Update slsa-framework/slsa-github-generator action to v1.3.0

renovate[bot] commented 1 year ago

This PR contains the following updates:

Package	Type	Update	Change
slsa-framework/slsa-github-generator	action	minor	`v1.2.0` -> `v1.3.0`

Release Notes

slsa-framework/slsa-github-generator

### [`v1.3.0`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.3.0) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.2.2...v1.3.0) 🚨⚠️ **This is a pre-release that is currently being tested and is subject to change. Please do not upgrade.** ⚠️🚨 #### What's Changed This release is the first Generally Available version of the [generic container workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows. This release includes a couple of bug fixes. 1. Allow users of the [generic generator workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance using for artifacts created in a project subdirectory ([#1225](https://togithub.com/slsa-framework/slsa-github-generator/issues/1225)) 2. Allow environment variables to contain '=' characters in the [Go workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) ([#1231](https://togithub.com/slsa-framework/slsa-github-generator/issues/1231)) #### New Contributors - [@cfergeau](https://togithub.com/cfergeau) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - [@DanAlbert](https://togithub.com/DanAlbert) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) #### Full Changelog - Update references to main after v1.2.2 release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1228](https://togithub.com/slsa-framework/slsa-github-generator/pull/1228) - \[generic] fix attestation file creation when subject names are in subdirectories by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1226](https://togithub.com/slsa-framework/slsa-github-generator/pull/1226) - Update docs to use v1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1229](https://togithub.com/slsa-framework/slsa-github-generator/pull/1229) - Update RELEASE docs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1227](https://togithub.com/slsa-framework/slsa-github-generator/pull/1227) - chore(deps): update npm dev to v5.43.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1230](https://togithub.com/slsa-framework/slsa-github-generator/pull/1230) - builder: go: Allow equal signs in env vars by [@cfergeau](https://togithub.com/cfergeau) in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - Ko example by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/951](https://togithub.com/slsa-framework/slsa-github-generator/pull/951) - docs(generic-generator): clarify that created provenance is encapsulated by [@diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/slsa-framework/slsa-github-generator/pull/1235](https://togithub.com/slsa-framework/slsa-github-generator/pull/1235) - Fix semver regex in actions pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1233](https://togithub.com/slsa-framework/slsa-github-generator/pull/1233) - Fix typo in doc. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) - Fix reference Gradle workflow. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1240](https://togithub.com/slsa-framework/slsa-github-generator/pull/1240) ### [`v1.2.2`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.2.2) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.2.1...v1.2.2) #### What's Changed This release fixes issues with signing provenance due to a change in Sigstore TUF root certificates ([#1163](https://togithub.com/slsa-framework/slsa-github-generator/issues/1163)). This release also includes better handling of transient errors from the Rekor transparency logs. #### New Contributors - [@suzuki-shunsuke](https://togithub.com/suzuki-shunsuke) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1061](https://togithub.com/slsa-framework/slsa-github-generator/pull/1061) - [@datosh](https://togithub.com/datosh) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1074](https://togithub.com/slsa-framework/slsa-github-generator/pull/1074) - [@pnacht](https://togithub.com/pnacht) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1187](https://togithub.com/slsa-framework/slsa-github-generator/pull/1187) - [@dongheelee92](https://togithub.com/dongheelee92) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1209](https://togithub.com/slsa-framework/slsa-github-generator/pull/1209) #### Full Changelog - fix: use GITHUB_OUTPUT instead of deprecated set-output command by [@suzuki-shunsuke](https://togithub.com/suzuki-shunsuke) in [https://github.com/slsa-framework/slsa-github-generator/pull/1061](https://togithub.com/slsa-framework/slsa-github-generator/pull/1061) - Fix reference to generic generator by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1063](https://togithub.com/slsa-framework/slsa-github-generator/pull/1063) - Add presumbit checks for internal actions by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1067](https://togithub.com/slsa-framework/slsa-github-generator/pull/1067) - chore(deps): update gcr.io/distroless/static docker digest to [`cb0f703`](https://togithub.com/slsa-framework/slsa-github-generator/commit/cb0f703) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1062](https://togithub.com/slsa-framework/slsa-github-generator/pull/1062) - Add ref to checkout-node action by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1071](https://togithub.com/slsa-framework/slsa-github-generator/pull/1071) - Document renovate exception for tags over digest. by [@datosh](https://togithub.com/datosh) in [https://github.com/slsa-framework/slsa-github-generator/pull/1074](https://togithub.com/slsa-framework/slsa-github-generator/pull/1074) - ci: exclude codeql on yaml