Bump actions/setup-go from 3.2.1 to 3.3.0 #639
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@84cbf80...268d8c0) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
Signed-off-by: Jake Sanders <jake@sanders.dev>
Signed-off-by: Jake Sanders <jake@sanders.dev>
Signed-off-by: Jake Sanders <jake@sanders.dev>
dekkagaijin
approved these changes
Aug 23, 2022
dekkagaijin
deleted the
dependabot/github_actions/actions/setup-go-3.3.0
branch
hectorj2f
pushed a commit
to hectorj2f/sigstore
that referenced
this pull request
Oct 28, 2022
* Add method to unmarshal certificates with a limit (#430)
* Add method to unmarshal certificates with a limit
This removes a DOS vector for services that use this method. Otherwise,
a client can provide a large PEM block to cause the service to do a
significant amount of work.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
* Add suggested iteration limit
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add unsafe verifier to verify signatures with SHA1 digests (#441)
I relaxed the hash function constraints on VerifyMessage, including the
SHA1 digest as a supported function. The expectation is that
LoadVerifier will still be the primary way to set up a verifier, which
will enforce the hash function. Otherwise, LoadUnsafeVerifier will be
used to load a verifier that only supports SHA1.
Note that SignMessage will not support SHA1 still. I also dropped
SHA1 from ECDSA's supported hash functions.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.12 to 1.44.13 (#440)
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github/codeql-action (#439)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.10. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/75b4f1c4669133dc294b06c2794e969efa2e5316...2f58583a1b24a7d3c7034f6bf9fa506d23b1183b)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump actions/setup-go from 3.0.0 to 3.1.0 (#438)
* Bump actions/setup-go from 3.0.0 to 3.1.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/f6164bd8c8acb4a71fb2791a8b6c4024ff038dab...fcdc43634adb5f7ae75a9d7a9b9361790f7293e2)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* update version comments
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.13 to 1.44.14 (#443)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.13 to 1.44.14.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.13...v1.44.14)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump actions/dependency-review-action (#442)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/3f943b86c9a289f4e632c632695e2e0898d9d67d...39e692fa323107ef86d8fdac0067ce647f239bd7)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Remove dependency on deprecated github.com/pkg/errors (#444)
* Remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Jason Hall <jason@chainguard.dev>
* appease linter
Signed-off-by: Jason Hall <jason@chainguard.dev>
* fix AWS KMS test
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump google-github-actions/auth from 0.7.1 to 0.7.2 (#446)
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/b258a9f230b36c9fa86dfaa43d1906bd76399edb...dafc92490a98acbdec38e6eb649f05d55e632447)
---
updated-dependencies:
- dependency-name: google-github-actions/auth
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.14 to 1.44.15 (#447)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.14 to 1.44.15.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.14...v1.44.15)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/Azure/azure-sdk-for-go (#445)
Bumps [github.com/Azure/azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) from 64.0.0+incompatible to 64.1.0+incompatible.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v64.0.0...v64.1.0)
---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github/codeql-action from 2.1.10 to 2.1.11 (#448)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.10 to 2.1.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/2f58583a1b24a7d3c7034f6bf9fa506d23b1183b...a3a6c128d771b6b9bdebb1c9d0583ebd2728a108)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.15 to 1.44.16 (#449)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.15 to 1.44.16.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.15...v1.44.16)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/go-rod/rod from 0.106.6 to 0.106.7 (#450)
Bumps [github.com/go-rod/rod](https://github.com/go-rod/rod) from 0.106.6 to 0.106.7.
- [Release notes](https://github.com/go-rod/rod/releases)
- [Commits](https://github.com/go-rod/rod/compare/v0.106.6...v0.106.7)
---
updated-dependencies:
- dependency-name: github.com/go-rod/rod
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/google/go-containerregistry from 0.8.0 to 0.9.0 (#451)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.8.0...v0.9.0)
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.16 to 1.44.17 (#453)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.16 to 1.44.17.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.16...v1.44.17)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump google-github-actions/auth from 0.7.2 to 0.7.3 (#452)
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.2 to 0.7.3.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/dafc92490a98acbdec38e6eb649f05d55e632447...81012c2689e66f7f020ed6d8ab43596a0f8b503a)
---
updated-dependencies:
- dependency-name: google-github-actions/auth
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/go-rod/rod from 0.106.7 to 0.106.8 (#454)
Bumps [github.com/go-rod/rod](https://github.com/go-rod/rod) from 0.106.7 to 0.106.8.
