Bump github.com/shipwright-io/build from 0.12.0 to 0.13.0

[dependabot]

Bumps github.com/shipwright-io/build from 0.12.0 to 0.13.0.

Release notes

Sourced from github.com/shipwright-io/build's releases.

Shipwright Build release v0.13.0

Release changes since v0.12.0

Features

#1471 by @​HeavyWombat: Git and Bundle sources now produce additional status fields in a BuildRun to return the commit timestamp of the commit being used, or the image/source timestamp of Bundle images respectively.

#1448 by @​SaschaSchwarze0: action required: after you upgraded from v0.12 to v0.13, you can run the following two commands to remove unnecessary permissions: kubectl delete crb shipwright-build-webhook && kubectl delete cr shipwright-build-webhook

#1435 by @​SaschaSchwarze0: Controllers now use Tekton's V1 API to create and access the TaskRun that backs a BuildRun

Fixes

#1499 by @​SaschaSchwarze0: You can now patch a completed BuildRun on the Beta API without removing its status

#1486 by @​SaschaSchwarze0: A BuildRun object in v1alpha1 version is now correctly converted to v1beta1 when it has .spec.serviceAccount.generate set to true

#1429 by @​SaschaSchwarze0: You can now use files and directories with two subsequent dots in its name when using an OCI artifact as source

API Changes

#1504 by @​SaschaSchwarze0: You can now define a Build without any source. This is for example useful when you want to run this build only with local source. Also, some corrections have been made to the Go types.

#1463 by @​qu1queee: Set the storage version to v1beta1 and update Shipwright controllers to operate on the same.

#1441 by @​SaschaSchwarze0: The Build in the beta API has been corrected so that when defining .spec.source.git, then .spec.source.git.url is mandatory.

Docs

#1461 by @​qu1queee: Add ADOPTERS doc

#1460 by @​qu1queee: Add ROADMAP doc

Misc

#1593 by @​openshift-cherrypick-robot: The usage of different secrets or secret keys as values inside one array parameter is now possible

#1591 by @​openshift-cherrypick-robot: An Alpha Build where spec.dockerfile is set to \"\", is now transformed to a Beta Build without the dockerfile parameter to behave like in Alpha

#1552 by @​qu1queee: Improve conversion webhook logging

#1513 by @​SaschaSchwarze0: The minimum Kubernetes version is now 1.27. The minimum Tekton version is 0.50.

#1509 by @​HeavyWombat: Output image section now supports an optional timestamp field, which can be used to change the image creation timestamp, i.e. use string "SourceTimestamp" to let the output image creation timestamp to be modified to the timestamp of the source timestamp.

#1495 by @​SaschaSchwarze0: Shipwright Build is now compiled with Go 1.21

Shipwright Build release v0.13.0-rc0

Changes since v0.12.0

... (truncated)

Commits

• dc66f4c Merge pull request #1594 from SaschaSchwarze0/sascha-v0.13-updates
• 181cc4e Fix CVE-2023-45288
• b387cb9 Bump docker.io/aquasec/trivy from 0.50.4 to 0.51.1
• f9fb8f6 Bump docker.io/aquasec/trivy from 0.50.1 to 0.50.4
• 440fb49 Bump quay.io/containers/buildah from 1.35.0 to 1.35.3
• 5e07c8e Bump docker.io/aquasec/trivy from 0.50.0 to 0.50.1
• 570f276 Merge pull request #1593 from openshift-cherrypick-robot/cherry-pick-1566-to-...
• 30fcfbe Merge pull request #1591 from openshift-cherrypick-robot/cherry-pick-1569-to-...
• 7d90ec2 Correct multiple secret values in one array parameter that references differe...
• 2f8c51b Do not set dockerfile parameter to an empty string to align with behavior of ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)