by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1008](https://togithub.com/slsa-framework/slsa-github-generator/pull/1008) - Update CodeQL workflow by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1081](https://togithub.com/slsa-framework/slsa-github-generator/pull/1081) - Remove ref for internal action calls by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1075](https://togithub.com/slsa-framework/slsa-github-generator/pull/1075) - Update link to container generator workflow by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1079](https://togithub.com/slsa-framework/slsa-github-generator/pull/1079) - Add doc on sigstore policy-controller by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/946](https://togithub.com/slsa-framework/slsa-github-generator/pull/946) - Enable CodeQL scanning for Javascript by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1078](https://togithub.com/slsa-framework/slsa-github-generator/pull/1078) - bug: fix path in action by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1085](https://togithub.com/slsa-framework/slsa-github-generator/pull/1085) - bug: additional fixes for ref removal by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1083](https://togithub.com/slsa-framework/slsa-github-generator/pull/1083) - fix: grep in secure download action by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1087](https://togithub.com/slsa-framework/slsa-github-generator/pull/1087) - fix: workingDir by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1107](https://togithub.com/slsa-framework/slsa-github-generator/pull/1107) - fix: workingDir by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1109](https://togithub.com/slsa-framework/slsa-github-generator/pull/1109) - feat: update ref by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1086](https://togithub.com/slsa-framework/slsa-github-generator/pull/1086) - doc: add tag pinning documentation in each builder README by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1106](https://togithub.com/slsa-framework/slsa-github-generator/pull/1106) - docs: update release.md for generating verifier e2e tests by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1108](https://togithub.com/slsa-framework/slsa-github-generator/pull/1108) - fix: use GITHUB_OUTPUT instead of deprecated set-output command by [@suzuki-shunsuke](https://togithub.com/suzuki-shunsuke) in [https://github.com/slsa-framework/slsa-github-generator/pull/1066](https://togithub.com/slsa-framework/slsa-github-generator/pull/1066) - fix: checkout uses the wrong repository by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1113](https://togithub.com/slsa-framework/slsa-github-generator/pull/1113) - fix(deps): update module github.com/in-toto/in-toto-golang to v0.4.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/987](https://togithub.com/slsa-framework/slsa-github-generator/pull/987) - chore(deps): update github-actions to v3 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1059](https://togithub.com/slsa-framework/slsa-github-generator/pull/1059) - feat: improve refs by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1126](https://togithub.com/slsa-framework/slsa-github-generator/pull/1126) - Fix privacy-check checkout by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1160](https://togithub.com/slsa-framework/slsa-github-generator/pull/1160) - Update Rekor to v1.0.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1121](https://togithub.com/slsa-framework/slsa-github-generator/pull/1121) - Update Rekor client by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1162](https://togithub.com/slsa-framework/slsa-github-generator/pull/1162) - Add documentation for private-repository input by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1165](https://togithub.com/slsa-framework/slsa-github-generator/pull/1165) - Temporarily disable pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1171](https://togithub.com/slsa-framework/slsa-github-generator/pull/1171) - re-enable pre-submits by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1161](https://togithub.com/slsa-framework/slsa-github-generator/pull/1161) - fix(deps): update module github.com/sigstore/sigstore to v1.4.5 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1123](https://togithub.com/slsa-framework/slsa-github-generator/pull/1123) - fix(deps): update module github.com/in-toto/in-toto-golang to v0.5.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1122](https://togithub.com/slsa-framework/slsa-github-generator/pull/1122) - chore(deps): update dependency eslint to v8.26.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1115](https://togithub.com/slsa-framework/slsa-github-generator/pull/1115) - fix(deps): update module github.com/slsa-framework/slsa-github-generator to v1.2.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1114](https://togithub.com/slsa-framework/slsa-github-generator/pull/1114) - fix(deps): update module github.com/spf13/cobra to v1.6.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1058](https://togithub.com/slsa-framework/slsa-github-generator/pull/1058) - fix(deps): update module github.com/sigstore/cosign to v1.13.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1057](https://togithub.com/slsa-framework/slsa-github-generator/pull/1057) - chore(deps): update typescript-eslint monorepo to v5.41.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1056](https://togithub.com/slsa-framework/slsa-github-generator/pull/1056) - chore(deps): update dependency eslint-plugin-github to v4.4.