- [Release notes](https://github.com/go-rod/rod/releases)
- [Commits](https://github.com/go-rod/rod/compare/v0.106.7...v0.106.8)
---
updated-dependencies:
- dependency-name: github.com/go-rod/rod
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump actions/upload-artifact from 3.0.0 to 3.1.0 (#456)
* Bump actions/upload-artifact from 3.0.0 to 3.1.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/6673cd052c4cd6fcf4b4e6e60ea986c889389535...3cea5372237819ed00197afe530f5a7ea3e805c8)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* update version comment
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.17 to 1.44.18 (#455)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.17 to 1.44.18.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.17...v1.44.18)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.18 to 1.44.19 (#457)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.18 to 1.44.19.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.18...v1.44.19)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.19 to 1.44.20 (#461)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.19 to 1.44.20.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.19...v1.44.20)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/Azure/azure-sdk-for-go (#460)
Bumps [github.com/Azure/azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) from 64.1.0+incompatible to 65.0.0+incompatible.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v64.1.0...v65.0.0)
---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump actions/dependency-review-action from 1.0.1 to 1.0.2 (#459)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/39e692fa323107ef86d8fdac0067ce647f239bd7...a9c83d3af6b9031e20feba03b904645bb23d1dab)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump google-github-actions/auth from 0.7.3 to 0.8.0 (#458)
* Bump google-github-actions/auth from 0.7.3 to 0.8.0
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.3 to 0.8.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/81012c2689e66f7f020ed6d8ab43596a0f8b503a...ceee102ec2387dd9e844e01b530ccd4ec87ce955)
---
updated-dependencies:
- dependency-name: google-github-actions/auth
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* update version comment
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.20 to 1.44.21 (#464)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.20 to 1.44.21.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.20...v1.44.21)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/hashicorp/vault/api from 1.5.0 to 1.6.0 (#463)
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.5.0...v1.6.0)
---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.21 to 1.44.22 (#465)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.21 to 1.44.22.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.21...v1.44.22)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Update go-tuf to pick up security fixes (#462)
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Export providerInit type (#466)
Also remove unnecessary providerMux indirection, and just use a
package-level var directly.
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump actions/setup-go from 3.1.0 to 3.2.0 (#469)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/fcdc43634adb5f7ae75a9d7a9b9361790f7293e2...b22fbbc2921299758641fab08929b4ac52b32923)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.22 to 1.44.23 (#470)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.22 to 1.44.23.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.22...v1.44.23)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/go-rod/rod from 0.106.8 to 0.107.0 (#471)
Bumps [github.com/go-rod/rod](https://github.com/go-rod/rod) from 0.106.8 to 0.107.0.
- [Release notes](https://github.com/go-rod/rod/releases)
- [Commits](https://github.com/go-rod/rod/compare/v0.106.8...v0.107.0)
---
updated-dependencies:
- dependency-name: github.com/go-rod/rod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* update error message (#473)
Signed-off-by: cpanato <ctadeu@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.23 to 1.44.24 (#474)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.23 to 1.44.24.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.23...v1.44.24)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Allow passing options to GCP's `LoadSignVerifier`. (#468)
This lets the caller control authentication, in particular by providing an `option.TokenSource`.
Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Migrate AWK KMS to use the v2 SDK. (#475)
Looking at doing something similar to https://github.com/sigstore/sigstore/pull/468 for AWS, I noticed that our KMS stuff was using the old SDK. The bulk of this change is migrating things to the v2 SDK, but this also exposes a way
to plumb through options to `LoadSignerVerified` similar to #468 for GCP.
Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump google.golang.org/api from 0.75.0 to 0.81.0 (#476)
Signed-off-by: Jason Hall <jason@chainguard.dev>
* fix uppercase err msgs to quiet golangci-lint (#477)
* fix uppercase err msgs to quiet golangci-lint
Signed-off-by: Bob Callaway <bcallaway@google.com>
* fix test case compares
Signed-off-by: Bob Callaway <bcallaway@google.com>
* always complain about known lint issues
Signed-off-by: Bob Callaway <bcallaway@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump actions/cache from 3.0.2 to 3.0.3 (#478)
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/48af2dc4a9e8278b89d7fa154b955c30c6aaab09...30f413bfed0a2bc738fdfd409e5a9e96b24545fd)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/secure-systems-lab/go-securesystemslib (#482)
Bumps [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) from 0.3.1 to 0.4.0.
- [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases)
- [Commits](https://github.com/secure-systems-lab/go-securesystemslib/compare/v0.3.1...v0.4.0)
---
updated-dependencies:
- dependency-name: github.com/secure-systems-lab/go-securesystemslib
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.24 to 1.44.26 (#481)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.24 to 1.44.26.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.24...v1.44.26)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github/codeql-action from 2.1.11 to 2.1.12 (#480)
* Bump github/codeql-action from 2.1.11 to 2.1.12
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/a3a6c128d771b6b9bdebb1c9d0583ebd2728a108...27ea8f8fe5977c00f5b37e076ab846c5bd783b96)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* update version comment
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump google.golang.org/api from 0.81.0 to 0.82.0 (#483)
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.81.0 to 0.82.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.81.0...v0.82.0)
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Autoclose OAuth success page after 5 seconds. (#484)
Small QoL improvement to clean up success pages after they are no longer
needed.
Shout out to @bobcallaway for the idea!
Co-authored-by: Bob Callaway <bcallaway@google.com>
Signed-off-by: Billy Lynch <billy@chainguard.dev>
Co-authored-by: Bob Callaway <bcallaway@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.26 to 1.44.27 (#485)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.26 to 1.44.27.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.26...v1.44.27)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add a warning when using WithDigest with ECDSA (#487)
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#489)
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/go-rod/rod from 0.107.0 to 0.107.1 (#488)
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump google.golang.org/api from 0.82.0 to 0.83.0 (#495)
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.82.0 to 0.83.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.82.0...v0.83.0)
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go-v2 from 1.16.4 to 1.16.5 (#491)
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.16.4 to 1.16.5.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.16.4...v1.16.5)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go-v2/config from 1.15.9 to 1.15.10 (#494)
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.15.9 to 1.15.10.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.15.9...config/v1.15.10)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go-v2/service/kms from 1.17.2 to 1.17.3 (#493)
Bumps [github.com/aws/aws-sdk-go-v2/service/kms](https://github.com/aws/aws-sdk-go-v2) from 1.17.2 to 1.17.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.17.2...service/ecr/v1.17.3)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/kms
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump actions/cache from 3.0.3 to 3.0.4 (#490)
* Bump actions/cache from 3.0.3 to 3.0.4
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/30f413bfed0a2bc738fdfd409e5a9e96b24545fd...c3f1317a9e7b1ef106c153ac8c0f00fed3ddbc0d)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* update version comment
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump github.com/aws/aws-sdk-go from 1.44.27 to 1.44.29 (#492)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.27 to 1.44.29.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.27...v1.44.29)
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add `cosign init` to initialize the SigStore root metadata (#520)
* verify TUF root
Signed-off-by: Asra Ali <asraa@google.com>
* use tuf root for rekor and fulcio data
Signed-off-by: Asra Ali <asraa@google.com>
* add local tests and configs
Signed-off-by: Asra Ali <asraa@google.com>
* update
Signed-off-by: Asra Ali <asraa@google.com>
* update gcs bucket to prod
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Explicitly disable auth for the sigstore-tuf-root. (#528)
I had expired credentials that were causing this to fail. The bucket
is public, so we should just not use auth (which apparently requires being
explicit).
