chore(deps): update sigstore/cosign-installer action to v3 (#1400) · defenseunicorns/zarf@b43064c

Commit

chore(deps): update sigstore/cosign-installer action to v3 (#1400)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer)
| action | major | `v2.8.1` -> `v3.3.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.3.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.3.0)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0)

#### What's Changed

- Bump actions/setup-go from 4.1.0 to 5.0.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[sigstore/cosign-installer#152
- update action to use latest cosign v2.2.2 by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/cosign-installer#153

**Full Changelog**:
sigstore/cosign-installer@v3.2.0...v3.3.0

###
[`v3.2.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.1.2...v3.2.0)

**Note: This release comes with a fix for CVE-2023-46737 described in
this [Github Security
Advisory](https://togithub.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9).
Please upgrade to this release ASAP**

see https://github.com/sigstore/cosign/releases/tag/v2.2.1

#### What's Changed

- Support the runner context of gitea act by
[@&#8203;josedev-union](https://togithub.com/josedev-union) in
[sigstore/cosign-installer#147
- bump cosign to v2.2.1 by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/cosign-installer#148
- test with latest go version by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[sigstore/cosign-installer#150

#### New Contributors

- [@&#8203;josedev-union](https://togithub.com/josedev-union) made their
first contribution in
[sigstore/cosign-installer#147

**Full Changelog**:
sigstore/cosign-installer@v3...v3.2.0

###
[`v3.1.2`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.1.2)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.1.1...v3.1.2)

#### What's Changed

- Fix build and push step Readme missing id by
[@&#8203;hbenali](https://togithub.com/hbenali) in
[sigstore/cosign-installer#138
- bump cosign to v2.2.0 by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/cosign-installer#142

#### New Contributors

- [@&#8203;hbenali](https://togithub.com/hbenali) made their first
contribution in
[sigstore/cosign-installer#138

**Full Changelog**:
sigstore/cosign-installer@v3...v3.1.2

###
[`v3.1.1`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.1.1)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1)

#### What's Changed

- default cosign to v2.1.1 by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/cosign-installer#137

**Full Changelog**:
sigstore/cosign-installer@v3.1.0...v3.1.1

###
[`v3.1.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.1.0)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.5...v3.1.0)

#### What's Changed

- update job to use latest action release by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/cosign-installer#130
- Update action example for keyless signing as xarg is not required by
[@&#8203;jbtrystram](https://togithub.com/jbtrystram) in
[sigstore/cosign-installer#132
- update examples by [@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/cosign-installer#133
- bump cosign to default to release v2.1.0 and update docs by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/cosign-installer#136

#### New Contributors

- [@&#8203;jbtrystram](https://togithub.com/jbtrystram) made their first
contribution in
[sigstore/cosign-installer#132

**Full Changelog**:
sigstore/cosign-installer@v3.0.5...v3.1.0

###
[`v3.0.5`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.5)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.4...v3.0.5)

#### What's Changed

- download cosign releases from GitHub rather than GCS by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[sigstore/cosign-installer#126

**Full Changelog**:
sigstore/cosign-installer@v3.0.4...v3.0.5

###
[`v3.0.4`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.4)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.3...v3.0.4)

- Include fix for
[sigstore/cosign-installer#124
- changes download URL for `cosign` binary to github.com instead of GCS

###
[`v3.0.3`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.3)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.2...v3.0.3)

##### What's Changed

- bump to cosign v2.0.2 by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[sigstore/cosign-installer#119
- changes download URL for `cosign` binary to github.com instead of GCS

**Full Changelog**:
sigstore/cosign-installer@v3.0.2...v3.0.3

###
[`v3.0.2`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.2)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.1...v3.0.2)

##### What's Changed

- add --yes to example workflow by
[@&#8203;sebhoss](https://togithub.com/sebhoss) in
[sigstore/cosign-installer#110
- Fix aarch64 action run by
[@&#8203;ananos](https://togithub.com/ananos) in
[sigstore/cosign-installer#113
- Bump actions/checkout from 3.3.0 to 3.4.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[sigstore/cosign-installer#115
- Bump actions/setup-go from 3.5.0 to 4.0.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[sigstore/cosign-installer#114
- Bump actions/checkout from 3.4.0 to 3.5.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[sigstore/cosign-installer#116
- default cosign to v2.0.1 by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/cosign-installer#117
- changes download URL for `cosign` binary to github.com instead of GCS

##### New Contributors

- [@&#8203;sebhoss](https://togithub.com/sebhoss) made their first
contribution in
[sigstore/cosign-installer#110
- [@&#8203;ananos](https://togithub.com/ananos) made their first
contribution in
[sigstore/cosign-installer#113

**Full Changelog**:
sigstore/cosign-installer@v3...v3.0.2

###
[`v3.0.1`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.1)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1)

##### What's Changed

- make cosign v2.0.0 default version by
[@&#8203;developer-guy](https://togithub.com/developer-guy) in
[sigstore/cosign-installer#109
- changes download URL for `cosign` binary to github.com instead of GCS

**Full Changelog**:
sigstore/cosign-installer@v3.0.0...v3.0.1

###
[`v3.0.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.0)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v2.8.1...v3.0.0)

##### Breaking change

Cosign v2 has some breaking changes. Please check those:
https://blog.sigstore.dev/cosign-2-0-released/

##### What's Changed

- test: add logs when downloading the public keys by
[@&#8203;hectorj2f](https://togithub.com/hectorj2f) in
[sigstore/cosign-installer#106
- Add support to install v2 and any other cosign release candidate by
[@&#8203;hectorj2f](https://togithub.com/hectorj2f) in
[sigstore/cosign-installer#105
- v2.0.0 release by [@&#8203;sabre1041](https://togithub.com/sabre1041)
in
[sigstore/cosign-installer#108
- changes download URL for `cosign` binary to github.com instead of GCS

##### New Contributors

- [@&#8203;hectorj2f](https://togithub.com/hectorj2f) made their first
contribution in
[sigstore/cosign-installer#106
- [@&#8203;sabre1041](https://togithub.com/sabre1041) made their first
contribution in
[sigstore/cosign-installer#108

**Full Changelog**:
sigstore/cosign-installer@v2...v3.0.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/zarf).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3Ljg3LjIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Loading branch information

renovate[bot] committed Dec 19, 2023

1 parent 8a1c10b commit b43064c

.github/actions/install-tools/action.yaml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -4,7 +4,7 @@ description: "Install pipeline tools"
  
    runs:

      using: composite

      steps:

        - uses: sigstore/cosign-installer@c85d0e205a72a294fe064f618a87dbac13084086 # v2.8.1

        - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0

        - uses: anchore/sbom-action/download-syft@5ecf649a417b8ae17dc8383dc32d46c03f2312df # v0.15.1

0 comments on commit `b43064c`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `b43064c`

Commit

There are no files selected for viewing

0 comments on commit b43064c

0 comments on commit `b43064c`