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1055](https://togithub.com/slsa-framework/slsa-github-generator/pull/1055) - chore(deps): update dependency [@types/node](https://togithub.com/types/node) to v16.18.2 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1054](https://togithub.com/slsa-framework/slsa-github-generator/pull/1054) - chore(deps): update dependency [@types/node](https://togithub.com/types/node) to v18 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1179](https://togithub.com/slsa-framework/slsa-github-generator/pull/1179) - chore(deps): update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/864](https://togithub.com/slsa-framework/slsa-github-generator/pull/864) - verifier: update verifier version to v1.3.2 by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1184](https://togithub.com/slsa-framework/slsa-github-generator/pull/1184) - Add known issues to docs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1170](https://togithub.com/slsa-framework/slsa-github-generator/pull/1170) - 📖 Bump version tag in examples by [@pnacht](https://togithub.com/pnacht) in [https://github.com/slsa-framework/slsa-github-generator/pull/1187](https://togithub.com/slsa-framework/slsa-github-generator/pull/1187) - Container build type by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1176](https://togithub.com/slsa-framework/slsa-github-generator/pull/1176) - Group updates for renovate by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1185](https://togithub.com/slsa-framework/slsa-github-generator/pull/1185) - Add CONTRIBUTING.md by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1080](https://togithub.com/slsa-framework/slsa-github-generator/pull/1080) - feat: add commands to nodejs builder by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1189](https://togithub.com/slsa-framework/slsa-github-generator/pull/1189) - cleanup: remove more set-outputs by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1194](https://togithub.com/slsa-framework/slsa-github-generator/pull/1194) - chore(deps): update npm dev by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1203](https://togithub.com/slsa-framework/slsa-github-generator/pull/1203) - chore(deps): update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1202](https://togithub.com/slsa-framework/slsa-github-generator/pull/1202) - chore(deps): update gcr.io/distroless/static docker digest to [`5759d19`](https://togithub.com/slsa-framework/slsa-github-generator/commit/5759d19) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1201](https://togithub.com/slsa-framework/slsa-github-generator/pull/1201) - feat: npm builder updates by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1206](https://togithub.com/slsa-framework/slsa-github-generator/pull/1206) - chore(deps): update dependency eslint to v8.27.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1208](https://togithub.com/slsa-framework/slsa-github-generator/pull/1208) - \[doc] Add example for Python by [@dongheelee92](https://togithub.com/dongheelee92) in [https://github.com/slsa-framework/slsa-github-generator/pull/1209](https://togithub.com/slsa-framework/slsa-github-generator/pull/1209) - \[doc] update TOC(Table Of Content) for python example by [@dongheelee92](https://togithub.com/dongheelee92) in [https://github.com/slsa-framework/slsa-github-generator/pull/1213](https://togithub.com/slsa-framework/slsa-github-generator/pull/1213) - Fix PR description check for releases by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1211](https://togithub.com/slsa-framework/slsa-github-generator/pull/1211) - release: fix release tag reference by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1215](https://togithub.com/slsa-framework/slsa-github-generator/pull/1215) - Update release instructions by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1212](https://togithub.com/slsa-framework/slsa-github-generator/pull/1212) - Update release tag for v1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1210](https://togithub.com/slsa-framework/slsa-github-generator/pull/1210) - Revert "Update release tag for v1.2.2 ([#1210](https://togithub.com/slsa-framework/slsa-github-generator/issues/1210))" by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1220](https://togithub.com/slsa-framework/slsa-github-generator/pull/1220) - Fix builder-fetch.sh path by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1221](https://togithub.com/slsa-framework/slsa-github-generator/pull/1221) - Update refs for release 1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1222](https://togithub.com/slsa-framework/slsa-github-generator/pull/1222) ### [`v1.2.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.2.1) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.2.0...v1.2.1) 🚨⚠️ **DO NOT USE THIS RELEASE. This version will no longer work and is not supported due to errors described in [#1163](https://togithub.com/slsa-framework/slsa-github-generator/issues/1163). Please upgrade to [v1.2.2](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.2.2) or later.