This release contains bug fixes, stability fixes and dependency
updates.
Updating to this version does not require any changes to GitHub
workflow files.
Changes
Increased the number of root rotations allowed in the client unsed by
the test workflow (#377)
Versioned root metadata file is now created by the signing event (#352)
Fixes
TUF key ids are now updated only when the repository is successfully
imported (#358)
Relative links in published TUF repository state are now correct
(#354)
v0.10.0
Release includes several new features. It also fixes an issue with TUF keyids,
see issue #292 (note that existing keyids are not automatically made compliant:
tuf-on-ci-delegate --force-compliant-keyids can be used in a signing event to
make that happen).
GitHub workflows require no changes (but you may want to add a
.github/TUF_ON_CI_TEMPLATE/failure.md file, see below).
Changes
Artifact directories can now be up to 5 levels deep (#238)
actions: All action requirements are now version pinned (#248)
actions: .github/TUF_ON_CI_TEMPLATE/failure.md can now be used to
define custom content for workflow failure issues (#270)
build-repository action: A human readable repository description
is generated in index.html in the published metadata dir (#313)
Fixes
signer: keyid generation was fixed to be specification compliant (#294)
A feature was added to fix noncompliant keyids in repositories
where they non-compliant keyids already present (#338)
test-repository action: Use a better default artifact-url (#275),
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps theupdateframework/tuf-on-ci from 0.10.0 to 0.11.0.
Release notes
Sourced from theupdateframework/tuf-on-ci's releases.
Changelog
Sourced from theupdateframework/tuf-on-ci's changelog.
... (truncated)
Commits
95dc66a
Prepare for v0.11.0 release. (#379)5d19f0d
Merge pull request #378 from theupdateframework/pin-requirements/f96d04ee928ca5
repo: Update pinned requirementsb60c2a6
Merge pull request #377 from theupdateframework/more-root-rotationsb3498cf
ruff format fixes82eac6d
Lint fixesd138e3c
Increase the number of root rotations allowed during TUF refresh.65e5cf9
build(deps): bump the actions-dependencies group across 2 directories with 2 ...171aa01
build(deps): bump tox in /build in the build-dependencies group (#376)d940761
repo: Update pinned requirements (#373)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show