Bump go-witness to v0.6.1-0.20241106010129-63940cbec45a

in-toto / witness

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

https://witness.dev

Apache License 2.0

415 stars 59 forks source link

Bump go-witness to v0.6.1-0.20241106010129-63940cbec45a #523

Open matglas opened 1 week ago

matglas commented 1 week ago

What this PR does / why we need it

Preparation for new release.

Doing a pinned updates to go-witness@v0.6.1-0.20241106010129-63940cbec45a allows us to make preparations for the next release. My suggestion is that during our next release of witness cli we'll pin it to v0.7.0. But this allows us to move ahead with preparing a new release with multiple changes.

Which issue(s) this PR fixes (optional)

Allowed to merge after this PR:

https://github.com/in-toto/witness/pull/436

Acceptance Criteria Met

[x] Docs changes if needed
[ ] Testing changes if needed
[ ] All workflow checks passing (automatically enforced)
[ ] All review conversations resolved (automatically enforced)
[x] DCO Sign-off

Special notes for your reviewer:

netlify[bot] commented 1 week ago

Deploy Preview for witness-project ready!

Name	Link
Latest commit	552f09ca72857055fe1fb1d409b4c575d4ae7206
Latest deploy log	https://app.netlify.com/sites/witness-project/deploys/673766786aa5970008c009d6
Deploy Preview	https://deploy-preview-523--witness-project.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

matglas commented 1 week ago

Good points. The documentations part is not really solvable in one code base I think. Not if the output of the schema coming from go-witness is stored in the witness repo. You do want to keep the option of fixing or changing documentation without creating a release. Maybe tags like docs-[increment] would be possible and then we push.

Checking in GitHub Actions is possible.

matglas commented 6 days ago

@jkjell for the docs we could also opt for rendering a 'notice' that says "Build from latest. May reflect some upcoming functionality provided by go-witness." This is mostly geared towards the schema's. Apart from that all should be fine.

Thinking about it we already have this problem at this moment because if you create a new flag on master and have it merged it will reflect in the docs without a release. Coming from that angle would it be an idea to create an issue to follow up on this and already merge this PR?