** ⚠️🚨 ### What's Changed This release fixes an error that occurs on the "Generate Builder" step for various workflows. FAILED: SLSA verification failed: could not find a matching valid signature entry See [#942](https://togithub.com/slsa-framework/slsa-github-generator/issues/942) #### Generic generator ##### buildType This release changes the [`buildType`](https://slsa.dev/provenance/v0.2#buildType) used in provenance created by the generic generator. The previous value was: "buildType": "https://github.com/slsa-framework/slsa-github-generator@v1", The new value is: "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", See [#627](https://togithub.com/slsa-framework/slsa-github-generator/issues/627) ##### Provenance file names Previously the default file name for provenance was `attestation.intoto.jsonl`. This has been updated to be in line with [intoto attestation file naming conventions](https://togithub.com/in-toto/attestation/blob/main/spec/bundle.md#file-naming-convention). The file name now defaults to `.intoto.jsonl` if there is a single artifact, or `multiple.intoto.jsonl` if there are multiple artifacts. See [#654](https://togithub.com/slsa-framework/slsa-github-generator/issues/654) ##### Explicit opt-in for private repos Private repository support was enhanced to required the `private-repository` input field as the repository name will be made public in the public Rekor transparency log. Please add the following to your workflows if you opt into allowing repository names to be recorded in the public Rekor transparency log. ```yaml with: private-repository: true ``` See [#823](https://togithub.com/slsa-framework/slsa-github-generator/issues/823) #### Go builder ##### Support private repos Support for private repositories was fixed. If using a private repository you must specify the `private-repository` input field as the repository name will be made public in the public Rekor transparency log. Please add the following to your workflows if you opt into allowing repository names to be recorded in the public Rekor transparency log. ```yaml with: private-repository: true ``` See [#823](https://togithub.com/slsa-framework/slsa-github-generator/issues/823) ### New Contributors - [@sethmlarson](https://togithub.com/sethmlarson) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/758](https://togithub.com/slsa-framework/slsa-github-generator/pull/758) - [@yunginnanet](https://togithub.com/yunginnanet) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/776](https://togithub.com/slsa-framework/slsa-github-generator/pull/776) - [@diogoteles08](https://togithub.com/diogoteles08) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/957](https://togithub.com/slsa-framework/slsa-github-generator/pull/957) ### Full Changelog - doc: release doc typos by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/589](https://togithub.com/slsa-framework/slsa-github-generator/pull/589) - Haskell provenance by [@mihaimaruseac](https://togithub.com/mihaimaruseac) in [https://github.com/slsa-framework/slsa-github-generator/pull/595](https://togithub.com/slsa-framework/slsa-github-generator/pull/595) - fix: Remove `build:id` in generic examples by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/596](https://togithub.com/slsa-framework/slsa-github-generator/pull/596) - Add provenance for Haskell by [@mihaimaruseac](https://togithub.com/mihaimaruseac) in [https://github.com/slsa-framework/slsa-github-generator/pull/608](https://togithub.com/slsa-framework/slsa-github-generator/pull/608) - feat: Share util functions by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/598](https://togithub.com/slsa-framework/slsa-github-generator/pull/598) - Add digest input to container docs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/591](https://togithub.com/slsa-framework/slsa-github-generator/pull/591) - Fix linter pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/333](https://togithub.com/slsa-framework/slsa-github-generator/pull/333) - Add doc for attestation-name by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/618](https://togithub.com/slsa-framework/slsa-github-generator/pull/618) - Update golang.org/x/oauth2 digest to [`128564f`](https://togithub.com/slsa-framework/slsa-github-generator/commit/128564f) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/620](https://togithub.com/slsa-framework/slsa-github-generator/pull/620) - Add links to milestones as a roadmap by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/612](https://togithub.com/slsa-framework/slsa-github-generator/pull/612) - Update typos and formatting in RELEASE.md by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/518](https://togithub.com/slsa-framework/slsa-github-generator/pull/518) - Remove legacy env vars by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/616](https://togithub.com/slsa-framework/slsa-github-generator/pull/616) - Update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/621](https://togithub.com/slsa-framework/slsa-github-generator/pull/621) - Move computesha256 to typescript by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/slsa-framework/slsa-github-generator/pull/546](https://togithub.com/slsa-framework/slsa-github-generator/pull/546) - Update tags for renovatebot by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/622](https://togithub.com/slsa-framework/slsa-github-generator/pull/622) - Update module github.com/sigstore/cosign to v1.10.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/623](https://togithub.com/slsa-framework/slsa-github-generator/pull/623) - Fix support for --signature="" by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/615](https://togithub.com/slsa-framework/slsa-github-generator/pull/615) - Update buildType of generic generator by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/628](https://togithub.com/slsa-framework/slsa-github-generator/pull/628) - Use a temp dir for cwd in tests by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/633](https://togithub.com/slsa-framework/slsa-github-generator/pull/633) - Update availability information of builders by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/635](https://togithub.com/slsa-framework/slsa-github-generator/pull/635) - Update generic README.md for availability by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/636](https://togithub.com/slsa-framework/slsa-github-generator/pull/636) - Update module github.com/slsa-framework/slsa-github-generator to v1.2.