slsa-framework/slsa-github-generator
### [`v1.4.0`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.4.0)
[Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.3.0...v1.4.0)
#### What's Changed
π₯³ This release is the first Generally Available version of the [Container Generator workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The Container Generator workflow is now considered stable and can be included in your production GitHub Actions workflows π₯³
π This is also the first release (technically the second) with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!! π
We hope to have fewer issues with sigstore infrastructure moving forward.
##### Generic Generator
##### Bug fixes
1. Allow users of the [Generic Generator](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance for artifacts created in a project subdirectory ([#1225](https://togithub.com/slsa-framework/slsa-github-generator/issues/1225))
##### Go Builder
##### Bug fixes
1. Allow environment variables to contain '=' characters in the [Go builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) ([#1231](https://togithub.com/slsa-framework/slsa-github-generator/issues/1231))
#### New Contributors
- [@cfergeau](https://togithub.com/cfergeau) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232)
- [@DanAlbert](https://togithub.com/DanAlbert) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239)
- [@gal-legit](https://togithub.com/gal-legit) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1252](https://togithub.com/slsa-framework/slsa-github-generator/pull/1252)
#### Full Changelog
- Update references to main after v1.2.2 release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1228](https://togithub.com/slsa-framework/slsa-github-generator/pull/1228)
- \[generic] fix attestation file creation when subject names are in subdirectories by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1226](https://togithub.com/slsa-framework/slsa-github-generator/pull/1226)
- Update docs to use v1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1229](https://togithub.com/slsa-framework/slsa-github-generator/pull/1229)
- Update RELEASE docs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1227](https://togithub.com/slsa-framework/slsa-github-generator/pull/1227)
- chore(deps): update npm dev to v5.43.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1230](https://togithub.com/slsa-framework/slsa-github-generator/pull/1230)
- builder: go: Allow equal signs in env vars by [@cfergeau](https://togithub.com/cfergeau) in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232)
- Ko example by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/951](https://togithub.com/slsa-framework/slsa-github-generator/pull/951)
- docs(generic-generator): clarify that created provenance is encapsulated by [@diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/slsa-framework/slsa-github-generator/pull/1235](https://togithub.com/slsa-framework/slsa-github-generator/pull/1235)
- Fix semver regex in actions pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1233](https://togithub.com/slsa-framework/slsa-github-generator/pull/1233)
- Fix typo in doc. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239)
- Fix reference Gradle workflow. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1240](https://togithub.com/slsa-framework/slsa-github-generator/pull/1240)
- Start code freeze for v1.3.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1248](https://togithub.com/slsa-framework/slsa-github-generator/pull/1248)
- Undo the v1.3.0 freeze by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1260](https://togithub.com/slsa-framework/slsa-github-generator/pull/1260)
- Badges and README updates by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1263](https://togithub.com/slsa-framework/slsa-github-generator/pull/1263)
- Fix docs for goreleaser with the generic generator to include docker di⦠by [@gal-legit](https://togithub.com/gal-legit) in [https://github.com/slsa-framework/slsa-github-generator/pull/1252](https://togithub.com/slsa-framework/slsa-github-generator/pull/1252)
- Fix grep by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1249](https://togithub.com/slsa-framework/slsa-github-generator/pull/1249)
- Exclude go from renovate PR grouping by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1268](https://togithub.com/slsa-framework/slsa-github-generator/pull/1268)
- chore(deps): update npm dev by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1243](https://togithub.com/slsa-framework/slsa-github-generator/pull/1243)
- Fix permissions in doc by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1247](https://togithub.com/slsa-framework/slsa-github-generator/pull/1247)
- chore(deps): update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1242](https://togithub.com/slsa-framework/slsa-github-generator/pull/1242)
- Update GHA token permissions for generic container workflow by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1258](https://togithub.com/slsa-framework/slsa-github-generator/pull/1258)
- fix(deps): update go by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1205](https://togithub.com/slsa-framework/slsa-github-generator/pull/1205)
- Update references check to support pre-release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1270](https://togithub.com/slsa-framework/slsa-github-generator/pull/1270)
- Restore compile-builder pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1272](https://togithub.com/slsa-framework/slsa-github-generator/pull/1272)
- Code freeze v1.4.0 rc.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1271](https://togithub.com/slsa-framework/slsa-github-generator/pull/1271)
- undo freeze by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1284](https://togithub.com/slsa-framework/slsa-github-generator/pull/1284)
- Revert package perms by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1283](https://togithub.com/slsa-framework/slsa-github-generator/pull/1283)
- Code freeze for v1.4.0-rc.1 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1285](https://togithub.com/slsa-framework/slsa-github-generator/pull/1285)
- Undo freeze for v1.4.0-rc.1 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1288](https://togithub.com/slsa-framework/slsa-github-generator/pull/1288)
