chore: update to upstream 2.4.0 #236

lance · 2024-08-20T16:00:04Z

As stated -- bumping to upstream v2.4.0.

* fix 'go vet -tags e2e ./...' Signed-off-by: Dmitry S <dsavints@gmail.com> * fix typo in 'concatenating' Signed-off-by: Dmitry S <dsavints@gmail.com> --------- Signed-off-by: Dmitry S <dsavints@gmail.com>

…igstore#3556) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.97.0 to 0.98.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.97.0...v0.98.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…tore#3557) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.165.0 to 0.167.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.165.0...v0.167.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Dmitry S <dsavints@gmail.com>

Signed-off-by: michaelvl <mvl.gh@network42.dk>

…70b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198 (sigstore#3554) * chore(deps): bump imranismail/setup-kustomize Bumps [imranismail/setup-kustomize](https://github.com/imranismail/setup-kustomize) from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198. - [Release notes](https://github.com/imranismail/setup-kustomize/releases) - [Commits](imranismail/setup-kustomize@a76db1c...f6959cf) --- updated-dependencies: - dependency-name: imranismail/setup-kustomize dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Update kind-e2e-insecure-registry.yaml Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

Bumps the actions group with 3 updates: [google-github-actions/auth](https://github.com/google-github-actions/auth), [mikefarah/yq](https://github.com/mikefarah/yq) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `google-github-actions/auth` from 2.1.1 to 2.1.2 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@a6e2e39...55bd3a7) Updates `mikefarah/yq` from 4.41.1 to 4.42.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@0476945...9adde1a) Updates `codecov/codecov-action` from 4.0.1 to 4.1.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@e0b68c6...54bcd87) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update cosign and builder image Signed-off-by: cpanato <ctadeu@gmail.com> * update golangci-lint to v1.56 Signed-off-by: cpanato <ctadeu@gmail.com> * update go.mod in fakeoidc Signed-off-by: cpanato <ctadeu@gmail.com> * fix lints Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: cpanato <ctadeu@gmail.com>

Bumps the actions group with 1 update: [actions/cache](https://github.com/actions/cache). Updates `actions/cache` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@13aacd8...ab5e6d0) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…2.0 (sigstore#3575) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.61.0 to 0.62.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.61.0...v0.62.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.27.1` | `0.27.2` | | [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) | `0.22.0` | `0.22.2` | | [github.com/go-openapi/swag](https://github.com/go-openapi/swag) | `0.22.9` | `0.22.10` | | [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.4.3` | `1.4.4` | | [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.8.4` | `1.9.0` | Updates `github.com/go-openapi/runtime` from 0.27.1 to 0.27.2 - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.27.1...v0.27.2) Updates `github.com/go-openapi/strfmt` from 0.22.0 to 0.22.2 - [Commits](go-openapi/strfmt@v0.22.0...v0.22.2) Updates `github.com/go-openapi/swag` from 0.22.9 to 0.22.10 - [Commits](go-openapi/swag@v0.22.9...v0.22.10) Updates `github.com/sigstore/fulcio` from 1.4.3 to 1.4.4 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.4.3...v1.4.4) Updates `github.com/stretchr/testify` from 1.8.4 to 1.9.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/strfmt dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/swag dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Bob Callaway <bcallaway@google.com>

* Honor creation timestamp for signatures again Signed-off-by: ttrabelsi <Lerentis@users.noreply.github.com> * setting creation timestamp behind a feature flag to preserve current behavior Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu> * review feedback Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu> * additional review feedback Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu> --------- Signed-off-by: ttrabelsi <Lerentis@users.noreply.github.com> Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu>

…igstore#3582) Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md) - [Commits](go-jose/go-jose@v3.0.2...v3.0.3) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…gstore#3581) Bumps gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3. --- updated-dependencies: - dependency-name: gopkg.in/go-jose/go-jose.v2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Remove deprecated markdown files with only links to docs.sigstore.dev, clean up outdated data in README, remove FEATURES which is outdated Signed-off-by: Hayden B <hblauzvern@google.com>

…igstore#3590)

Encourage development on sigstore-go, which is the focus currently. Signed-off-by: Hayden B <hblauzvern@google.com>

…sigstore#3595) Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.27.2 to 0.28.0. - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.27.2...v0.28.0) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…#3591) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0. - [Commits](golang/oauth2@v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…tore#3594) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.167.0 to 0.169.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.167.0...v0.169.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…Flow Explicitly (sigstore#3578) * add fulcio oauth flow client credentials Signed-off-by: Noah Kreiger <noahkreiger@gmail.com> * fix docgen Signed-off-by: Noah Kreiger <noahkreiger@gmail.com> * add options Signed-off-by: Noah Kreiger <noahkreiger@gmail.com> --------- Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

The demo script for working with blobs was inaccurate in its current representation. I updated the commands such that they can be easily copied and pasted to get the shown output. Signed-off-by: arewm <arewm@users.noreply.github.com>

Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...9bb5618) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps cuelang.org/go from 0.7.1 to 0.8.0. --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…tore#3605) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.169.0 to 0.170.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.169.0...v0.170.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…#3811) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.21.0 to 0.22.0. - [Commits](golang/oauth2@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.50.0 to 0.51.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.50.0...v0.51.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Bob Callaway <bcallaway@google.com>

Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.7.0 to 0.8.0. - [Commits](golang/sync@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…sigstore#3813) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.75.1 to 3.76.2. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.75.1...v3.76.2) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Signed-off-by: Bob Callaway <bcallaway@google.com>

