Closed renovate[bot] closed 1 year ago
Pull request by bot. No need to analyze
Unable to locate .performanceTestingBot config file
Thanks for opening this Pull Request! We need you to:
Fill out the description.
Action: Edit description and replace <!- ... -->
with actual values.
Complete the activities.
Action: Complete If you want to rebase/retry this PR, check this box
If an activity is not applicable, use '\~activity description\~' to mark it not applicable.
View changes in DiffLens
View changes in DiffLens
View changes in DiffLens
View changes in DiffLens
This PR has 2
quantified lines of changes. In general, a change size of upto 200
lines is ideal for the best PR experience!
Was this comment helpful? :thumbsup: :ok_hand: :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.
This PR contains the following updates:
v1.3.0
->v1.4.0
Release Notes
slsa-framework/slsa-github-generator
### [`v1.4.0`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.4.0) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.3.0...v1.4.0) #### What's Changed π₯³ This release is the first Generally Available version of the [Container Generator workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The Container Generator workflow is now considered stable and can be included in your production GitHub Actions workflows π₯³ π This is also the first release (technically the second) with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!! π We hope to have fewer issues with sigstore infrastructure moving forward. ##### Generic Generator ##### Bug fixes 1. Allow users of the [Generic Generator](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance for artifacts created in a project subdirectory ([#1225](https://togithub.com/slsa-framework/slsa-github-generator/issues/1225)) ##### Go Builder ##### Bug fixes 1. Allow environment variables to contain '=' characters in the [Go builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) ([#1231](https://togithub.com/slsa-framework/slsa-github-generator/issues/1231)) #### New Contributors - [@cfergeau](https://togithub.com/cfergeau) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - [@DanAlbert](https://togithub.com/DanAlbert) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) - [@gal-legit](https://togithub.com/gal-legit) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1252](https://togithub.com/slsa-framework/slsa-github-generator/pull/1252) #### Full Changelog - Update references to main after v1.2.2 release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1228](https://togithub.com/slsa-framework/slsa-github-generator/pull/1228) - \[generic] fix attestation file creation when subject names are in subdirectories by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1226](https://togithub.com/slsa-framework/slsa-github-generator/pull/1226) - Update docs to use v1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1229](https://togithub.com/slsa-framework/slsa-github-generator/pull/1229) - Update RELEASE docs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1227](https://togithub.com/slsa-framework/slsa-github-generator/pull/1227) - chore(deps): update npm dev to v5.43.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1230](https://togithub.com/slsa-framework/slsa-github-generator/pull/1230) - builder: go: Allow equal signs in env vars by [@cfergeau](https://togithub.com/cfergeau) in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - Ko example by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/951](https://togithub.com/slsa-framework/slsa-github-generator/pull/951) - docs(generic-generator): clarify that created provenance is encapsulated by [@diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/slsa-framework/slsa-github-generator/pull/1235](https://togithub.com/slsa-framework/slsa-github-generator/pull/1235) - Fix semver regex in actions pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1233](https://togithub.com/slsa-framework/slsa-github-generator/pull/1233) - Fix typo in doc. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) - Fix reference Gradle workflow. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1240](https://togithub.com/slsa-framework/slsa-github-generator/pull/1240) - Start code freeze for v1.3.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1248](https://togithub.com/slsa-framework/slsa-github-generator/pull/1248) - Undo the v1.3.0 freeze by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1260](https://togithub.com/slsa-framework/slsa-github-generator/pull/1260) - Badges and README updates by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1263](https://togithub.com/slsa-framework/slsa-github-generator/pull/1263) - Fix docs for goreleaser with the generic generator to include docker diβ¦ by [@gal-legit](https://togithub.com/gal-legit) in [https://github.com/slsa-framework/slsa-github-generator/pull/1252](https://togithub.com/slsa-framework/slsa-github-generator/pull/1252) - Fix grep by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1249](https://togithub.com/slsa-framework/slsa-github-generator/pull/1249) - Exclude go from renovate PR grouping by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1268](https://togithub.com/slsa-framework/slsa-github-generator/pull/1268) - chore(deps): update npm dev by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1243](https://togithub.com/slsa-framework/slsa-github-generator/pull/1243) - Fix permissions in doc by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1247](https://togithub.com/slsa-framework/slsa-github-generator/pull/1247) - chore(deps): update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1242](https://togithub.com/slsa-framework/slsa-github-generator/pull/1242) - Update GHA token permissions for generic container workflow by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1258](https://togithub.com/slsa-framework/slsa-github-generator/pull/1258) - fix(deps): update go by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1205](https://togithub.com/slsa-framework/slsa-github-generator/pull/1205) - Update references check to support pre-release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1270](https://togithub.com/slsa-framework/slsa-github-generator/pull/1270) - Restore compile-builder pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1272](https://togithub.com/slsa-framework/slsa-github-generator/pull/1272) - Code freeze v1.4.0 rc.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1271](https://togithub.com/slsa-framework/slsa-github-generator/pull/1271) - undo freeze by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1284](https://togithub.com/slsa-framework/slsa-github-generator/pull/1284) - Revert package perms by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1283](https://togithub.com/slsa-framework/slsa-github-generator/pull/1283) - Code freeze for v1.4.0-rc.1 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1285](https://togithub.com/slsa-framework/slsa-github-generator/pull/1285) - Undo freeze for v1.4.0-rc.1 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1288](https://togithub.com/slsa-framework/slsa-github-generator/pull/1288) - Update generate-builder tag check to support pre-releases by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1287](https://togithub.com/slsa-framework/slsa-github-generator/pull/1287) - refactor: Update refs to v1.4.0-rc.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1290](https://togithub.com/slsa-framework/slsa-github-generator/pull/1290)Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.