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/624](https://togithub.com/slsa-framework/slsa-github-generator/pull/624) - Update module github.com/coreos/go-oidc to v3 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/485](https://togithub.com/slsa-framework/slsa-github-generator/pull/485) - Update golang digest to [`9349ed8`](https://togithub.com/slsa-framework/slsa-github-generator/commit/9349ed8) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/557](https://togithub.com/slsa-framework/slsa-github-generator/pull/557) - Request for membership by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/slsa-framework/slsa-github-generator/pull/428](https://togithub.com/slsa-framework/slsa-github-generator/pull/428) - Fix builder dir in container workflow by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/640](https://togithub.com/slsa-framework/slsa-github-generator/pull/640) - Included typescript-eslint by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/slsa-framework/slsa-github-generator/pull/639](https://togithub.com/slsa-framework/slsa-github-generator/pull/639) - feat: Group NodeJs update by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/653](https://togithub.com/slsa-framework/slsa-github-generator/pull/653) - Update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/648](https://togithub.com/slsa-framework/slsa-github-generator/pull/648) - Update module github.com/sigstore/rekor to v0.10.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/650](https://togithub.com/slsa-framework/slsa-github-generator/pull/650) - Update module github.com/coreos/go-oidc to v2.2.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/649](https://togithub.com/slsa-framework/slsa-github-generator/pull/649) - Update dependency prettier to v2.7.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/647](https://togithub.com/slsa-framework/slsa-github-generator/pull/647) - Update module github.com/sigstore/sigstore to v1.3.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/643](https://togithub.com/slsa-framework/slsa-github-generator/pull/643) - Update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/689](https://togithub.com/slsa-framework/slsa-github-generator/pull/689) - chore: update verifier to v1.3.0 by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/718](https://togithub.com/slsa-framework/slsa-github-generator/pull/718) - Update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/711](https://togithub.com/slsa-framework/slsa-github-generator/pull/711) - Update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/723](https://togithub.com/slsa-framework/slsa-github-generator/pull/723) - Update dependency [@types/node](https://togithub.com/types/node) to v16.11.53 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/645](https://togithub.com/slsa-framework/slsa-github-generator/pull/645) - Update module github.com/sigstore/rekor to v0.11.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/724](https://togithub.com/slsa-framework/slsa-github-generator/pull/724) - contents: write is required for the generic builder by [@sethmlarson](https://togithub.com/sethmlarson) in [https://github.com/slsa-framework/slsa-github-generator/pull/758](https://togithub.com/slsa-framework/slsa-github-generator/pull/758) - docs: fix valid path to dir by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/717](https://togithub.com/slsa-framework/slsa-github-generator/pull/717) - bug: fix address for fulcio by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/760](https://togithub.com/slsa-framework/slsa-github-generator/pull/760) - Fix permissions in generic workflow doc by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/761](https://togithub.com/slsa-framework/slsa-github-generator/pull/761) - fix: type in OIDC word by [@developer-guy](https://togithub.com/developer-guy) in [https://github.com/slsa-framework/slsa-github-generator/pull/774](https://togithub.com/slsa-framework/slsa-github-generator/pull/774) - Update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/765](https://togithub.com/slsa-framework/slsa-github-generator/pull/765) - Update README.md by [@yunginnanet](https://togithub.com/yunginnanet) in [https://github.com/slsa-framework/slsa-github-generator/pull/776](https://togithub.com/slsa-framework/slsa-github-generator/pull/776) - Temporarily disable Run test. by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/772](https://togithub.com/slsa-framework/slsa-github-generator/pull/772) - Fix log message for tlog upload by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/773](https://togithub.com/slsa-framework/slsa-github-generator/pull/773) - Rename attestation-name by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/777](https://togithub.com/slsa-framework/slsa-github-generator/pull/777) - Update dependency [@actions/core](https://togithub.com/actions/core) to v1.9.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/644](https://togithub.com/slsa-framework/slsa-github-generator/pull/644) - Update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/785](https://togithub.com/slsa-framework/slsa-github-generator/pull/785) - Update dependency [@vercel/ncc](https://togithub.com/vercel/ncc) to v0.34.