GitHub actions now output step summaries: these are visible in workflow
run pages on Github (#96)
Improved output in signing event status comments (#101)
Fixed online signing with ambient Sigstore identity, which broke in 0.1.0
(#118)
Upgrade instructions from v0.1.0:
Dependabot version bump can be accepted as is
v0.1.0
NOTE: This is a major API break, users should not just upgrade the action versions but
should replace their workflows with new workflows from tuf-on-ci-template.
Release contains:
Major refactoring of actions: New actions are more logical and enable separating
publishing fron online signing. The repository now contains a new branch "publish"
that always points to the newest publishable repository version
Improved Sigstore signer registration flow
Bug fixes
Upgrade instructions:
Remove your existing tuf-on-ci workflows and replace them with the ones
from current tuf-on-ci-template.
In Settings->Environments->github-pages change deployment branch from main to
publish
If you use the experimental sigstore online signing: After updating run
tuf-on-ci-delegate sign/update-online-key timestamp re-select sigstore as the signing
system: This creates a new signing event that is required for online signing to work.
Thanks to contributors Radoslav Dimitrov, Meredith Lancaster and lv291.
v0.0.1
initial release of TUF-on-CI.
TUF-on-CI is a repository and signer implementation of
https://theupdateframework.io/ that runs on a Continuous Integration platform.
Features include:
Threshold signing with hardware keys and Sigstore
Automated online signing with multiple KMSs
Polished signing user experience
No custom code required
The signer is not available from PyPI in this release but will be in future releases.
... (truncated)
Commits
3491682 Merge pull request #119 from jku/release-v0.2.0
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps theupdateframework/tuf-on-ci from 0.1.0 to 0.2.0.
Release notes
Sourced from theupdateframework/tuf-on-ci's releases.
Changelog
Sourced from theupdateframework/tuf-on-ci's changelog.
... (truncated)
Commits
3491682Merge pull request #119 from jku/release-v0.2.07c8b2a7Release v0.2.0091f483Merge pull request #118 from jku/fix-online-sigstore-keys7f927ecrepo: Fix broken online sigstore signinge8e2495Merge pull request #111 from theupdateframework/dependabot/github_actions/act...b8c5f86Merge pull request #110 from theupdateframework/dependabot/github_actions/act...e61b55dMerge pull request #112 from theupdateframework/dependabot/github_actions/act...56ac4b9Merge pull request #113 from theupdateframework/dependabot/github_actions/act...408dd24build(deps): bump actions/checkout in /actions/online-signc821f9ebuild(deps): bump actions/checkout in /actions/upload-repositoryDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show