chore: Release v1.5.0 (#1693)

Signed-off-by: Ian Lewis <ianlewis@google.com>

.github/workflows/builder_docker-based_slsa3.yml

@@ -102,7 +102,7 @@ jobs:
     steps:
       - name: Generate random 16-byte value (32-char hex encoded)
         id: rng
-        uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.5.0
 
   # This detects the repository and ref of the reusable workflow.
   # For pull request, this gets the head repository and head SHA.
@@ -117,7 +117,7 @@ jobs:
     steps:
       - name: Detect the builder ref
         id: detect
-        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0
 
   ###################################################################
   #                                                                 #
@@ -154,7 +154,7 @@ jobs:
     steps:
       - name: Generate builder binary
         id: generate
-        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -187,7 +187,7 @@ jobs:
     steps:
       - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -259,7 +259,7 @@ jobs:
     needs: [rng, detect-env, generate-builder]
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -367,7 +367,7 @@ jobs:
       provenance-name: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"

.github/workflows/builder_go_slsa3.yml

@@ -87,7 +87,7 @@ jobs:
     steps:
       - name: Generate random 16-byte value (32-char hex encoded)
         id: rng
-        uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.5.0
 
   detect-env:
     outputs:
@@ -99,7 +99,7 @@ jobs:
     steps:
       - name: Detect the builder ref
         id: detect
-        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0
 
   ###################################################################
   #                                                                 #
@@ -114,7 +114,7 @@ jobs:
     steps:
       - name: Generate builder binary
         id: generate
-        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -148,7 +148,7 @@ jobs:
     needs: [builder, rng, detect-env]
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -194,7 +194,7 @@ jobs:
     needs: [builder, build-dry, rng, detect-env]
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -274,7 +274,7 @@ jobs:
       go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }}
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -332,7 +332,7 @@ jobs:
     if: inputs.upload-assets == true
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"

.github/workflows/delegator_generic_slsa3.yml

@@ -77,7 +77,7 @@ jobs:
     steps:
       - name: Generate random 16-byte value (32-char hex encoded)
         id: rng
-        uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.5.0
 
   # verify-token verifies the slsa token.
   verify-token:
@@ -91,15 +91,15 @@ jobs:
     steps:
       - name: Verify token with test action
         id: verify
-        uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.5.0
         with:
           slsa-workflow-recipient: "delegator_generic_slsa3.yml"
           slsa-unverified-token: ${{ inputs.slsa-token }}
           output-predicate: ${{ env.SLSA_PREDICATE_FILE }}
 
       - name: Upload predicate
         id: upload
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.5.0
         with:
           name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}"
           path: ${{ env.SLSA_PREDICATE_FILE }}
@@ -110,7 +110,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check private repos
-        uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.5.0
         with:
           error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override."
           override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }}
@@ -138,7 +138,7 @@ jobs:
           echo "$RUNNER: $RUNNER"
 
       - name: Checkout the tool repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0
         with:
           repository: ${{ needs.verify-token.outputs.tool-repository }}
           ref: ${{ needs.verify-token.outputs.tool-ref }}
@@ -162,7 +162,7 @@ jobs:
           tree
 
       - name: Checkout the project repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.5.0
 
       # NOTE: This calls the Action defined in the slsa-token.
       - name: Build artifacts
@@ -188,7 +188,7 @@ jobs:
 
       - name: Upload artifact layout file
         id: upload
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.5.0
         with:
           name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}"
           path: "${{ env.SLSA_ARTIFACTS_FILE }}"
@@ -203,14 +203,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download the artifact layout file
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.5.0
         with:
           name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}"
           path: "${{ env.SLSA_ARTIFACTS_FILE }}"
           sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }}
 
       - name: Download the predicate file
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.5.0
         with:
           name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}"
           path: ${{ env.SLSA_PREDICATE_FILE }}
@@ -223,7 +223,7 @@ jobs:
 
       - name: Generate attestations
         id: attestations
-        uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.5.0
         with:
           slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }}
           predicate-type: "https://slsa.dev/provenance/v1.0?draft"
@@ -232,7 +232,7 @@ jobs:
 
       - name: Sign attestations
         id: sign
-        uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.5.0
         with:
           attestations: attestations
           output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations"