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/646](https://togithub.com/slsa-framework/slsa-github-generator/pull/646) - feat: harden checkout by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/795](https://togithub.com/slsa-framework/slsa-github-generator/pull/795) - Updated scorecard v2 by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/slsa-framework/slsa-github-generator/pull/791](https://togithub.com/slsa-framework/slsa-github-generator/pull/791) - feat: pin verify action by hash by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/796](https://togithub.com/slsa-framework/slsa-github-generator/pull/796) - Refactor Makefiles by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/792](https://togithub.com/slsa-framework/slsa-github-generator/pull/792) - Add pre-submit to verify base images by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/592](https://togithub.com/slsa-framework/slsa-github-generator/pull/592) - Runner API by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/632](https://togithub.com/slsa-framework/slsa-github-generator/pull/632) - Update pwd code in unit-test by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/826](https://togithub.com/slsa-framework/slsa-github-generator/pull/826) - Remove PWD from provenance env by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/825](https://togithub.com/slsa-framework/slsa-github-generator/pull/825) - Update module github.com/sigstore/sigstore to v1.4.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/766](https://togithub.com/slsa-framework/slsa-github-generator/pull/766) - Update module github.com/sigstore/cosign to v1.11.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/690](https://togithub.com/slsa-framework/slsa-github-generator/pull/690) - Update dependency eslint to v8.23.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/691](https://togithub.com/slsa-framework/slsa-github-generator/pull/691) - Update gcr.io/distroless/static Docker digest to [`f4787e8`](https://togithub.com/slsa-framework/slsa-github-generator/commit/f4787e8) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/838](https://togithub.com/slsa-framework/slsa-github-generator/pull/838) - Update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/839](https://togithub.com/slsa-framework/slsa-github-generator/pull/839) - Update golang.org/x/oauth2 digest to [`f213421`](https://togithub.com/slsa-framework/slsa-github-generator/commit/f213421) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/841](https://togithub.com/slsa-framework/slsa-github-generator/pull/841) - Update dependency [@types/node](https://togithub.com/types/node) to v16.11.58 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/842](https://togithub.com/slsa-framework/slsa-github-generator/pull/842) - Update module github.com/google/go-cmp to v0.5.9 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/843](https://togithub.com/slsa-framework/slsa-github-generator/pull/843) - Update typescript-eslint monorepo to v5.36.2 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/693](https://togithub.com/slsa-framework/slsa-github-generator/pull/693) - Add privacy-check action by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/836](https://togithub.com/slsa-framework/slsa-github-generator/pull/836) - Add call to privacy check to workflows by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/850](https://togithub.com/slsa-framework/slsa-github-generator/pull/850) - Remove contents:read from privacy-check by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/855](https://togithub.com/slsa-framework/slsa-github-generator/pull/855) - \[docs] Verifying provenance with kyverno by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/853](https://togithub.com/slsa-framework/slsa-github-generator/pull/853) - Updated README.md to include Scorecard badge by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/slsa-framework/slsa-github-generator/pull/870](https://togithub.com/slsa-framework/slsa-github-generator/pull/870) - Update typescript-eslint monorepo to v5.37.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/869](https://togithub.com/slsa-framework/slsa-github-generator/pull/869) - Update dependency [@types/node](https://togithub.com/types/node) to v16.11.59 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/862](https://togithub.com/slsa-framework/slsa-github-generator/pull/862) - Pin dependencies by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/861](https://togithub.com/slsa-framework/slsa-github-generator/pull/861) - Update dependency eslint to v8.23.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/866](https://togithub.com/slsa-framework/slsa-github-generator/pull/866) - Check result of dist and checkout pre-submits by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/887](https://togithub.com/slsa-framework/slsa-github-generator/pull/887) - Update dependency typescript to v4.8.3 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/867](https://togithub.com/slsa-framework/slsa-github-generator/pull/867) - Add example of using cosign and cue policy by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/902](https://togithub.com/slsa-framework/slsa-github-generator/pull/902) - Add OpenSSF best practices badge by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/891](https://togithub.com/slsa-framework/slsa-github-generator/pull/891) - feat: add log when verify-checkout fails by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/905](https://togithub.com/slsa-framework/slsa-github-generator/pull/905) - feat: Add npm builder workflow by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/881](https://togithub.com/slsa-framework/slsa-github-generator/pull/881) - Log the GitHub context by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/913](https://togithub.com/slsa-framework/slsa-github-generator/pull/913) - fix: verify-checkout uses wrong sha to validate for pull_requests by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/941](https://togithub.com/slsa-framework/slsa-github-generator/pull/941) - update verifier version in actions by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/945](https://togithub.com/slsa-framework/slsa-github-generator/pull/945) - Update READMEs to clarify that SLSA generators and builders must be referred by tag by [@diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/slsa-framework/slsa-github-generator/pull/957](https://togithub.com/slsa-framework/slsa-github-generator/pull/957) - Update module github.com/sigstore/rekor to v0.12.