dependabot[bot]
adcfc04199
chore(deps): bump actions/checkout from 4.1.1 to 4.1.6 ( #1920 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.1.1...a5ac7e51b41094c92402da3b24376905380afc29 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-07 09:56:50 -07:00
Shubham Hibare
17b104771a
feat(signature): Checksum signature verification ( #1670 )
...
* feat(signature): Checksum signature verification
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Update message
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address comments
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* consider -v flag across supported releases
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for install.sh signature verification
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* check that release is run from main
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* summarize install.sh flags and recommendations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove regex use on cosign verify-blob
Co-authored-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify the compare_semver install function
Co-authored-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add more tests to compare_semver
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* nit copy change for install help
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep original compare_semver implementation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update copy to include default install path
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Dominique Martinet <asmadeus@codewreck.org>
2024-06-06 21:23:04 +00:00
dependabot[bot]
cc5ca8b28c
chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 ( #1909 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.7 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f079b84933...2e230e8fe0
2024-06-06 12:55:31 -04:00
Alex Goodman
2beae30864
remove dco workflow ( #1914 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-06 10:53:23 -04:00
Alex Goodman
28c40f50cd
use dco tool during gh app outage ( #1910 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 14:08:34 -04:00
dependabot[bot]
ef4d3f55c4
chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 ( #1901 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.6 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...f079b84933
2024-05-31 14:12:32 -04:00
dependabot[bot]
238caa4a82
chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 ( #1896 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](e92390c5fb...0d4c9c5ea7
2024-05-28 12:29:48 -04:00
dependabot[bot]
1e6811b7cb
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 ( #1868 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4
2024-05-20 13:38:30 -04:00
dependabot[bot]
0117d566a9
chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6 ( #1870 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.13.4 to 3.25.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cdcdbb5797...9fdb3e4972
2024-05-20 11:59:06 -04:00
dependabot[bot]
cefc896a4f
chore(deps): bump anchore/sbom-action from 0.15.11 to 0.16.0 ( #1871 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.11 to 0.16.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](7ccf588e3c...e8d2a6937e
2024-05-20 11:58:39 -04:00
Christopher Angelo Phillips
bfac9dafed
chore: add top level permissions to new workflow ( #1860 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-13 13:35:37 -04:00
dependabot[bot]
7ccaaf6904
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 ( #1858 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.1.4...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 12:28:42 -04:00
dependabot[bot]
38ccf16049
chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 ( #1859 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510
2024-05-13 12:28:33 -04:00
Alex Goodman
24d5d4ffb2
Upgrade tool management ( #1842 )
...
* upgrade tool management
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update version file on release
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-09 16:25:00 -04:00
dependabot[bot]
6b8f0f5eaa
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 ( #1847 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4
2024-05-07 13:25:45 -04:00
dependabot[bot]
61c962f856
chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 ( #1840 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](0c52d547c9...cdcb360436
2024-05-02 14:13:22 -04:00
dependabot[bot]
8210bf2613
chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 ( #1835 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.10 to 0.15.11.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab5d7b5f48...7ccf588e3c
2024-04-29 13:13:03 -04:00
dependabot[bot]
f247c622a9
chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 ( #1823 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fada
2024-04-25 16:57:01 -04:00
dependabot[bot]
92e864df35
chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 ( #1828 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.4 to 6.0.5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](9153d834b6...6d6857d369
2024-04-25 16:56:42 -04:00
dependabot[bot]
d37674ee17
chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 ( #1820 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1746f4ab65...65462800fd
2024-04-24 15:23:41 -04:00
dependabot[bot]
31352f6103
chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 ( #1818 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1
2024-04-19 15:07:24 -04:00
dependabot[bot]
28df30c0ed
chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 ( #1814 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...1746f4ab65
2024-04-18 12:38:59 -04:00
dependabot[bot]
237cd0cf8c
chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 ( #1808 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c55203cfde...9153d834b6
2024-04-17 12:58:36 -04:00
dependabot[bot]
a093c951d5
chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 ( #1802 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](70a41aba78...c55203cfde
2024-04-12 15:24:35 -04:00
dependabot[bot]
3c23dea01f
chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 ( #1801 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](e1523de757...59acb6260d
2024-04-11 13:31:58 -04:00
Hung Nguyen
8c1f4ceff3
update release token from readonly to write token ( #1768 )
...
