b787d79c419715afc34 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-19 11:07:15 +00:00
2b8385a874
build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/f82d6c1c344bcacabba2c841718984797f664a6b...336e29918d653399e599bfca99fadc1d7ffbc9f7 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-19 01:17:57 +00:00
19137b8e8c
build(deps): bump docker/login-action from 2.1.0 to 2.2.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/f4ef78c080cd8ba55a85445d5b36e214a81df20a...465a07811f14bebb1938fbed4728c6a1ff8901fc )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-12 10:10:29 +00:00
55aa96a33a
build(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/e81a89b1732b9c48d79cd809d8d81d79c4647a18...2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-12 09:53:46 +00:00
0d1a68ecb4
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/8e5e7e5ab8b370d6c329ec480221332ada57f0ab...c85c95e3d7251135ab7dc9ce3241c5835cc595a9 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-12 09:39:54 +00:00
6d2dd076dc
build(deps): bump docker/setup-buildx-action from 2.5.0 to 2.6.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c...6a58db7e0d21ca03e6c44877909e80e45217eed2 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-12 09:25:10 +00:00
0ce5117715
build(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.5
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.3 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-05-22 07:17:20 +00:00
9e422576b8
build(deps): bump actions/setup-go from 4.0.0 to 4.0.1
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/4d34df0c2316fe8122ab82dc22947d607c0c91f9...fac708d6674e30b6ba41289acaab6d4b75aa0753 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-05-22 07:06:34 +00:00
847e78541a
build(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.1 to 0.14.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](https://github.com/anchore/sbom-action/compare/422cb34a0f8b599678c41b21163ea6088edb2624...4d571ad1038a9cc29d676154ef265ab8f9027042 )
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-05-08 13:06:08 +00:00
86e542e524
build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/9e9de2292db7abb3f51b7f4808d98f0d347a8919...204a51a57a74d190b284a0ce69b44bc37201f343 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-05-01 08:07:56 +00:00
107894eccf
build(deps): bump actions/checkout from 3.5.0 to 3.5.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/8f4b7f84864484a7bf31766abe9204da3cbe65b3...8e5e7e5ab8b370d6c329ec480221332ada57f0ab )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-04-17 01:10:39 +00:00
1435c71d9c
build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/c3667d99424e7e6047999fb6246c0da843953c65...9e9de2292db7abb3f51b7f4808d98f0d347a8919 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-04-10 11:36:28 +00:00
403ea39825
build(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.4 to 0.14.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](https://github.com/anchore/sbom-action/compare/448520c4f19577ffce70a8317e619089054687e3...422cb34a0f8b599678c41b21163ea6088edb2624 )
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-04-03 07:09:38 +00:00
8240d19fbd
build(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.3 to 0.13.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](https://github.com/anchore/sbom-action/compare/07978da4bdb4faa726e52dfc6b1bed63d4b56479...448520c4f19577ffce70a8317e619089054687e3 )
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-03-27 06:37:54 +00:00
a30f77f8a4
build(deps): bump actions/checkout from 3.4.0 to 3.5.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/24cb9080177205b6e8c946b17badbe402adc938f...8f4b7f84864484a7bf31766abe9204da3cbe65b3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-03-27 06:12:24 +00:00
ce405b6060
build: update actions/setup-go in workflows
...
- Update `actions/setup-go` to v4.0.0 in workflows.
- Remove separate caching steps in favor of built-in caching feature
in action (since >=v3.0.0).
Signed-off-by: Hidde Beydals <hidde@hhh.computer >
2023-03-20 12:19:42 +01:00
1071f04e93
build(deps): bump actions/checkout from 3.3.0 to 3.4.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/ac593985615ec2ede58e132d2e21d2b1cbd6127c...24cb9080177205b6e8c946b17badbe402adc938f )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-03-20 10:13:50 +00:00
e1fca7f062
build(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/f03ac48505955848960e80bbb68046aa35c7b9e7...4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-03-13 08:52:53 +00:00
db67d2c4df
build: update release workflow
...
- sigstore/cosign-installer to v3.0.1
- Put (exact) version comment behind all action references, while taking note
this is an absolute insane way to manage versions.
Signed-off-by: Hidde Beydals <hidde@hhh.computer >
2023-03-09 09:41:23 +01:00
18760acaa8
Update Go to 1.20
...
