Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update sigstore/cosign-installer action to v3 (#1400)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | action | major | `v2.8.1` -> `v3.3.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary> ### [`v3.3.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.3.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0) #### What's Changed - Bump actions/setup-go from 4.1.0 to 5.0.0 by [@​dependabot](https://github.com/dependabot) in [sigstore/cosign-installer#152 - update action to use latest cosign v2.2.2 by [@​cpanato](https://github.com/cpanato) in [sigstore/cosign-installer#153 **Full Changelog**: sigstore/cosign-installer@v3.2.0...v3.3.0 ### [`v3.2.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.2.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.1.2...v3.2.0) **Note: This release comes with a fix for CVE-2023-46737 described in this [Github Security Advisory](https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9). Please upgrade to this release ASAP** see https://github.com/sigstore/cosign/releases/tag/v2.2.1 #### What's Changed - Support the runner context of gitea act by [@​josedev-union](https://github.com/josedev-union) in [sigstore/cosign-installer#147 - bump cosign to v2.2.1 by [@​cpanato](https://github.com/cpanato) in [sigstore/cosign-installer#148 - test with latest go version by [@​bobcallaway](https://github.com/bobcallaway) in [sigstore/cosign-installer#150 #### New Contributors - [@​josedev-union](https://github.com/josedev-union) made their first contribution in [sigstore/cosign-installer#147 **Full Changelog**: sigstore/cosign-installer@v3...v3.2.0 ### [`v3.1.2`](https://github.com/sigstore/cosign-installer/releases/tag/v3.1.2) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.1.1...v3.1.2) #### What's Changed - Fix build and push step Readme missing id by [@​hbenali](https://github.com/hbenali) in [sigstore/cosign-installer#138 - bump cosign to v2.2.0 by [@​cpanato](https://github.com/cpanato) in [sigstore/cosign-installer#142 #### New Contributors - [@​hbenali](https://github.com/hbenali) made their first contribution in [sigstore/cosign-installer#138 **Full Changelog**: sigstore/cosign-installer@v3...v3.1.2 ### [`v3.1.1`](https://github.com/sigstore/cosign-installer/releases/tag/v3.1.1) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1) #### What's Changed - default cosign to v2.1.1 by [@​cpanato](https://github.com/cpanato) in [sigstore/cosign-installer#137 **Full Changelog**: sigstore/cosign-installer@v3.1.0...v3.1.1 ### [`v3.1.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.1.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.5...v3.1.0) #### What's Changed - update job to use latest action release by [@​cpanato](https://github.com/cpanato) in [sigstore/cosign-installer#130 - Update action example for keyless signing as xarg is not required by [@​jbtrystram](https://github.com/jbtrystram) in [sigstore/cosign-installer#132 - update examples by [@​cpanato](https://github.com/cpanato) in [sigstore/cosign-installer#133 - bump cosign to default to release v2.1.0 and update docs by [@​cpanato](https://github.com/cpanato) in [sigstore/cosign-installer#136 #### New Contributors - [@​jbtrystram](https://github.com/jbtrystram) made their first contribution in [sigstore/cosign-installer#132 **Full Changelog**: sigstore/cosign-installer@v3.0.5...v3.1.0 ### [`v3.0.5`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.5) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.4...v3.0.5) #### What's Changed - download cosign releases from GitHub rather than GCS by [@​bobcallaway](https://github.com/bobcallaway) in [sigstore/cosign-installer#126 **Full Changelog**: sigstore/cosign-installer@v3.0.4...v3.0.5 ### [`v3.0.4`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.4) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.3...v3.0.4) - Include fix for [sigstore/cosign-installer#124 - changes download URL for `cosign` binary to github.com instead of GCS ### [`v3.0.3`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.3) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.2...v3.0.3) ##### What's Changed - bump to cosign v2.0.2 by [@​bobcallaway](https://github.com/bobcallaway) in [sigstore/cosign-installer#119 - changes download URL for `cosign` binary to github.com instead of GCS **Full Changelog**: sigstore/cosign-installer@v3.0.2...v3.0.3 ### [`v3.0.2`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.2) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.1...v3.0.2) ##### What's Changed - add --yes to example workflow by [@​sebhoss](https://github.com/sebhoss) in [sigstore/cosign-installer#110 - Fix aarch64 action run by [@​ananos](https://github.com/ananos) in [sigstore/cosign-installer#113 - Bump actions/checkout from 3.3.0 to 3.4.0 by [@​dependabot](https://github.com/dependabot) in [sigstore/cosign-installer#115 - Bump actions/setup-go from 3.5.0 to 4.0.0 by [@​dependabot](https://github.com/dependabot) in [sigstore/cosign-installer#114 - Bump actions/checkout from 3.4.0 to 3.5.0 by [@​dependabot](https://github.com/dependabot) in [sigstore/cosign-installer#116 - default cosign to v2.0.1 by [@​cpanato](https://github.com/cpanato) in [sigstore/cosign-installer#117 - changes download URL for `cosign` binary to github.com instead of GCS ##### New Contributors - [@​sebhoss](https://github.com/sebhoss) made their first contribution in [sigstore/cosign-installer#110 - [@​ananos](https://github.com/ananos) made their first contribution in [sigstore/cosign-installer#113 **Full Changelog**: sigstore/cosign-installer@v3...v3.0.2 ### [`v3.0.1`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.1) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1) ##### What's Changed - make cosign v2.0.0 default version by [@​developer-guy](https://github.com/developer-guy) in [sigstore/cosign-installer#109 - changes download URL for `cosign` binary to github.com instead of GCS **Full Changelog**: sigstore/cosign-installer@v3.0.0...v3.0.1 ### [`v3.0.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v2.8.1...v3.0.0) ##### Breaking change Cosign v2 has some breaking changes. Please check those: https://blog.sigstore.dev/cosign-2-0-released/ ##### What's Changed - test: add logs when downloading the public keys by [@​hectorj2f](https://github.com/hectorj2f) in [sigstore/cosign-installer#106 - Add support to install v2 and any other cosign release candidate by [@​hectorj2f](https://github.com/hectorj2f) in [sigstore/cosign-installer#105 - v2.0.0 release by [@​sabre1041](https://github.com/sabre1041) in [sigstore/cosign-installer#108 - changes download URL for `cosign` binary to github.com instead of GCS ##### New Contributors - [@​hectorj2f](https://github.com/hectorj2f) made their first contribution in [sigstore/cosign-installer#106 - [@​sabre1041](https://github.com/sabre1041) made their first contribution in [sigstore/cosign-installer#108 **Full Changelog**: sigstore/cosign-installer@v2...v3.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3Ljg3LjIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- Loading branch information