slsa-github-generator
slsa-github-generator copied to clipboard
Published
20 hours ago •
slsa-framework
slsa-framework
fix(deps): update module github.com/slsa-framework/slsa-github-generator to v1.2.1
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| github.com/slsa-framework/slsa-github-generator | require | patch | v1.2.0 -> v1.2.1 |
Release Notes
slsa-framework/slsa-github-generator
v1.2.1
What's Changed
This release fixes an error that occurs on the "Generate Builder" step for various workflows.
FAILED: SLSA verification failed: could not find a matching valid signature entry
See #942
Generic generator
buildType
This release changes the buildType used in provenance created by the generic generator.
The previous value was:
"buildType": "https://github.com/slsa-framework/slsa-github-generator@v1",
The new value is:
"buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1",
See #627
Provenance file names
Previously the default file name for provenance was attestation.intoto.jsonl. This has been updated to be in line with intoto attestation file naming conventions. The file name now defaults to <artifact filename>.intoto.jsonl if there is a single artifact, or multiple.intoto.jsonl if there are multiple artifacts.
See #654
Explicit opt-in for private repos
Private repository support was enhanced to required the private-repo input field as the repository name will be made public in the public Rekor transparency log.
See #823
Go builder
Support private repos
Support for private repositories was fixed. If using a private repository you must specify the private-repo input field as the repository name will be made public in the public Rekor transparency log.
See #823
New Contributors
- @sethmlarson made their first contribution in https://github.com/slsa-framework/slsa-github-generator/pull/758
- @yunginnanet made their first contribution in https://github.com/slsa-framework/slsa-github-generator/pull/776
- @diogoteles08 made their first contribution in https://github.com/slsa-framework/slsa-github-generator/pull/957
Full Changelog
- doc: release doc typos by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/589
- Haskell provenance by @mihaimaruseac in https://github.com/slsa-framework/slsa-github-generator/pull/595
- fix: Remove
build:idin generic examples by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/596 - Add provenance for Haskell by @mihaimaruseac in https://github.com/slsa-framework/slsa-github-generator/pull/608
- feat: Share util functions by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/598
- Add digest input to container docs by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/591
- Fix linter pre-submit by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/333
- Add doc for attestation-name by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/618
- Update golang.org/x/oauth2 digest to
128564fby @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/620 - Add links to milestones as a roadmap by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/612
- Update typos and formatting in RELEASE.md by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/518
- Remove legacy env vars by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/616
- Update github-actions by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/621
- Move computesha256 to typescript by @naveensrinivasan in https://github.com/slsa-framework/slsa-github-generator/pull/546
- Update tags for renovatebot by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/622
- Update module github.com/sigstore/cosign to v1.10.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/623
- Fix support for --signature="" by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/615
- Update buildType of generic generator by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/628
- Use a temp dir for cwd in tests by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/633
- Update availability information of builders by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/635
- Update generic README.md for availability by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/636
- Update module github.com/slsa-framework/slsa-github-generator to v1.2.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/624
- Update module github.com/coreos/go-oidc to v3 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/485
- Update golang digest to
9349ed8by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/557 - Request for membership by @naveensrinivasan in https://github.com/slsa-framework/slsa-github-generator/pull/428
- Fix builder dir in container workflow by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/640
- Included typescript-eslint by @naveensrinivasan in https://github.com/slsa-framework/slsa-github-generator/pull/639
- feat: Group NodeJs update by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/653
- Update github-actions by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/648
- Update module github.com/sigstore/rekor to v0.10.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/650
- Update module github.com/coreos/go-oidc to v2.2.1 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/649
- Update dependency prettier to v2.7.1 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/647
- Update module github.com/sigstore/sigstore to v1.3.1 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/643
- Update github-actions by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/689
- chore: update verifier to v1.3.0 by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/718
- Update github-actions by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/711
- Update github-actions by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/723
- Update dependency @types/node to v16.11.53 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/645
- Update module github.com/sigstore/rekor to v0.11.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/724
- contents: write is required for the generic builder by @sethmlarson in https://github.com/slsa-framework/slsa-github-generator/pull/758
- docs: fix valid path to dir by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/717
- bug: fix address for fulcio by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/760
- Fix permissions in generic workflow doc by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/761
- fix: type in OIDC word by @developer-guy in https://github.com/slsa-framework/slsa-github-generator/pull/774
- Update github-actions by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/765
- Update README.md by @yunginnanet in https://github.com/slsa-framework/slsa-github-generator/pull/776
- Temporarily disable Run test. by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/772
- Fix log message for tlog upload by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/773
- Rename attestation-name by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/777
- Update dependency @actions/core to v1.9.1 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/644