…tore#3815) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.189.0 to 0.190.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.189.0...v0.190.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Adding conformance helper and Action Also add e2e test and some helpful error messages about what flags go together Signed-off-by: Zach Steindler <steiza@github.com> * Allow conformance driver to call cosign with user-supplied args Signed-off-by: Zach Steindler <steiza@github.com> * fix e2e test Signed-off-by: Zach Steindler <steiza@github.com> * Detail TODO comments; remove unneeded trusted root in e2e tests Signed-off-by: Zach Steindler <steiza@github.com> --------- Signed-off-by: Zach Steindler <steiza@github.com>

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Signed-off-by: Hayden B <hblauzvern@google.com>

v2.4.0 Signed-off-by: Lance Ball <lball@redhat.com>

lance · 2024-08-20T16:32:45Z

/hold for cachi2 Go 1.22 support

lance · 2024-08-20T18:56:43Z

/retest

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Do not run hermetic builds for 1.1.0 since Konflux still appears to not have cachi2 support for go 1.22. Signed-off-by: Lance Ball <lball@redhat.com>

Signed-off-by: Lance Ball <lball@redhat.com>

JasonPowr

/lgtm

openshift-ci · 2024-09-05T15:04:00Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: JasonPowr, lance

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

dmitris and others added 30 commits February 22, 2024 09:12

fix 'go vet -tags e2e ./...' (sigstore#3550)

d96e379

* fix 'go vet -tags e2e ./...' Signed-off-by: Dmitry S <dsavints@gmail.com> * fix typo in 'concatenating' Signed-off-by: Dmitry S <dsavints@gmail.com> --------- Signed-off-by: Dmitry S <dsavints@gmail.com>

remove unused rootPool var (sigstore#3559)

5923d9b

Signed-off-by: Dmitry S <dsavints@gmail.com>

Bump sigstore/sigstore to v1.8.2 (sigstore#3561)

86921c7

Correct help text of triangulate cmd (sigstore#3551)

40dd4c3

Signed-off-by: michaelvl <mvl.gh@network42.dk>

free up disk space during e2e test runs (sigstore#3579)

fb488d7

Signed-off-by: Bob Callaway <bcallaway@google.com>

bump release to use go 1.21.8 (sigstore#3583)

16a3dda

Clean up READMEs (sigstore#3587)

8ba9a5e

Remove deprecated markdown files with only links to docs.sigstore.dev, clean up outdated data in README, remove FEATURES which is outdated Signed-off-by: Hayden B <hblauzvern@google.com>

chore(deps): bump the actions group with 1 update (sigstore#3588)

0506a69

chore(deps): bump github.com/xanzy/go-gitlab from 0.98.0 to 0.100.0 (s…

cdbb891

…igstore#3590)

chore(deps): bump the gomod group with 4 updates (sigstore#3589)

693db70

Update README for contributions (sigstore#3596)

d8a6af9

Encourage development on sigstore-go, which is the focus currently. Signed-off-by: Hayden B <hblauzvern@google.com>

dependabot bot and others added 11 commits August 6, 2024 08:36

tidy up validate release script (sigstore#3817)

7bac5e9

Signed-off-by: Bob Callaway <bcallaway@google.com>

move incremental builds per commit to GHCR instead of GCR (sigstore#3808

be43902

) Signed-off-by: Bob Callaway <bcallaway@google.com>

Bump sigstore/sigstore (sigstore#3819)

c346825

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Add login for GHCR (sigstore#3820)

b5e7dc1

Signed-off-by: Hayden B <hblauzvern@google.com>

Merge tag 'v2.4.0'

6b54010

v2.4.0 Signed-off-by: Lance Ball <lball@redhat.com>

openshift-ci bot added the do-not-merge/work-in-progress label Aug 20, 2024

openshift-ci bot added the do-not-merge/hold label Aug 20, 2024

openshift-merge-robot added the needs-rebase label Aug 25, 2024

lance and others added 4 commits September 4, 2024 16:34

chore(deps): bump github.com/docker/docker (sigstore#3823) (#242)

5cdc70c

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

chore(pipelines): remove cosign hermetic builds

876c2f7

Do not run hermetic builds for 1.1.0 since Konflux still appears to not have cachi2 support for go 1.22. Signed-off-by: Lance Ball <lball@redhat.com>

chore: remove git stash/pop from cosign build

b69bf3b

Signed-off-by: Lance Ball <lball@redhat.com>

Merge branch 'main' into lance/update-to-2.4.0

899e9be

Signed-off-by: Lance Ball <lball@redhat.com>

openshift-merge-robot removed the needs-rebase label Sep 4, 2024

fixup: remove prefetch-input task

a97db15

Signed-off-by: Lance Ball <lball@redhat.com>

lance marked this pull request as ready for review September 4, 2024 21:36

openshift-ci bot removed the do-not-merge/work-in-progress label Sep 4, 2024

lance removed the do-not-merge/hold label Sep 5, 2024

JasonPowr approved these changes Sep 5, 2024

View reviewed changes

openshift-ci bot assigned JasonPowr Sep 5, 2024

openshift-ci bot added the lgtm label Sep 5, 2024

lance merged commit 237af8a into main Sep 5, 2024
23 of 26 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: update to upstream 2.4.0 #236

chore: update to upstream 2.4.0 #236

lance commented Aug 20, 2024

lance commented Aug 20, 2024

lance commented Aug 20, 2024

JasonPowr left a comment

openshift-ci bot commented Sep 5, 2024

chore: update to upstream 2.4.0 #236

chore: update to upstream 2.4.0 #236

Conversation

lance commented Aug 20, 2024

lance commented Aug 20, 2024

lance commented Aug 20, 2024

JasonPowr left a comment

Choose a reason for hiding this comment

openshift-ci bot commented Sep 5, 2024