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-26 11:59:48 -04:00
dependabot[bot]
0178ae522c
chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 ( #1771 )
2024-03-26 15:44:41 +00:00
dependabot[bot]
8afe1ccf65
chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 ( #1753 )
...
Bumps [fountainhead/action-wait-for-check](https://github.com/fountainhead/action-wait-for-check ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/fountainhead/action-wait-for-check/releases )
- [Commits](297be350cf...5a908a2481
2024-03-21 13:22:19 -04:00
dependabot[bot]
4147d91beb
chore(deps): bump actions/cache from 4.0.1 to 4.0.2 ( #1761 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](ab5e6d0c87...0c45773b62
2024-03-21 13:21:46 -04:00
Hung Nguyen
fd7b4e4dff
updating credentials to scoped permissions ( #1755 )
...
* updating credentials to scoped permissions
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
---------
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-20 17:36:09 -04:00
dependabot[bot]
d420134bc1
chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 ( #1748 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](343f7c4344...e92390c5fb
2024-03-13 13:15:41 -04:00
dependabot[bot]
ab73f1b970
chore(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 ( #1746 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](a4f52f8033...70a41aba78
2024-03-12 13:17:33 -04:00
dependabot[bot]
e84e07fc07
chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 ( #1747 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3
2024-03-12 13:17:04 -04:00
dependabot[bot]
0c60849d49
chore(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 ( #1740 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.8 to 0.15.9.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](b6a39da807...9fece9e200
2024-03-06 14:26:39 -05:00
dependabot[bot]
8e7f5cf85a
chore(deps): bump actions/cache from 4.0.0 to 4.0.1 ( #1735 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](13aacd865c...ab5e6d0c87
2024-03-01 13:49:48 -05:00
dependabot[bot]
c08686308e
chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 ( #1733 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](b1ddad2c99...a4f52f8033
2024-02-29 10:16:57 -05:00
dependabot[bot]
79e2310f6d
chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 ( #1699 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312
2024-02-06 10:44:11 -05:00
dependabot[bot]
e10a67fc4a
chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 ( #1687 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 5.0.2 to 6.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](153407881e...b1ddad2c99
2024-02-01 11:59:43 -05:00
dependabot[bot]
fcd63cddc2
chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 ( #1690 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.6 to 0.15.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](c6aed38a43...b6a39da807
2024-02-01 11:59:29 -05:00
dependabot[bot]
c746e471b3
chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 ( #1691 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](9614fae9e5...e1523de757
2024-02-01 11:59:16 -05:00
dependabot[bot]
b44c28f7b9
chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 ( #1684 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.5 to 0.15.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](24b0d52385...c6aed38a43
2024-01-29 15:32:53 -05:00
Alex Goodman
fdf9842eea
ensure releases only use released versions of syft ( #1680 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-26 12:15:39 -05:00
dependabot[bot]
5174d10f93
chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 ( #1682 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.1 to 3.16.2.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](fbd6aa58ba...28ba43ae48
2024-01-26 10:40:04 -05:00
dependabot[bot]
b3d6f58184
chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 ( #1676 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-24 13:09:16 -05:00
dependabot[bot]
5e1ba46fb8
chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 ( #1671 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.4 to 0.15.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](41f7a6c033...24b0d52385
2024-01-22 10:54:45 -05:00
dependabot[bot]
8bc6ca8a1f
chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 ( #1666 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.3 to 0.15.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](c7f031d924...41f7a6c033
2024-01-19 15:46:07 -05:00
dependabot[bot]
5436f55aac
chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 ( #1668 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b
2024-01-19 15:45:48 -05:00
William Murphy
cd1c2ac66e
chore: enable automatic approval of dependabot PRs ( #1664 )
...
To reduce toil in this repo, enable dependabot PRs to be automatically
approved, but not merged. They are not automatically merged because if
the default GitHub token is used to automatically merge a PR, the
resulting commit will not trigger workflows on main. Rather than
generate a more potent token, just automatically review them, which
reduces toil by eliminating several clicks and page loads for
maintainers who are trying to merge dependabot PRs.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-18 08:35:37 -05:00
dependabot[bot]
4c4dfd59f5
chore(deps): bump actions/cache from 3.3.3 to 4.0.0 ( #1661 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.3 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](e12d46a63a...13aacd865c
2024-01-17 11:40:51 -05:00
dependabot[bot]
a9f72385f6
chore(deps): bump actions/cache from 3.3.2 to 3.3.3 ( #1656 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](704facf57e...e12d46a63a
2024-01-16 09:03:57 -05:00
