NOTE: This is a major API break, users should not just upgrade the action versions but
should replace their publish.yml workflow with the new workflow from tuf-on-ci-template.
Upgrade instructions from v0.2.0:
When the Dependabot PR is created, update the PR to include the
updated publish.yml from tuf-on-ci-template repository. Then the
PR can be approved and merged without breaking any workflows.
NOTE: This is a major API break, users should not just upgrade the action versions but
should replace their publish.yml workflow with the new workflow from tuf-on-ci-template.
Bugix: When publish after online signing, in very rare conditions
the wrong version could be published due to a race condition (#127)
Upgrade instructions from v0.2.0:
When the Dependabot PR is created, update the PR to include the
updated publish.yml from tuf-on-ci-template repository. Then the
PR can be approved and merged without breaking any workflows.
Thanks to Jonny Stoten, a new contributor
v0.2.0
GitHub actions now output step summaries: these are visible in workflow
run pages on Github (#96)
Improved output in signing event status comments (#101)
Fixed online signing with ambient Sigstore identity, which broke in 0.1.0
(#118)
Upgrade instructions from v0.1.0:
Dependabot version bump can be accepted as is
v0.1.0
NOTE: This is a major API break, users should not just upgrade the action versions but
should replace their workflows with new workflows from tuf-on-ci-template.
Release contains:
Major refactoring of actions: New actions are more logical and enable separating
publishing fron online signing. The repository now contains a new branch "publish"
that always points to the newest publishable repository version
Improved Sigstore signer registration flow
Bug fixes
Upgrade instructions:
Remove your existing tuf-on-ci workflows and replace them with the ones
from current tuf-on-ci-template.
In Settings->Environments->github-pages change deployment branch from main to
publish
If you use the experimental sigstore online signing: After updating run
tuf-on-ci-delegate sign/update-online-key timestamp re-select sigstore as the signing
system: This creates a new signing event that is required for online signing to work.
... (truncated)
Commits
d5496b4 Merge pull request #134 from kommendorkapten/release/v0.3.0
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps theupdateframework/tuf-on-ci from 0.2.0 to 0.3.0.
Release notes
Sourced from theupdateframework/tuf-on-ci's releases.
Changelog
Sourced from theupdateframework/tuf-on-ci's changelog.
... (truncated)
Commits
d5496b4
Merge pull request #134 from kommendorkapten/release/v0.3.07ee6ee7
Updated version for published packages6754f5a
Added changelog for v0.3.0 release2c59d61
Merge pull request #120 from jonnystoten/aws-kmsdf797d1
Merge pull request #127 from kommendorkapten/verify-refe86a3e7
Merge pull request #133 from theupdateframework/dependabot/github_actions/act...f2acb71
build(deps): bump google-github-actions/auth in /actions/online-sign9319dd8
Merge pull request #129 from theupdateframework/dependabot/github_actions/act...05d484c
Merge pull request #130 from theupdateframework/dependabot/github_actions/act...da0ad2d
Merge pull request #131 from theupdateframework/dependabot/github_actions/act...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show