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/844](https://togithub.com/slsa-framework/slsa-github-generator/pull/844) - chore(deps): update dependency [@types/node](https://togithub.com/types/node) to v16.11.64 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/906](https://togithub.com/slsa-framework/slsa-github-generator/pull/906) - fix(deps): update module github.com/sigstore/sigstore to v1.4.2 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/865](https://togithub.com/slsa-framework/slsa-github-generator/pull/865) - fix(deps): update dependency [@actions/github](https://togithub.com/actions/github) to v5.1.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/907](https://togithub.com/slsa-framework/slsa-github-generator/pull/907) - chore(deps): update dependency eslint to v8.24.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/908](https://togithub.com/slsa-framework/slsa-github-generator/pull/908) - chore(deps): update typescript-eslint monorepo to v5.39.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/910](https://togithub.com/slsa-framework/slsa-github-generator/pull/910) - chore(deps): update gcr.io/distroless/static docker digest to [`7292458`](https://togithub.com/slsa-framework/slsa-github-generator/commit/7292458) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/972](https://togithub.com/slsa-framework/slsa-github-generator/pull/972) - fix(deps): update golang.org/x/oauth2 digest to [`b44042a`](https://togithub.com/slsa-framework/slsa-github-generator/commit/b44042a) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/973](https://togithub.com/slsa-framework/slsa-github-generator/pull/973) - chore(deps): update dependency typescript to v4.8.4 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/979](https://togithub.com/slsa-framework/slsa-github-generator/pull/979) - fix(deps): update module github.com/sigstore/rekor to v0.12.2 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/980](https://togithub.com/slsa-framework/slsa-github-generator/pull/980) - fix(deps): update module github.com/sigstore/sigstore to v1.4.4 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/982](https://togithub.com/slsa-framework/slsa-github-generator/pull/982) - chore(deps): update dependency eslint to v8.25.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/983](https://togithub.com/slsa-framework/slsa-github-generator/pull/983) - fix(deps): update dependency [@actions/core](https://togithub.com/actions/core) to v1.10.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/986](https://togithub.com/slsa-framework/slsa-github-generator/pull/986) - Add secure-checkout action by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/971](https://togithub.com/slsa-framework/slsa-github-generator/pull/971) - Fix input default values by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/991](https://togithub.com/slsa-framework/slsa-github-generator/pull/991) - Update checkout-(go|node) to use secure-checkout by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/992](https://togithub.com/slsa-framework/slsa-github-generator/pull/992) - Fix secure-checkout bugs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/994](https://togithub.com/slsa-framework/slsa-github-generator/pull/994) - Update secure-checkout by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/995](https://togithub.com/slsa-framework/slsa-github-generator/pull/995) - Update ref for checkout-go by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/993](https://togithub.com/slsa-framework/slsa-github-generator/pull/993) - Remove exclude checkout-go|node from presubmit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/997](https://togithub.com/slsa-framework/slsa-github-generator/pull/997) - Support ref in secure-checkout by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1005](https://togithub.com/slsa-framework/slsa-github-generator/pull/1005) - Use ref for secure-checkout by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1006](https://togithub.com/slsa-framework/slsa-github-generator/pull/1006) - Restore default inputs for checkout-go by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1007](https://togithub.com/slsa-framework/slsa-github-generator/pull/1007) - fix: fix ref from detect-env in pull_request by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1010](https://togithub.com/slsa-framework/slsa-github-generator/pull/1010) - update refs to generate-builder by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1009](https://togithub.com/slsa-framework/slsa-github-generator/pull/1009) - Fix token use in secure-checkout by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1011](https://togithub.com/slsa-framework/slsa-github-generator/pull/1011) - fix: use updated ref for secure-checkout by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1046](https://togithub.com/slsa-framework/slsa-github-generator/pull/1046) - fix: update refs for checkout-go by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1048](https://togithub.com/slsa-framework/slsa-github-generator/pull/1048) - fix: update refs for checkout-go by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1049](https://togithub.com/slsa-framework/slsa-github-generator/pull/1049) - update refs for generate-builder by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1050](https://togithub.com/slsa-framework/slsa-github-generator/pull/1050)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

