chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 #12689

dependabot · 2023-03-02T04:06:34Z

Bumps sigstore/cosign-installer from 2.8.1 to 3.0.1.

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.0.1

What's Changed

make cosign v2.0.0 default version by @developer-guy in sigstore/cosign-installer#109

Full Changelog: sigstore/cosign-installer@v3.0.0...v3.0.1

v3.0.0

Breaking change

Cosign v2 has some breaking changes. Please check those: https://blog.sigstore.dev/cosign-2-0-released/

What's Changed

test: add logs when downloading the public keys by @hectorj2f in sigstore/cosign-installer#106

Add support to install v2 and any other cosign release candidate by @hectorj2f in sigstore/cosign-installer#105

v2.0.0 release by @sabre1041 in sigstore/cosign-installer#108

New Contributors

@hectorj2f made their first contribution in sigstore/cosign-installer#106

@sabre1041 made their first contribution in sigstore/cosign-installer#108

Full Changelog: sigstore/cosign-installer@v2...v3.0.0

Commits

c3667d9 make cosign v2.0.0 default version (#109)
77560e3 v2.0.0 release (#108)
4079ad3 Bump actions/checkout from 3.2.0 to 3.3.0 (#107)
55fd288 Add support to install v2 and any other cosign release candidate (#105)
651c379 test: add logs when downloading the public keys (#106)
df6c89e Bump actions/checkout from 3.1.0 to 3.2.0 (#102)
31f2644 Bump actions/setup-go from 3.4.0 to 3.5.0 (#103)
b6757d8 Bump actions/setup-go from 3.3.1 to 3.4.0 (#101)
7bca8b4 Bump actions/setup-go from 3.3.0 to 3.3.1 (#99)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.8.1 to 3.0.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9becc61...c3667d9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

codecov · 2023-03-02T04:18:32Z

Codecov Report

Patch and project coverage have no change.

Comparison is base (f3a3a57) 47.78% compared to head (4642dc3) 47.78%.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #12689   +/-   ##
=======================================
  Coverage   47.78%   47.78%           
=======================================
  Files         246      246           
  Lines       41944    41944           
=======================================
  Hits        20045    20045           
  Misses      19898    19898           
  Partials     2001     2001

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

34fathombelow

We explicitly use cosign version v1.13.1. The new default of this action uses v2.0.0 if a version is not specified. lgtm!

crenshaw-dev · 2023-03-06T21:17:19Z

/cherry-pick release-2.6

crenshaw-dev · 2023-03-06T21:17:26Z

/cherry-pick release-2.5

crenshaw-dev · 2023-03-06T21:17:33Z

/cherry-pick release-2.4

gcp-cherry-pick-bot · 2023-03-06T21:17:55Z

Cherry-pick failed with Merge error 51c9f3efb090a8da70e63afa0137761c1330b546 into temp-cherry-pick-1c42ed-release-2.6

gcp-cherry-pick-bot · 2023-03-06T21:17:59Z

Cherry-pick failed with Merge error 51c9f3efb090a8da70e63afa0137761c1330b546 into temp-cherry-pick-1c42ed-release-2.5

gcp-cherry-pick-bot · 2023-03-06T21:18:03Z

Cherry-pick failed with Merge error 51c9f3efb090a8da70e63afa0137761c1330b546 into temp-cherry-pick-1c42ed-release-2.4

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.8.1 to 3.0.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9becc61...c3667d9) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

crenshaw-dev · 2023-03-06T21:36:06Z

Cherry-picked onto release-2.6, release-2.5, and release-2.4.

…proj#12689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.8.1 to 3.0.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9becc61...c3667d9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 2, 2023

34fathombelow approved these changes Mar 2, 2023

View reviewed changes

34fathombelow added the ready-for-review label Mar 2, 2023

crenshaw-dev approved these changes Mar 6, 2023

View reviewed changes

crenshaw-dev merged commit 51c9f3e into master Mar 6, 2023

crenshaw-dev deleted the dependabot/github_actions/sigstore/cosign-installer-3.0.1 branch March 6, 2023 21:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 #12689

chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 #12689

dependabot bot commented on behalf of github Mar 2, 2023

codecov bot commented Mar 2, 2023

34fathombelow left a comment

crenshaw-dev commented Mar 6, 2023

crenshaw-dev commented Mar 6, 2023

crenshaw-dev commented Mar 6, 2023

gcp-cherry-pick-bot bot commented Mar 6, 2023

gcp-cherry-pick-bot bot commented Mar 6, 2023

gcp-cherry-pick-bot bot commented Mar 6, 2023

crenshaw-dev commented Mar 6, 2023

chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 #12689

chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 #12689

Conversation

dependabot bot commented on behalf of github Mar 2, 2023

v3.0.1

What's Changed

v3.0.0

Breaking change

What's Changed

New Contributors

codecov bot commented Mar 2, 2023

Codecov Report

34fathombelow left a comment

Choose a reason for hiding this comment

crenshaw-dev commented Mar 6, 2023

crenshaw-dev commented Mar 6, 2023

crenshaw-dev commented Mar 6, 2023

gcp-cherry-pick-bot bot commented Mar 6, 2023

gcp-cherry-pick-bot bot commented Mar 6, 2023

gcp-cherry-pick-bot bot commented Mar 6, 2023

crenshaw-dev commented Mar 6, 2023