Closed rsoberano-ld closed 8 months ago
rsoberano-ld
commented
8 months ago Should we consider rennovate for this?
https://github.com/slsa-framework/slsa-github-generator/blob/main/RENOVATE.md
I'm a little confused - this snippet would setup a Renovate exception to allow us to use tags for slsa-github-generator if Renovate was blocking tags in favor of digests previously, which I don't think is what is going on here(?)
kinyoklion
commented
8 months ago Should we consider rennovate for this? https://github.com/slsa-framework/slsa-github-generator/blob/main/RENOVATE.md
I'm a little confused - this snippet would setup a Renovate exception to allow us to use tags for
slsa-github-generatorif Renovate was blocking tags in favor of digests previously, which I don't think is what is going on here(?)
It is their best practice for using rennovate, we could also do it without that. It just seems reasonable to automate it.
rsoberano-ld
commented
8 months ago Should we consider rennovate for this? https://github.com/slsa-framework/slsa-github-generator/blob/main/RENOVATE.md
I'm a little confused - this snippet would setup a Renovate exception to allow us to use tags for
slsa-github-generatorif Renovate was blocking tags in favor of digests previously, which I don't think is what is going on here(?)It is their best practice for using rennovate, we could also do it without that. It just seems reasonable to automate it.
Ahh I see what you mean - I do agree having Renovate in general would be helpful here to help keep us up to date, especially when it comes to bumping up these versions across all of our SDK repos.
Provenance generation fails due to Rekor public key errors were identified as a known issue and fixed in version 1.10.0 per: https://github.com/slsa-framework/slsa-github-generator/issues/3350