performance-testing-bot[bot] commented 1 year ago

Unable to locate .performanceTestingBot config file

viezly[bot] commented 1 year ago

Pull request by bot. No need to analyze

difflens[bot] commented 1 year ago

View changes in DiffLens

guide-bot[bot] commented 1 year ago

Thanks for opening this Pull Request! We need you to:

Fill out the description.

Action: Edit description and replace <!- ... --> with actual values.
Complete the activities.

Action: Complete If you want to rebase/retry this PR, check this box

If an activity is not applicable, use '\~activity description\~' to mark it not applicable.

difflens[bot] commented 1 year ago

View changes in DiffLens

pull-request-quantifier-deprecated[bot] commented 1 year ago

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

Quantification details

``` Label : Extra Small Size : +1 -1 Percentile : 0.8% Total files changed: 1 Change summary by file extension: .yml : +1 -1 ``` > Change counts above are quantified counts, based on the [PullRequestQuantifier customizations](https://github.com/microsoft/PullRequestQuantifier/blob/main/docs/prquantifier-yaml.md).

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a balance between between PR complexity and PR review overhead. PRs within the optimal size (typical small, or medium sized PRs) mean: - Fast and predictable releases to production: - Optimal size changes are more likely to be reviewed faster with fewer iterations. - Similarity in low PR complexity drives similar review times. - Review quality is likely higher as complexity is lower: - Bugs are more likely to be detected. - Code inconsistencies are more likely to be detected. - Knowledge sharing is improved within the participants: - Small portions can be assimilated better. - Better engineering practices are exercised: - Solving big problems by dividing them in well contained, smaller problems. - Exercising separation of concerns within the code changes. #### What can I do to optimize my changes - Use the PullRequestQuantifier to quantify your PR accurately - Create a context profile for your repo using the [context generator](https://github.com/microsoft/PullRequestQuantifier/releases) - Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the `Excluded` section from your `prquantifier.yaml` context profile. - Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your `prquantifier.yaml` context profile. - Only use the labels that matter to you, [see context specification](./docs/prquantifier-yaml.md) to customize your `prquantifier.yaml` context profile. - Change your engineering behaviors - For PRs that fall outside of the desired spectrum, review the details and check if: - Your PR could be split in smaller, self-contained PRs instead - Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR). #### How to interpret the change counts in git diff output - One line was added: `+1 -0` - One line was deleted: `+0 -1` - One line was modified: `+1 -1` (git diff doesn't know about modified, it will interpret that line like one addition plus one deletion) - Change percentiles: Change characteristics (addition, deletion, modification) of this PR in relation to all other PRs within the repository.

Was this comment helpful? :thumbsup: :ok_hand: :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.

AdamOswald / tes

Update slsa-framework/slsa-github-generator action to v1.3.0 #69

Release Notes

Configuration