.github/workflows/e2e.create-docker_based-predicate.schedule.yml

@@ -27,7 +27,7 @@ jobs:
     steps:
       - name: Detect the builder ref
         id: detect
-        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0
       - name: Create predicate
         id: predicate
         uses: ./.github/actions/create-docker_based-predicate

.github/workflows/generator_container_slsa3.yml

@@ -94,7 +94,7 @@ jobs:
       - name: Detect the generator ref
         id: detect
         continue-on-error: true
-        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0
 
       - name: Final outcome
         id: final
@@ -125,7 +125,7 @@ jobs:
       - name: Generate builder
         id: generate-builder
         continue-on-error: true
-        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"

.github/workflows/generator_generic_slsa3.yml

@@ -110,7 +110,7 @@ jobs:
       - name: Detect the generator ref
         id: detect
         continue-on-error: true
-        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.5.0
 
       - name: Final outcome
         id: final
@@ -143,7 +143,7 @@ jobs:
       - name: Generate builder
         id: generate-builder
         continue-on-error: true
-        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -217,7 +217,7 @@ jobs:
       - name: Checkout builder repository
         id: checkout-builder
         continue-on-error: true
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0-rc.0
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.5.0
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"

CHANGELOG.md

@@ -2,7 +2,7 @@
 
 <!-- toc -->
 
-- [Next Release](#next-release)
+- [v1.5.0](#v150)
   - [Summary of changes](#summary-of-changes)
     - [Go builder](#go-builder)
       - [New Features](#new-features)
@@ -61,7 +61,7 @@
 
 <!-- tocstop -->
 
-# Next Release
+# v1.5.0
 
 <!-- Information on the next release will be added here. -->
 
@@ -71,27 +71,27 @@
 
 #### New Features
 
-- A new [`upload-tag-name`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`.
-- The environment variables included in provenance output were changed to include only those variables that are specified by the user in the [slsa-goreleaser.yml configuration file](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go#configuration-file) in order to improve reproducibility. See [#822](https://github.com/slsa-framework/slsa-github-generator/issues/822) for more information and background.
+- A new [`upload-tag-name`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`.
+- The environment variables included in provenance output were changed to include only those variables that are specified by the user in the [slsa-goreleaser.yml configuration file](https://github.com/slsa-framework/slsa-github-generator/tree/v1.5.0/internal/builders/go#configuration-file) in order to improve reproducibility. See [#822](https://github.com/slsa-framework/slsa-github-generator/issues/822) for more information and background.
 
 ### Generic generator
 
 #### New Features
 
-- A new boolean [`continue-on-error`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#workflow-outputs) output.
-- A new [`upload-tag-name`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`.
+- A new boolean [`continue-on-error`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-outputs) output.
+- A new [`upload-tag-name`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`.
 
 ### Container generator
 
 #### New Features
 
-- A new boolean [`continue-on-error`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#workflow-outputs) output.
-- A new [`repository-username`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#workflow-inputs) secret input was added to allow users to pass their repository username that is stored in a [Github Actions encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets). This secret input should only be used for high-entropy registry username values such as AWS Access Key.
-- Support was added for authenticating with [Google Artifact Registry](https://cloud.google.com/artifact-registry) and [Google Container Registry](https://cloud.google.com/container-registry) using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). Users can use this new feature by using the [`gcp-workload-identity-provider` and `gcp-service-account` inputs](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#workflow-inputs)
+- A new boolean [`continue-on-error`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-outputs) output.
+- A new [`repository-username`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) secret input was added to allow users to pass their repository username that is stored in a [Github Actions encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets). This secret input should only be used for high-entropy registry username values such as AWS Access Key.
+- Support was added for authenticating with [Google Artifact Registry](https://cloud.google.com/artifact-registry) and [Google Container Registry](https://cloud.google.com/container-registry) using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). Users can use this new feature by using the [`gcp-workload-identity-provider` and `gcp-service-account` inputs](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs)
 
 ## Changelog since v1.4.0
 
-https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...main
+https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0
 
 # v1.4.0
 

SECURITY.md

@@ -29,6 +29,7 @@ The following versions are currently supported and receive security updates.
 
 | Version | Supported          |
 | ------- | ------------------ |
+| 1.5.x   | :white_check_mark: |
 | 1.4.x   | :white_check_mark: |
 | <=1.2.x | :x:                |