In addition to dependency updates, this release contains one new (experimental) repository
feature: Online signed targets. Updating to this version does not require any changes to
GitHub workflow files.
The Online signed targets feature (#75) currently has some significant limitations
and may be changed in the future, see DELEGATION-MANUAL.md for details.
In addition to dependency updates, this release contains one new (experimental) repository
feature: Online signed targets. Updating to this version does not require any changes to
GitHub workflow files.
The Online signed targets feature (#75) currently has some significant limitations
and may be changed in the future, see DELEGATION-MANUAL.md for details.
v0.11.0
This release contains bug fixes, stability fixes and dependency
updates.
Updating to this version does not require any changes to GitHub
workflow files.
Changes
Increased the number of root rotations allowed in the client unsed by
the test workflow (#377)
Versioned root metadata file is now created by the signing event (#352)
Fixes
TUF key ids are now updated only when the repository is successfully
imported (#358)
Relative links in published TUF repository state are now correct
(#354)
v0.10.0
Release includes several new features. It also fixes an issue with TUF keyids,
see issue #292 (note that existing keyids are not automatically made compliant:
tuf-on-ci-delegate --force-compliant-keyids can be used in a signing event to
make that happen).
GitHub workflows require no changes (but you may want to add a
.github/TUF_ON_CI_TEMPLATE/failure.md file, see below).
Changes
Artifact directories can now be up to 5 levels deep (#238)
actions: All action requirements are now version pinned (#248)
actions: .github/TUF_ON_CI_TEMPLATE/failure.md can now be used to
define custom content for workflow failure issues (#270)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps theupdateframework/tuf-on-ci from 0.11.0 to 0.12.0.
Release notes
Sourced from theupdateframework/tuf-on-ci's releases.
Changelog
Sourced from theupdateframework/tuf-on-ci's changelog.
... (truncated)
Commits
89d2dadRelease v0.12.0 (#404)31b5e33repo: Update pinned requirements (#400)76cd2c3Merge pull request #384 from kommendorkapten/external-delegationsb5401e5Added documentation for how to use delegations with online keys.5d4755fCIRepository: Prevent signing unless really neededc201239reference correct step when reading outputsb871fa3run event if metadata was signed6de8115Remove unused step and add back dispatch of signing event.11710edModified online sign to not sign any online targets.73857c6Added aws and azure authz to signing event action.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show