Signed-off-by: Dan Lorenc <dlorenc@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* 'cosign init' minor enhancements (file or URL root, write to $HOME/.sigstore) (#530)
* make minor changes to cosign init
Signed-off-by: Asra Ali <asraa@google.com>
* use gcs root
Signed-off-by: Asra Ali <asraa@google.com>
* also pin sha
Signed-off-by: Asra Ali <asraa@google.com>
* embed initial root
Signed-off-by: Asra Ali <asraa@google.com>
* remove sha because of embedded root
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* chore: enable whitespace check on golangci-lint and organize imports (#687)
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add a policy-init using TUF metadata and Fulcio signers (#469)
* add policy init with tuf
Signed-off-by: Asra Ali <asraa@google.com>
* update go-tuf to my local fork for ease
Signed-off-by: Asra Ali <asraa@google.com>
* clean up
Signed-off-by: Asra Ali <asraa@google.com>
* add subcommand
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* [root policy] Add root policy signing (#856)
* add root policy signing
Signed-off-by: Asra Ali <asraa@google.com>
* b64 encode
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Remove the preallocation of signatures slice. (#869)
This was making codeql upset. I don't think there's a real issue, but better safe
than sorry.
Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* update root ux (#747)
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* add optional issuer to root policy (#999)
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Update slsa-provenance predicate to v0.2 (#1054)
* Update slsa-provenance to v0.2
This dep update also required updating the go-tuf dependency, so there are some bug fixes in the go-tuf code in this PR as well.
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Remove newlines from targets so that they match expected targets
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add Fulcio v1 root to the cosign (#1112)
* add fulcio v1 root
Signed-off-by: Asra Ali <asraa@google.com>
* remove unneeded todo
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* cjson - Move to go-securesystemslib (#1141)
The existing cjson hasn't been maintained. The last update was 9 years
ago. This was replaced by the upstream go-securesystemslib
https://github.com/secure-systems-lab/go-securesystemslib/pull/10
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* return error when rekor pub cannot be retrieved, fix file path construction (#1157)
Signed-off-by: Jake Sanders <jsand@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* expand CI testing to Windows and OSX, fix issues uncovered (#1158)
* Also run unit and secretless e2e tests on OSX
* run e2e-tests-with-binary on OSX and Windows
* run unit tests on all 3 supported OSes
* add `-race` unit tests
* `os.Open` -> `os.Stat` for checking file existence
* `path.Join` -> `filepath.Join`
* simplify `getLocalTarget`
* always `Close()` `localTarget`
* embed everything in the repository directory
* always use `/` as path divider in embedded fs
* `path` -> `localCacheDBPath`
* assorted improvements in `RootClient`
* ensure `remote` is non-nil
* fix one straggler call to `filepath.Join`
* add `requireCoherence` option
* fix fatal memory leak in test
* create `embedded{Read, Open}File()` helpers
* add link to issue #1160 in TODO
* add comments for require coherence
Signed-off-by: Jake Sanders <jsand@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* use `sync.Once` to init the global tuf root (#1163)
Signed-off-by: Jake Sanders <jsand@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* update go-tuf and use the newly exposed `Close()` (#1181)
Signed-off-by: Jake Sanders <jsand@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Remove the "upload" flag for "cosign initialize" (#1201)
The "upload" flag is not used anywhere and it is not really needed. When
we update from the remote TUF repo, we expect the same number of root
signatures (or more) which is a sensible default.
Closes: #1195
Signed-off-by: Radoslav Gerganov <rgerganov@vmware.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* update snapshot and timestamp (#1211)
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Spelling (#1246)
* spelling: abstractions
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: annotations
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: announcement
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: attached
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: attachment
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: attestation
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: cloudbuild
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: compatibility
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: consideration
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: constituent
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: dekkagaijin
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: dependabot
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: environment
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: github
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: gitlab
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: immutable
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: include
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: initialized
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: mailing
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: payloads
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: percent
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: setting
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: sigstore
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: stored
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: validity
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: verified
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: verifier
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: without
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Update the embedded TUF metadata. (#1251)
The rekor.json and staging.json files weren't in here before.
Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Refactor the tuf client code. (#1252)
This is my attempt at refactoring the TUF client code to better
support the configuration modes we've recently added.
This also adds support for SIGSTORE_NO_CACHE, and eliminates most
writes to disk from cosign outside of cosign initialize.
I think these tests are about equivalent to what we had before, if not
a bit better. The coverage is at 72% and hits most non-sporadic errors.
Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Fix the unit tests with expired TUF metadata. (#1270)
These tests worked by mocking at the "isExpired" level. When the real files
ARE expired, but we mock them to be NOT expired, the code continues down a
path it shouldn't and fails later, trying to use expired metadata.
We should fix this "better" by generating real expired and unexpired metadata,
or changing the system clock somehow.
Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Fix a few bugs in cosign initialize (#1280)
* In getRoot, the metadata is always stored at the top level,
not under repository/.
* In Initialize, download all metadata and targets. This should
avoid a disk write on verify.
* Use path instead of filepath for Windows
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* add error message (#1296)
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bundle TUF timestamp with signature on signing (#1294)
* Bundle TUF timestamp with signature on signing
This updates the code to support adding the TUF timestamp
to the OCI signature.
Changes to pkg/oci add support for reading and saving the
timestamp by annotation key. Changes to the TUF client
add putting the timestamp in memory on client
initialization, so callers can access the timestamp.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
* Add TUF timestamp to OCI signature on sign
This adds the TUF timestamp to the Fulcio and Rekor
signers. Both are necessary since each relies on
TUF metadata. If both signers are used, the latter
one will overwrite the TUF timestamp.
I also added a basic mock Rekor client for tests.
A number of methods are not implemented yet.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
* Add license
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
* Move timestamp to TUF package
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
* Update TUF client to persist local store
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Bump the snapshot and timestamp roles metadata from root signing. (#1339)
Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Cache the location of the remote repository when running cosign initialize (#1315)
* store remote
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
* add test
Signed-off-by: Asra Ali <asraa@google.com>
* use json struct for cached remote info
Signed-off-by: Asra Ali <asraa@google.com>
* update lint
Signed-off-by: Asra Ali <asraa@google.com>
* update
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* add root status output (#1404)
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Remove TUF timestamp from OCI signature bundle (#1428)
As described in #1273, this solution does not work
because the TUF root is not included in the snapshot.
Removing unused code.
Confirmed that verifying images with a timestamp
annotation still works. Confimed that signing and
verifying works locally too.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Fetch verification targets by TUF custom metadata (#1423)
* Add TUF client method for fetching by metadata
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
* Fetch verification targets by TUF custom metadata
This uses GetTargetsByMeta to read the targets
using the custom metadata, or fallback to the old
targets by filename.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
* Resolve PR comments, linter, and update tests
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* update go-tuf and simplify TUF client code (#1455)
* update go tuf and simplify code
Signed-off-by: Asra Ali <asraa@google.com>
* add commend
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* remove old fulcio root and fix fallback target code (#1738)
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* test: create fake TUF test root and create test SETs for verification (#1750)
* wip
Signed-off-by: Asra Ali <asraa@google.com>
add fake SET test
Signed-off-by: Asra Ali <asraa@google.com>
fix
Signed-off-by: Asra Ali <asraa@google.com>
fix test
Signed-off-by: Asra Ali <asraa@google.com>
fix
Signed-off-by: Asra Ali <asraa@google.com>
* address haydentherapper comments
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* tuf: add debug info if tuf update fails (#1766)
* add debug info for tuf update fail
Signed-off-by: Asra Ali <asraa@google.com>
* move debugging funcs to top
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add rekor.0.pub TUF target to unit tests (#1860)
This target was added to the v3 TUF root.
