Accept usernames without @ in .tuf-on-ci-sign.ini (#415)
Add workaround for Sigstore root-signing migration (#422)
Dependency updates
v0.12.0
In addition to dependency updates, this release contains one new (experimental) repository
feature: Online signed targets. Updating to this version does not require any changes to
GitHub workflow files.
The Online signed targets feature (#75) currently has some significant limitations
and may be changed in the future, see DELEGATION-MANUAL.md for details.
v0.11.0
This release contains bug fixes, stability fixes and dependency
updates.
Updating to this version does not require any changes to GitHub
workflow files.
Changes
Increased the number of root rotations allowed in the client unsed by
the test workflow (#377)
Versioned root metadata file is now created by the signing event (#352)
Fixes
TUF key ids are now updated only when the repository is successfully
imported (#358)
Relative links in published TUF repository state are now correct
(#354)
v0.10.0
Release includes several new features. It also fixes an issue with TUF keyids,
see issue #292 (note that existing keyids are not automatically made compliant:
tuf-on-ci-delegate --force-compliant-keyids can be used in a signing event to
make that happen).
GitHub workflows require no changes (but you may want to add a
.github/TUF_ON_CI_TEMPLATE/failure.md file, see below).
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps theupdateframework/tuf-on-ci from 0.12.0 to 0.13.0.
Release notes
Sourced from theupdateframework/tuf-on-ci's releases.
Changelog
Sourced from theupdateframework/tuf-on-ci's changelog.
... (truncated)
Commits
27c49c0
Release v0.13 (#425)1d84d25
repo: Add workaround for sigstore KMS keyid (#423)317efea
signer: Accept username without @ in config file (#416)91b0eec
build(deps): bump google-github-actions/auth (#412)a100754
repo: Update pinned requirements (#410)f7b5e73
repo: Update pinned requirements (#403)15a5f4b
build(deps): bump tox in /build in the build-dependencies group (#406)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show