Skip to content

v0.3.0
Compare
Choose a tag to compare
@github-actions github-actions released this 25 Aug 21:54
· 344 commits to main since this release
v0.3.0
707a2cb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's new

  • .gitconfig support - You can now configure Gitsign with your ~/.gitconfig and/or .git/config files! See File Config for more details.

    $ git config gitsign.fulcio https://fulcio.example.com
$ cat ~/.gitconfig
[gitsign]
      fulcio = https://fulcio.example.com

  • Dex connector configuration - You can now configure the Dex connector ID to use when authenticating. This can help speed up workflows by pre-selecting the identity provider to use when signing in. For example, to always sign in with GitHub:

    $ git config gitsign.connectorID https://github.com/login/oauth

    Supported values depend on the OIDC issuer you are using. For the public Sigstore instance (oauth2.sigstore.dev):

    Provider Connector ID
    GitHub https://github.com/login/oauth
    Google https://accounts.google.com
    Microsoft https://login.microsoftonline.com

  • Experimental support for Git based attestations - store attestations about your code directly in your repository! (note: This is not yet included in the main gitsign binary and is not available as a downloadable release artifact - please install from source).

Changelog

  • 707a2cb Recognize SIGSTORE_ prefixed environment variables. (#123)
  • cff750b Add connectorID option (#122)
  • 7fcbc7b Add gitsign-attest (#113)
  • f215bd8 Add file based configuration. (#121)
  • 7916a8b Update go modules to go1.18 (#120)
  • 1eaab67 Bump anchore/sbom-action from 0.11.0 to 0.12.0 (#116)
  • a22383d Bump github.com/sigstore/rekor from 0.10.0 to 0.11.0 (#117)
  • a748c05 Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#115)
  • 0561fe8 Bump github.com/go-openapi/swag from 0.22.0 to 0.22.3 (#118)
  • ec2da04 Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 (#119)
  • 1d4fc64 Gitignore and verify consume (#109)
  • bd39f7c Bump actions/cache from 3.0.6 to 3.0.7 (#112)
  • 355fea8 Bump cosign version to 0.10.1 (#111)
  • 084c46f Bump actions/cache from 3.0.5 to 3.0.6 (#106)
  • f0cac92 Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 (#107)
  • d9a9aba Add note to credential cache docs about cache directory selection. (#102)
  • edb89df Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#100)
  • da368d7 Bump github.com/sigstore/rekor from 0.9.1 to 0.10.0 (#101)
  • 57bdce0 Bump actions/setup-go from 3.2.0 to 3.2.1 (#95)
  • be797c9 Bump actions/cache from 3.0.4 to 3.0.5 (#96)
  • bf41df3 Bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3 (#97)
  • 31ae988 Bump github.com/sigstore/rekor from 0.9.0 to 0.9.1 (#93)
  • 3a86508 --version: Print out relevant env variables. (#92)

Thanks to all contributors!

Assets 72
Loading