chore: Bump philips-labs/slsa-provenance-action from 0.6.0 to 0.7.0 #1747

dependabot · 2022-02-14T19:00:51Z

Bumps philips-labs/slsa-provenance-action from 0.6.0 to 0.7.0.

Release notes

Sourced from philips-labs/slsa-provenance-action's releases.

v0.7.0

This release drops the use of Docker to run this action. Instead we are now using the binaries natively. This allows to reuse you docker login session. Either via the docker/login-action or a docker login within your workflow. It is recommended to use the sigstore/cosign- installer so the release signature will also be verified upon installation of the binary.

Changelog

d50e6fc ⬆️ Bump actions/setup-go from 2.1.5 to 2.2.0

9be60c7 ⬆️ Bump sigstore/cosign-installer from 1.4.1 to 2.0.0

6ae8f65 Bump cosign from v1.4.1 to v1.5.1

1917ee5 Bump v0.6.0 to v0.7.0-rc for release

91684f3 Bump v0.7.0-rc to v0.7.0 for release

419b873 Fix draft release installer

5df3fa8 Fix draft releases

58b193c Fix gh-release make task on MacOS

3c3ee60 Fix link to slsa-framework/github-actions-demo

f9e3db5 Fix list releases test

03e87f5 Improve logging of slsa-provenance install

ef55f6d Install slsa-provenance instead of using docker image

cdc0cb7 Log cosign unavailable as warning

0d93f72 Make k8s keychain vs default keychain configurable

4d3ee36 Reduce duplication in downloading assets

dfdaf36 Support Windows and ARM64 in installer

67318bf Utilize new setup-go action 'check-latest'

Full Changelog: philips-labs/slsa-provenance-action@v0.6.0...v0.7.0

v0.7.0-rc

⚠️ This release installs the binary on the runner as opposed to using the Docker image.

Changelog

9be60c7 ⬆️ Bump sigstore/cosign-installer from 1.4.1 to 2.0.0

6ae8f65 Bump cosign from v1.4.1 to v1.5.1

47260ae Bump v0.6.0 to v0.7.0-rc for release

58b193c Fix gh-release make task on MacOS

3c3ee60 Fix link to slsa-framework/github-actions-demo

e79e0f9 Install slsa-provenance instead of using docker image

ee2282e Make k8s keychain vs default keychain configurable

Full Changelog: philips-labs/slsa-provenance-action@v0.6.0...v0.7.0-rc

Commits

91684f3 Bump v0.7.0-rc to v0.7.0 for release
de12b70 Merge pull request #130 from philips-labs/configurable-auth-from-cli
419b873 Fix draft release installer
4d3ee36 Reduce duplication in downloading assets
5df3fa8 Fix draft releases
cdc0cb7 Log cosign unavailable as warning
dfdaf36 Support Windows and ARM64 in installer
03e87f5 Improve logging of slsa-provenance install
1917ee5 Bump v0.6.0 to v0.7.0-rc for release
ef55f6d Install slsa-provenance instead of using docker image
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [philips-labs/slsa-provenance-action](https://github.com/philips-labs/slsa-provenance-action) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/philips-labs/slsa-provenance-action/releases) - [Changelog](https://github.com/philips-labs/slsa-provenance-action/blob/main/.goreleaser.yml) - [Commits](philips-labs/slsa-provenance-action@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: philips-labs/slsa-provenance-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

sonarqubecloud · 2022-02-14T19:01:36Z

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Feb 14, 2022

github-actions bot approved these changes Feb 14, 2022

View reviewed changes

ScottGuymer merged commit 73953dc into develop Feb 15, 2022

ScottGuymer deleted the dependabot/github_actions/philips-labs/slsa-provenance-action-0.7.0 branch February 15, 2022 13:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: Bump philips-labs/slsa-provenance-action from 0.6.0 to 0.7.0 #1747

chore: Bump philips-labs/slsa-provenance-action from 0.6.0 to 0.7.0 #1747

Uh oh!

dependabot bot commented on behalf of github Feb 14, 2022

Uh oh!

sonarqubecloud bot commented Feb 14, 2022

Uh oh!

Uh oh!

chore: Bump philips-labs/slsa-provenance-action from 0.6.0 to 0.7.0 #1747

chore: Bump philips-labs/slsa-provenance-action from 0.6.0 to 0.7.0 #1747

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 14, 2022

v0.7.0

Changelog

v0.7.0-rc

Changelog

Uh oh!

sonarqubecloud bot commented Feb 14, 2022

Uh oh!

Uh oh!