- Update github-actions by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/785
- Update dependency @vercel/ncc to v0.34.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/646
- feat: harden checkout by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/795
- Updated scorecard v2 by @naveensrinivasan in https://github.com/slsa-framework/slsa-github-generator/pull/791
- feat: pin verify action by hash by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/796
- Refactor Makefiles by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/792
- Add pre-submit to verify base images by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/592
- Runner API by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/632
- Update pwd code in unit-test by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/826
- Remove PWD from provenance env by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/825
- Update module github.com/sigstore/sigstore to v1.4.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/766
- Update module github.com/sigstore/cosign to v1.11.1 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/690
- Update dependency eslint to v8.23.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/691
- Update gcr.io/distroless/static Docker digest to
f4787e8by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/838 - Update github-actions by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/839
- Update golang.org/x/oauth2 digest to
f213421by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/841 - Update dependency @types/node to v16.11.58 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/842
- Update module github.com/google/go-cmp to v0.5.9 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/843
- Update typescript-eslint monorepo to v5.36.2 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/693
- Add privacy-check action by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/836
- Add call to privacy check to workflows by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/850
- Remove contents:read from privacy-check by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/855
- [docs] Verifying provenance with kyverno by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/853
- Updated README.md to include Scorecard badge by @naveensrinivasan in https://github.com/slsa-framework/slsa-github-generator/pull/870
- Update typescript-eslint monorepo to v5.37.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/869
- Update dependency @types/node to v16.11.59 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/862
- Pin dependencies by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/861
- Update dependency eslint to v8.23.1 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/866
- Check result of dist and checkout pre-submits by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/887
- Update dependency typescript to v4.8.3 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/867
- Add example of using cosign and cue policy by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/902
- Add OpenSSF best practices badge by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/891
- feat: add log when verify-checkout fails by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/905
- feat: Add npm builder workflow by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/881
- Log the GitHub context by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/913
- fix: verify-checkout uses wrong sha to validate for pull_requests by @laurentsimon in https://github.com/slsa-framework/slsa-github-generator/pull/941
- update verifier version in actions by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/945
- Update READMEs to clarify that SLSA generators and builders must be referred by tag by @diogoteles08 in https://github.com/slsa-framework/slsa-github-generator/pull/957
- Update module github.com/sigstore/rekor to v0.12.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/844
- chore(deps): update dependency @types/node to v16.11.64 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/906
- fix(deps): update module github.com/sigstore/sigstore to v1.4.2 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/865
- fix(deps): update dependency @actions/github to v5.1.1 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/907
- chore(deps): update dependency eslint to v8.24.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/908
- chore(deps): update typescript-eslint monorepo to v5.39.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/910
- chore(deps): update gcr.io/distroless/static docker digest to
7292458by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/972 - fix(deps): update golang.org/x/oauth2 digest to
b44042aby @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/973 - chore(deps): update dependency typescript to v4.8.4 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/979
- fix(deps): update module github.com/sigstore/rekor to v0.12.2 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/980
- fix(deps): update module github.com/sigstore/sigstore to v1.4.4 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/982
- chore(deps): update dependency eslint to v8.25.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/983
- fix(deps): update dependency @actions/core to v1.10.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/986
- Add secure-checkout action by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/971
- Fix input default values by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/991
- Update checkout-(go|node) to use secure-checkout by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/992
- Fix secure-checkout bugs by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/994
- Update secure-checkout by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/995
- Update ref for checkout-go by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/993
- Remove exclude checkout-go|node from presubmit by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/997
- Support ref in secure-checkout by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1005
- Use ref for secure-checkout by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1006
- Restore default inputs for checkout-go by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1007
- fix: fix ref from detect-env in pull_request by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/1010
- update refs to generate-builder by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/1009
- Fix token use in secure-checkout by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1011
- fix: use updated ref for secure-checkout by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/1046
- fix: update refs for checkout-go by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/1048
- fix: update refs for checkout-go by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/1049
- update refs for generate-builder by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/1050
Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.
