Skip to content

Releases: actions/attest-sbom

v1.4.1

22 Aug 19:10
@bdehamer bdehamer
v1.4.1
5026d36
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.1 Latest
Marketplace
Latest
Marketplace

What's Changed

Full Changelog: v1.4.0...v1.4.1

Contributors

bdehamer
Assets 2
Loading

v1.4.0

30 Jul 20:31
@bdehamer bdehamer
v1.4.0
f19ab44
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.0
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from 1.3.3 to 1.4.0 by @bdehamer in #85
    • Add show-summary input
    • Format summary output as list

Full Changelog: v1.3.3...v1.4.0

Contributors

bdehamer
Assets 2
Loading

v1.3.3

09 Jul 17:09
@bdehamer bdehamer
v1.3.3
6d7733f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.3
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from 1.3.2 to 1.3.3 by @bdehamer in #80
    • Bugfix for properly handling glob exclusion patterns in subject-path input

Full Changelog: v1.3.2...v1.3.3

Contributors

bdehamer
Assets 2
Loading

v1.3.2

17 Jun 17:36
@bdehamer bdehamer
v1.3.2
3d6693d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.2
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from 1.3.1 to 1.3.2 by @bdehamer in #75
    • Increase timeout for OCI operations

Full Changelog: v1.3.1...v1.3.2

Contributors

bdehamer
Assets 2
Loading

v1.3.1

13 Jun 21:59
@bdehamer bdehamer
v1.3.1
91d05ef
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.1
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from 1.3.0 to 1.3.1 by @bdehamer in #72
    • Bugfix when detecting support for the referrers API with OCI registries

Full Changelog: v1.3.0...v1.3.1

Contributors

bdehamer
Assets 2
Loading

v1.3.0

13 Jun 14:27
@bdehamer bdehamer
v1.3.0
ab8de89
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.0
Marketplace
Marketplace

What's Changed

  • Bump actions/attest action to v1.3.0 by @bdehamer in #71
    • Dynamic construction of GitHub API URLs based on GITHUB_SERVER_URL
    • Improved handling of Rekor 409 responses
    • Bugfix - detection of registries with support for the OCI referrers API

Full Changelog: v1.2.0...v1.3.0

Contributors

bdehamer
Assets 2
Loading

v1.2.0

03 Jun 18:01
@bdehamer bdehamer
v1.2.0
49e7311
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.0
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from 1.1.2 to 1.2.0 by @bdehamer in #67
    • Batch processing w/ exponential backoff
    • Enforce 16MB limit on predicate size
    • Bugfix when pushing attestation to OCI registry

Full Changelog: v1.1.2...v1.2.0

Contributors

bdehamer
Assets 2
Loading

v1.1.2

16 May 19:43
@bdehamer bdehamer
v1.1.2
aaa2d0a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.2
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from 1.1.1 to 1.1.2 by @bdehamer in #63
    • Downcase subject name for OCI images
    • Fix accept header when retrieving image manifest
    • Support variants of the Docker Hub registry name

Full Changelog: v1.1.1...v1.1.2

Contributors

bdehamer
Assets 2
Loading

v1.1.1

10 May 17:55
@bdehamer bdehamer
v1.1.1
c29e4e9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.1
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from v1.1.0 to v1.1.1 by @bdehamer in #61
    • Bump @sigstore/sign from 2.3.0 to 2.3.1
    • Bump @sigstore/oci from 0.3.0 to 0.3.2
    • Include more detail in error logging
    • Send API errors to GHA debug log
    • Fix bug preventing failed API requests from being retried

Full Changelog: v1.1.0...v1.1.1

Contributors

bdehamer
Assets 2
Loading

v1.1.0

06 May 19:25
@bdehamer bdehamer
v1.1.0
7d87da1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0
Marketplace
Marketplace

What's Changed

  • Bump actions/attest to v1.1.0 by @bdehamer in #58
    • adds list support for subjectPath input
    • limit attestation subject count
    • ensure subject globs match only files

Full Changelog: v1.0.0...v1.1.0

Contributors

bdehamer
Assets 2
Loading