Signed-off-by: Priya Wadhwa <priya@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Remove dependency on deprecated github.com/pkg/errors (#1887)
* cmd/cosign/cli: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* cmd/sget/cli: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* internal/pkg/cosign/ephemeral: remove dependency on pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/cosign: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/oci: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/policy: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/sget: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/signature: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* go.mod: go mod tidy
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/cosign/kubernetes/webhook: remove unnecessary fmt.Sprintf
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/oci/remote: should handle error on name.NewRepository
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Update go-tuf (#1894)
Signed-off-by: Tomasz Janiszewski <janiszt@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* fix: fix fetching updated targets from TUF root (#1921)
* fix: fix fetching updated targets from TUF root
Signed-off-by: Asra Ali <asraa@google.com>
add comment
Signed-off-by: Asra Ali <asraa@google.com>
update
Signed-off-by: Asra Ali <asraa@google.com>
update
Signed-off-by: Asra Ali <asraa@google.com>
possible fix windows
Signed-off-by: Asra Ali <asraa@google.com>
lint
Signed-off-by: Asra Ali <asraa@google.com>
fix windows maybe
Signed-off-by: Asra Ali <asraa@google.com>
fix close
Signed-off-by: Asra Ali <asraa@google.com>
* update zack comments
Signed-off-by: Asra Ali <asraa@google.com>
update fix
Signed-off-by: Asra Ali <asraa@google.com>
update and add some debug
Signed-off-by: Asra Ali <asraa@google.com>
add debug
Signed-off-by: Asra Ali <asraa@google.com>
no cache
Signed-off-by: Asra Ali <asraa@google.com>
remove debug
Signed-off-by: Asra Ali <asraa@google.com>
* try haydens comments
Signed-off-by: Asra Ali <asraa@google.com>
* Use Rekor API for pubkeys before TUF if so specified.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* Address PR feedback, bump golangci-lint from 1.46.0 to 1.46.2
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* Add comments for the env variables.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* Use path instead of filepath, basically revert to what it was before.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* ho hum, really just use the path.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* When interacting with fs do not use OS specific separators.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* fix windows line endings
Signed-off-by: Asra Ali <asraa@google.com>
* pass embedded into initialization
Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Ville Aikas <vaikas@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* tuf: improve TUF client concurrency and caching (#1953)
* move rekor public key fetch inside GetRekorPubs
Signed-off-by: Asra Ali <asraa@google.com>
* use in-memory metadata and targets, sync to disk on start and updates
Signed-off-by: Asra Ali <asraa@google.com>
update
Signed-off-by: Asra Ali <asraa@google.com>
* Use TUF singleton.
Co-authored-by: Ville Aikas <vaikas@chainguard.dev>
Signed-off-by: Asra Ali <asraa@google.com>
* hayden comment, sync.Once used
Signed-off-by: Asra Ali <asraa@google.com>
* return global error
Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Ville Aikas <vaikas@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Drop tuf client dependency on GCS client library (#1967)
* Drop tuf client dependency on GCS client library
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add more validation of bucket names, clean paths
Signed-off-by: Jason Hall <jason@chainguard.dev>
* update-deps.sh
Signed-off-by: Jason Hall <jason@chainguard.dev>
* remove GCSRemoteStore
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add comment about GCS->HTTP fallback
Signed-off-by: Jason Hall <jason@chainguard.dev>
* update DefaultRemoteRoot
Signed-off-by: Jason Hall <jason@chainguard.dev>
* make docgen
Signed-off-by: Jason Hall <jason@chainguard.dev>
* move tuf to pkg/tuf
Signed-off-by: Jason Hall <jason@chainguard.dev>
* actually move tuf to pkg/tuf
Signed-off-by: Jason Hall <jason@chainguard.dev>
* update copyright years, unexport, add godoc
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Break off a `fulcioroot` package. (#639)
The `cosigned` webhook pulls in the Fulcio roots, and runs as a K8s controller, which consumes `klog`. However, some of the certificate transparency stuff the Fulcio package pulls in consumes `glog`. These both define conflicting `-log_dir` flags, which cause `cosigned` to crash on startup.
With this change, `cosigned` can use `fulcioroots.Get` to load the roots without pulling in `glog`.
In a subsequent change, I have tests that should catch this before a breaking change merges.
