-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update sigstore/cosign-installer action to v3 (v1.13) #26704
chore(deps): update sigstore/cosign-installer action to v3 (v1.13) #26704
Conversation
Signed-off-by: renovate[bot] <bot@renovateapp.com>
/test-backport-1.13 Job 'Cilium-PR-K8s-1.21-kernel-4.19' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.21-kernel-4.19/65/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. Job 'Cilium-PR-K8s-1.18-kernel-4.19' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.18-kernel-4.19/66/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
FYI this broke the CI and had to be reverted #26690 /cc @nbusseneau |
@aanm What broke, specifically? 🤔 We did this upgrade already in |
OK found it:
We were missing 3fcaa50... |
This variable is now obsolete as sigstore/cosign-installer v3 and above have switched to Cosign 2.0, cf. https://blog.sigstore.dev/cosign-2-0-released/ Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 3fcaa50 ] With the upgrade of cosign to v3.0.0, a user needs to confirm the following prompt: ``` Note that there may be personally identifiable information associated with this signed artifact. This may include the email address associated with the account with which you authenticate. This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later. By typing 'y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs. ``` This commit adds a flag to skip any confirmation prompts that cosign will perform. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
Pushed the commits, please review. |
This PR contains the following updates:
v2.8.1
->v3.1.1
Release Notes
sigstore/cosign-installer (sigstore/cosign-installer)
v3.1.1
Compare Source
What's Changed
Full Changelog: sigstore/cosign-installer@v3.1.0...v3.1.1
v3.1.0
Compare Source
What's Changed
New Contributors
Full Changelog: sigstore/cosign-installer@v3.0.5...v3.1.0
v3.0.5
Compare Source
What's Changed
Full Changelog: sigstore/cosign-installer@v3.0.4...v3.0.5
v3.0.4
Compare Source
cosign
binary to github.com instead of GCSv3.0.3
Compare Source
What's Changed
cosign
binary to github.com instead of GCSFull Changelog: sigstore/cosign-installer@v3.0.2...v3.0.3
v3.0.2
Compare Source
What's Changed
cosign
binary to github.com instead of GCSNew Contributors
Full Changelog: sigstore/cosign-installer@v3...v3.0.2
v3.0.1
Compare Source
What's Changed
cosign
binary to github.com instead of GCSFull Changelog: sigstore/cosign-installer@v3.0.0...v3.0.1
v3.0.0
Compare Source
Breaking change
Cosign v2 has some breaking changes. Please check those: https://blog.sigstore.dev/cosign-2-0-released/
What's Changed
cosign
binary to github.com instead of GCSNew Contributors
Full Changelog: sigstore/cosign-installer@v2...v3.0.0
Configuration
📅 Schedule: Branch creation - "on friday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.