From b5a162771c5d79eacf50f4eb56a0be4e17564054 Mon Sep 17 00:00:00 2001 From: Carlos Panato Date: Wed, 3 Nov 2021 09:35:55 +0100 Subject: [PATCH] cosign: update to release v1.3.0 Signed-off-by: Carlos Panato --- .github/workflows/test-action.yml | 2 +- README.md | 2 +- action.yml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml index 5b02cf4..2d12e1b 100644 --- a/.github/workflows/test-action.yml +++ b/.github/workflows/test-action.yml @@ -49,7 +49,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: Install Cosign - uses: sigstore/cosign-installer@v1.1.0 + uses: sigstore/cosign-installer@v1.2.1 - name: Check install! run: cosign version - name: Check root directory diff --git a/README.md b/README.md index dc10a7c..a8287ec 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Add the following entry to your Github workflow YAML file: ```yaml uses: sigstore/cosign-installer@main with: - cosign-release: 'v1.2.1' # optional + cosign-release: 'v1.3.0' # optional ``` Example using a pinned version: diff --git a/action.yml b/action.yml index bceb486..11e78cf 100644 --- a/action.yml +++ b/action.yml @@ -9,7 +9,7 @@ inputs: cosign-release: description: 'Cosign release version to use in the actions.' required: false - default: 'v1.2.1' + default: 'v1.3.0' runs: using: "composite" steps: @@ -20,8 +20,8 @@ runs: mkdir -p $HOME/.cosign pushd $HOME/.cosign - bootstrap_version='v1.2.1' - expected_bootstrap_version_digest='490cb1941aa317cd24a0bd9f2fe38932805dbaaba0ae89c12ec8138d15bdd8a0' + bootstrap_version='v1.3.0' + expected_bootstrap_version_digest='9604a5eb171748113f92a67495556007dde6f45804f0b38d3e55c3bc7e151774' curl -L https://storage.googleapis.com/cosign-releases/${bootstrap_version}/cosign-linux-amd64 -o cosign shaBootstrap=$(sha256sum cosign | cut -d' ' -f1); if [[ $shaBootstrap != ${expected_bootstrap_version_digest} ]]; then exit 1; fi