Signed-off-by: Matt Moore <mattomata@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* update root ux (#747)
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* refactor: move from io/ioutil to io and os packages (#978)
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add Fulcio v1 root to the cosign (#1112)
* add fulcio v1 root
Signed-off-by: Asra Ali <asraa@google.com>
* remove unneeded todo
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Do not require multiple Fulcio certs in the TUF root (#1230)
cosign requires both fulcio.crt.pem and fulcio_v1.crt.pem in the TUF
root which doesn't make sense when using local TUF. fulcio_v1.crt.pem
was added in the embedded TUF in order to support Fulcio v1 but it
shouldn't be required when users initialize cosign with their own TUF
repo.
Closes: #1229
Signed-off-by: Radoslav Gerganov <rgerganov@vmware.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Refactor the tuf client code. (#1252)
This is my attempt at refactoring the TUF client code to better
support the configuration modes we've recently added.
This also adds support for SIGSTORE_NO_CACHE, and eliminates most
writes to disk from cosign outside of cosign initialize.
I think these tests are about equivalent to what we had before, if not
a bit better. The coverage is at 72% and hits most non-sporadic errors.
Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Fetch verification targets by TUF custom metadata (#1423)
* Add TUF client method for fetching by metadata
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
* Fetch verification targets by TUF custom metadata
This uses GetTargetsByMeta to read the targets
using the custom metadata, or fallback to the old
targets by filename.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
* Resolve PR comments, linter, and update tests
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Fix fulcioroots test and linter error (#1741)
The linter error is from a deprecated method, but since this is only
used in tests and we don't use system roots, this is fine. The test was
also failing because the TUF remote can't be called in tests.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add intermediate CA certificate pool for Fulcio (#1749)
This separates roots and intermediates from the TUF targets. This will
be used to configure the default intermediate certificates when none are
found. In particular, this will be used by verify-blob when fetching an
entry from Rekor.
An intermediate CA certificate will be added to the v3 TUF root.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Add Fulcio intermediate CA certificate to intermediate pool (#1774)
This certificate will be necessary for chain building from a leaf
certificate to a root once a new version of Fulcio is rolled out. For
OCI, the chain is stored in an annotation. This intermediate is
currently only needed for verify-blob when looking up the certificate
from Rekor.
For the V3 TUF Root, the intermediate will be bundled, so that it is
easily discoverable and revokable. For now, we'll simply bundle it with
Cosign. Note that intermediates are considered untrusted, so it's fine
if the intermediate is not in TUF currently, as the root that issued the
intermediate certificate is in TUF.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Load in intermediate cert pool from TUF (#1804)
With the v3 TUF root, the intermediate CA certificate will be included,
so that if the intermediate signing key was compromised, the
intermediate certificate could be revoked by removing it from the TUF
targets and replacing it with a trusted certificate.
This change loads the intermediate certificate from TUF. However, we
don't want to force all users to follow this structure - They may choose
to use CRLs to detect revoked intermediates. Also, I don't want to
enforce TUF usage in the Verify package. Therefore, for TUF, we lazily create
a certificate pool only if an intermediate certificate is found, and if
it's not found, then VerifyImageSignature will create a pool using the
chain provided in the annotation.
