Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update sigstore/cosign-installer action to v3 (#1400)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer) | action | major | `v2.8.1` -> `v3.3.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary> ### [`v3.3.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.3.0) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0) #### What's Changed - Bump actions/setup-go from 4.1.0 to 5.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/152](https://togithub.com/sigstore/cosign-installer/pull/152) - update action to use latest cosign v2.2.2 by [@​cpanato](https://togithub.com/cpanato) in [https://github.com/sigstore/cosign-installer/pull/153](https://togithub.com/sigstore/cosign-installer/pull/153) **Full Changelog**: sigstore/cosign-installer@v3.2.0...v3.3.0 ### [`v3.2.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.2.0) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.1.2...v3.2.0) **Note: This release comes with a fix for CVE-2023-46737 described in this [Github Security Advisory](https://togithub.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9). Please upgrade to this release ASAP** see https://github.com/sigstore/cosign/releases/tag/v2.2.1 #### What's Changed - Support the runner context of gitea act by [@​josedev-union](https://togithub.com/josedev-union) in [https://github.com/sigstore/cosign-installer/pull/147](https://togithub.com/sigstore/cosign-installer/pull/147) - bump cosign to v2.2.1 by [@​cpanato](https://togithub.com/cpanato) in [https://github.com/sigstore/cosign-installer/pull/148](https://togithub.com/sigstore/cosign-installer/pull/148) - test with latest go version by [@​bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/150](https://togithub.com/sigstore/cosign-installer/pull/150) #### New Contributors - [@​josedev-union](https://togithub.com/josedev-union) made their first contribution in [https://github.com/sigstore/cosign-installer/pull/147](https://togithub.com/sigstore/cosign-installer/pull/147) **Full Changelog**: sigstore/cosign-installer@v3...v3.2.0 ### [`v3.1.2`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.1.2) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.1.1...v3.1.2) #### What's Changed - Fix build and push step Readme missing id by [@​hbenali](https://togithub.com/hbenali) in [https://github.com/sigstore/cosign-installer/pull/138](https://togithub.com/sigstore/cosign-installer/pull/138) - bump cosign to v2.2.0 by [@​cpanato](https://togithub.com/cpanato) in [https://github.com/sigstore/cosign-installer/pull/142](https://togithub.com/sigstore/cosign-installer/pull/142) #### New Contributors - [@​hbenali](https://togithub.com/hbenali) made their first contribution in [https://github.com/sigstore/cosign-installer/pull/138](https://togithub.com/sigstore/cosign-installer/pull/138) **Full Changelog**: sigstore/cosign-installer@v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.1.1) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1) #### What's Changed - default cosign to v2.1.1 by [@​cpanato](https://togithub.com/cpanato) in [https://github.com/sigstore/cosign-installer/pull/137](https://togithub.com/sigstore/cosign-installer/pull/137) **Full Changelog**: sigstore/cosign-installer@v3.1.0...v3.1.1 ### [`v3.1.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.1.0) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.5...v3.1.0) #### What's Changed - update job to use latest action release by [@​cpanato](https://togithub.com/cpanato) in [https://github.com/sigstore/cosign-installer/pull/130](https://togithub.com/sigstore/cosign-installer/pull/130) - Update action example for keyless signing as xarg is not required by [@​jbtrystram](https://togithub.com/jbtrystram) in [https://github.com/sigstore/cosign-installer/pull/132](https://togithub.com/sigstore/cosign-installer/pull/132) - update examples by [@​cpanato](https://togithub.com/cpanato) in [https://github.com/sigstore/cosign-installer/pull/133](https://togithub.com/sigstore/cosign-installer/pull/133) - bump cosign to default to release v2.1.0 and update docs by [@​cpanato](https://togithub.com/cpanato) in [https://github.com/sigstore/cosign-installer/pull/136](https://togithub.com/sigstore/cosign-installer/pull/136) #### New Contributors - [@​jbtrystram](https://togithub.com/jbtrystram) made their first contribution in [https://github.com/sigstore/cosign-installer/pull/132](https://togithub.com/sigstore/cosign-installer/pull/132) **Full Changelog**: sigstore/cosign-installer@v3.0.5...v3.1.0 ### [`v3.0.5`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.5) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.4...v3.0.5) #### What's Changed - download cosign releases from GitHub rather than GCS by [@​bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/126](https://togithub.com/sigstore/cosign-installer/pull/126) **Full Changelog**: sigstore/cosign-installer@v3.0.4...v3.0.5 ### [`v3.0.4`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.4) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.3...v3.0.4) - Include fix for [https://github.com/sigstore/cosign-installer/pull/124](https://togithub.com/sigstore/cosign-installer/pull/124) - changes download URL for `cosign` binary to github.com instead of GCS ### [`v3.0.3`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.3) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.2...v3.0.3) ##### What's Changed - bump to cosign v2.0.2 by [@​bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/119](https://togithub.com/sigstore/cosign-installer/pull/119) - changes download URL for `cosign` binary to github.com instead of GCS **Full Changelog**: sigstore/cosign-installer@v3.0.2...v3.0.3 ### [`v3.0.2`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.2) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.1...v3.0.2) ##### What's Changed - add --yes to example workflow by [@​sebhoss](https://togithub.com/sebhoss) in [https://github.com/sigstore/cosign-installer/pull/110](https://togithub.com/sigstore/cosign-installer/pull/110) - Fix aarch64 action run by [@​ananos](https://togithub.com/ananos) in [https://github.com/sigstore/cosign-installer/pull/113](https://togithub.com/sigstore/cosign-installer/pull/113) - Bump actions/checkout from 3.3.0 to 3.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/115](https://togithub.com/sigstore/cosign-installer/pull/115) - Bump actions/setup-go from 3.5.0 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/114](https://togithub.com/sigstore/cosign-installer/pull/114) - Bump actions/checkout from 3.4.0 to 3.5.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/116](https://togithub.com/sigstore/cosign-installer/pull/116) - default cosign to v2.0.1 by [@​cpanato](https://togithub.com/cpanato) in [https://github.com/sigstore/cosign-installer/pull/117](https://togithub.com/sigstore/cosign-installer/pull/117) - changes download URL for `cosign` binary to github.com instead of GCS ##### New Contributors - [@​sebhoss](https://togithub.com/sebhoss) made their first contribution in [https://github.com/sigstore/cosign-installer/pull/110](https://togithub.com/sigstore/cosign-installer/pull/110) - [@​ananos](https://togithub.com/ananos) made their first contribution in [https://github.com/sigstore/cosign-installer/pull/113](https://togithub.com/sigstore/cosign-installer/pull/113) **Full Changelog**: sigstore/cosign-installer@v3...v3.0.2 ### [`v3.0.1`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.1) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1) ##### What's Changed - make cosign v2.0.0 default version by [@​developer-guy](https://togithub.com/developer-guy) in [https://github.com/sigstore/cosign-installer/pull/109](https://togithub.com/sigstore/cosign-installer/pull/109) - changes download URL for `cosign` binary to github.com instead of GCS **Full Changelog**: sigstore/cosign-installer@v3.0.0...v3.0.1 ### [`v3.0.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.0) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v2.8.1...v3.0.0) ##### Breaking change Cosign v2 has some breaking changes. Please check those: https://blog.sigstore.dev/cosign-2-0-released/ ##### What's Changed - test: add logs when downloading the public keys by [@​hectorj2f](https://togithub.com/hectorj2f) in [https://github.com/sigstore/cosign-installer/pull/106](https://togithub.com/sigstore/cosign-installer/pull/106) - Add support to install v2 and any other cosign release candidate by [@​hectorj2f](https://togithub.com/hectorj2f) in [https://github.com/sigstore/cosign-installer/pull/105](https://togithub.com/sigstore/cosign-installer/pull/105) - v2.0.0 release by [@​sabre1041](https://togithub.com/sabre1041) in [https://github.com/sigstore/cosign-installer/pull/108](https://togithub.com/sigstore/cosign-installer/pull/108) - changes download URL for `cosign` binary to github.com instead of GCS ##### New Contributors - [@​hectorj2f](https://togithub.com/hectorj2f) made their first contribution in [https://github.com/sigstore/cosign-installer/pull/106](https://togithub.com/sigstore/cosign-installer/pull/106) - [@​sabre1041](https://togithub.com/sabre1041) made their first contribution in [https://github.com/sigstore/cosign-installer/pull/108](https://togithub.com/sigstore/cosign-installer/pull/108) **Full Changelog**: sigstore/cosign-installer@v2...v3.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3Ljg3LjIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
- Loading branch information
1 parent
8a1c10b
commit b43064c