Signed-off-by: Hidde Beydals <hidde@hhh.computer >
2023-03-09 09:26:51 +01:00
bca26ebf0a
build: convert ::set-output to $GITHUB_OUTPUT
...
Signed-off-by: Hidde Beydals <hello@hidde.co >
2023-02-17 13:44:27 +01:00
0f7b903ace
Update push artifact's --revision to RFC-0005
...
Signed-off-by: Hidde Beydals <hello@hidde.co >
2023-02-17 12:48:55 +01:00
e93b3d8d75
build(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/15c905b16b06416d2086efa066dd8e3a35cc7f98...f03ac48505955848960e80bbb68046aa35c7b9e7 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-02-13 02:06:09 +00:00
0cd0bf3b58
build(deps): bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/9754a253a8673b0ea869c2e863b4e975497efd0c...f82d6c1c344bcacabba2c841718984797f664a6b )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-02-06 01:05:36 +00:00
65481c223e
build(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.2.1 to 2.4.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/8c0edbc76e98fa90f69d9a2c020dcb50019dc325...15c905b16b06416d2086efa066dd8e3a35cc7f98 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-01-30 12:12:38 +00:00
18924d29a7
Bump anchore/sbom-action from 0.13.1 to 0.13.3
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.1 to 0.13.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](https://github.com/anchore/sbom-action/compare/06e109483e6aa305a2b2395eabae554e51530e1d...07978da4bdb4faa726e52dfc6b1bed63d4b56479 )
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-01-30 11:38:26 +00:00
f22222f71d
Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/8f67e590f2d095516493f017008adc464e63adb1...9754a253a8673b0ea869c2e863b4e975497efd0c )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-01-30 01:03:33 +00:00
1d80ff2b09
Bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/755da8c3cf115ac066823e79a1e1788f8940201b...ac593985615ec2ede58e132d2e21d2b1cbd6127c )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-01-09 00:57:58 +00:00
131c05d9c7
build: Revert sigstore/cosign-installer to v2.8.1
...
Dependabot should stick to tagged versions if the existing hash relates
to the tag made in the comment.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works >
2022-12-19 13:29:02 +00:00
c605f9a44f
Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 3.2.0 to 4.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757...8f67e590f2d095516493f017008adc464e63adb1 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-12-19 13:07:50 +00:00
0014bc4c43
Bump actions/checkout from 3.1.0 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8...755da8c3cf115ac066823e79a1e1788f8940201b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-12-19 12:32:31 +00:00
bd284ab28b
Bump actions/setup-go from 3.4.0 to 3.5.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/d0a58c1c4d2b25278816e339b944508c875f3613...6edd4406fa81c3da01a34fa6f6343087c207a568 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-12-19 12:14:24 +00:00
d5e5a26f5c
Update sigstore/cosign-installer requirement to b6757d8360bb6b9803c38b68e8cb7442baaf7eb5
...
Updates the requirements on [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) to permit the latest version.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/commits/b6757d8360bb6b9803c38b68e8cb7442baaf7eb5 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-12-12 10:27:54 +00:00
2c35880cbf
Bump actions/setup-go from 3.3.1 to 3.4.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/c4a742cab115ed795e34d4513e2cf7d472deb55f...d0a58c1c4d2b25278816e339b944508c875f3613 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-12-05 06:46:50 +00:00
d0e6fcad3f
build: Pin GitHub Actions
...
The main benefit of pinning GitHub actions is the determinism it brings
in terms of what version of a given action will be executed. This is
a step towards having hermetic builds.
Once pinned to a commit, dependabot will automatically issue PRs to update
to newer versions.
Pinned versions is the only security metric from OpenSSF scorecard that
this repository currently have a zero score.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works >
2022-11-17 15:33:59 +00:00
bb1078d610
ci: Refactor GitHub workflows
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com >
2022-10-21 09:46:10 +03:00
73692df272
Additional workflow permissions tweaks
...
Signed-off-by: Eddie Knight <knight@linux.com >
2022-10-20 12:48:05 -05:00
939a75115c
Adjusted workflow permissions
...
Signed-off-by: Eddie Knight <knight@linux.com >
2022-10-20 11:04:49 -05:00
348408e16e
Build with Go 1.19
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com >
2022-09-28 22:05:48 +03:00
0b9e3d24ef
Update GitHub actions
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com >
2022-05-27 13:35:13 +03:00
b795e612f7
Update Go to v1.18
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com >
2022-05-25 11:43:30 +03:00
dependabot[bot]