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* Remove dependency on deprecated github.com/pkg/errors (#1887)
* cmd/cosign/cli: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* cmd/sget/cli: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* internal/pkg/cosign/ephemeral: remove dependency on pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/cosign: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/oci: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/policy: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/sget: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/signature: remove dependency on deprecated github.com/pkg/errors
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* go.mod: go mod tidy
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/cosign/kubernetes/webhook: remove unnecessary fmt.Sprintf
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
* pkg/oci/remote: should handle error on name.NewRepository
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* fix: fix fetching updated targets from TUF root (#1921)
* fix: fix fetching updated targets from TUF root
Signed-off-by: Asra Ali <asraa@google.com>
add comment
Signed-off-by: Asra Ali <asraa@google.com>
update
Signed-off-by: Asra Ali <asraa@google.com>
update
Signed-off-by: Asra Ali <asraa@google.com>
possible fix windows
Signed-off-by: Asra Ali <asraa@google.com>
lint
Signed-off-by: Asra Ali <asraa@google.com>
fix windows maybe
Signed-off-by: Asra Ali <asraa@google.com>
fix close
Signed-off-by: Asra Ali <asraa@google.com>
* update zack comments
Signed-off-by: Asra Ali <asraa@google.com>
update fix
Signed-off-by: Asra Ali <asraa@google.com>
update and add some debug
Signed-off-by: Asra Ali <asraa@google.com>
add debug
Signed-off-by: Asra Ali <asraa@google.com>
no cache
Signed-off-by: Asra Ali <asraa@google.com>
remove debug
Signed-off-by: Asra Ali <asraa@google.com>
* try haydens comments
Signed-off-by: Asra Ali <asraa@google.com>
* Use Rekor API for pubkeys before TUF if so specified.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* Address PR feedback, bump golangci-lint from 1.46.0 to 1.46.2
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* Add comments for the env variables.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* Use path instead of filepath, basically revert to what it was before.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* ho hum, really just use the path.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* When interacting with fs do not use OS specific separators.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
* fix windows line endings
Signed-off-by: Asra Ali <asraa@google.com>
* pass embedded into initialization
Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Ville Aikas <vaikas@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* tuf: improve TUF client concurrency and caching (#1953)
* move rekor public key fetch inside GetRekorPubs
Signed-off-by: Asra Ali <asraa@google.com>
* use in-memory metadata and targets, sync to disk on start and updates
Signed-off-by: Asra Ali <asraa@google.com>
update
Signed-off-by: Asra Ali <asraa@google.com>
* Use TUF singleton.
Co-authored-by: Ville Aikas <vaikas@chainguard.dev>
Signed-off-by: Asra Ali <asraa@google.com>
* hayden comment, sync.Once used
Signed-off-by: Asra Ali <asraa@google.com>
* return global error
Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Ville Aikas <vaikas@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* feat(fulcioroots): singleton error pattern (#1965)
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
Signed-off-by: Jason Hall <jason@chainguard.dev>
* move fulcioroots to pkg/fulcioroots
Signed-off-by: Jason Hall <jason@chainguard.dev>
* remove alternate root behavior, rm fulcioroots_test.go, use pkg/tuf
Signed-off-by: Jason Hall <jason@chainguard.dev>
* base on latest go.sum
Signed-off-by: Jason Hall <jason@chainguard.dev>
* go mod tidy
Signed-off-by: Jason Hall <jason@chainguard.dev>
* base on latest go.sum, again somehow?
Signed-off-by: Jason Hall <jason@chainguard.dev>
* address some low-hanging lint fruit
Signed-off-by: Jason Hall <jason@chainguard.dev>
* lint: only fail PRs on new findings
Signed-off-by: Jason Hall <jason@chainguard.dev>
* lint: ignore revive lint findings in pkg/tuf
Signed-off-by: Jason Hall…
mtrmac
pushed a commit
to mtrmac/sigstore
that referenced
this pull request
Mar 10, 2023
The `cosigned` webhook pulls in the Fulcio roots, and runs as a K8s controller, which consumes `klog`. However, some of the certificate transparency stuff the Fulcio package pulls in consumes `glog`. These both define conflicting `-log_dir` flags, which cause `cosigned` to crash on startup. With this change, `cosigned` can use `fulcioroots.Get` to load the roots without pulling in `glog`. In a subsequent change, I have tests that should catch this before a breaking change merges. Signed-off-by: Matt Moore <mattomata@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps actions/setup-go from 3.2.1 to 3.3.0.
Release notes
Sourced from actions/setup-go's releases.
Commits
268d8c0Add support for arm32 go arch (#253)f279813Merge pull request #250 from jromero/feature/windows-download-filename1022489Merge pull request #249 from e-korolevskii/maine0dce94Use explicit filename when downloading Windows go packagedab57c7update docsf2e56d8Merge pull request #246 from e-korolevskii/Update-contributors-guideedd0acaupdate tests pathf3e3b7cUpdate docs/contributors.md4a0c081Update docs/contributors.md185e7f2Update docs/contributors.mdDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)