- Update generate-builder tag check to support pre-releases by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1287](https://togithub.com/slsa-framework/slsa-github-generator/pull/1287)
- refactor: Update refs to v1.4.0-rc.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1290](https://togithub.com/slsa-framework/slsa-github-generator/pull/1290)
Configuration
π Schedule: Branch creation - "every weekend" in timezone Europe/Prague, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v1.3.0
->v1.4.0
Release Notes
slsa-framework/slsa-github-generator
### [`v1.4.0`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.4.0) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.3.0...v1.4.0) #### What's Changed π₯³ This release is the first Generally Available version of the [Container Generator workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The Container Generator workflow is now considered stable and can be included in your production GitHub Actions workflows π₯³ π This is also the first release (technically the second) with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!! π We hope to have fewer issues with sigstore infrastructure moving forward. ##### Generic Generator ##### Bug fixes 1. Allow users of the [Generic Generator](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance for artifacts created in a project subdirectory ([#1225](https://togithub.com/slsa-framework/slsa-github-generator/issues/1225)) ##### Go Builder ##### Bug fixes 1. Allow environment variables to contain '=' characters in the [Go builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) ([#1231](https://togithub.com/slsa-framework/slsa-github-generator/issues/1231)) #### New Contributors - [@cfergeau](https://togithub.com/cfergeau) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - [@DanAlbert](https://togithub.com/DanAlbert) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) - [@gal-legit](https://togithub.com/gal-legit) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1252](https://togithub.com/slsa-framework/slsa-github-generator/pull/1252) #### Full Changelog - Update references to main after v1.2.2 release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1228](https://togithub.com/slsa-framework/slsa-github-generator/pull/1228) - \[generic] fix attestation file creation when subject names are in subdirectories by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1226](https://togithub.com/slsa-framework/slsa-github-generator/pull/1226) - Update docs to use v1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1229](https://togithub.com/slsa-framework/slsa-github-generator/pull/1229) - Update RELEASE docs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1227](https://togithub.com/slsa-framework/slsa-github-generator/pull/1227) - chore(deps): update npm dev to v5.43.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1230](https://togithub.com/slsa-framework/slsa-github-generator/pull/1230) - builder: go: Allow equal signs in env vars by [@cfergeau](https://togithub.com/cfergeau) in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - Ko example by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/951](https://togithub.com/slsa-framework/slsa-github-generator/pull/951) - docs(generic-generator): clarify that created provenance is encapsulated by [@diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/slsa-framework/slsa-github-generator/pull/1235](https://togithub.com/slsa-framework/slsa-github-generator/pull/1235) - Fix semver regex in actions pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1233](https://togithub.com/slsa-framework/slsa-github-generator/pull/1233) - Fix typo in doc. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) - Fix reference Gradle workflow. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1240](https://togithub.com/slsa-framework/slsa-github-generator/pull/1240) - Start code freeze for v1.3.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1248](https://togithub.com/slsa-framework/slsa-github-generator/pull/1248) - Undo the v1.3.0 freeze by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1260](https://togithub.com/slsa-framework/slsa-github-generator/pull/1260) - Badges and README updates by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1263](https://togithub.com/slsa-framework/slsa-github-generator/pull/1263) - Fix docs for goreleaser with the generic generator to include docker diβ¦ by [@gal-legit](https://togithub.com/gal-legit) in [https://github.com/slsa-framework/slsa-github-generator/pull/1252](https://togithub.com/slsa-framework/slsa-github-generator/pull/1252) - Fix grep by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1249](https://togithub.com/slsa-framework/slsa-github-generator/pull/1249) - Exclude go from renovate PR grouping by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1268](https://togithub.com/slsa-framework/slsa-github-generator/pull/1268) - chore(deps): update npm dev by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1243](https://togithub.com/slsa-framework/slsa-github-generator/pull/1243) - Fix permissions in doc by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1247](https://togithub.com/slsa-framework/slsa-github-generator/pull/1247) - chore(deps): update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1242](https://togithub.com/slsa-framework/slsa-github-generator/pull/1242) - Update GHA token permissions for generic container workflow by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1258](https://togithub.com/slsa-framework/slsa-github-generator/pull/1258) - fix(deps): update go by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1205](https://togithub.com/slsa-framework/slsa-github-generator/pull/1205) - Update references check to support pre-release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1270](https://togithub.com/slsa-framework/slsa-github-generator/pull/1270) - Restore compile-builder pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1272](https://togithub.com/slsa-framework/slsa-github-generator/pull/1272) - Code freeze v1.4.0 rc.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1271](https://togithub.com/slsa-framework/slsa-github-generator/pull/1271) - undo freeze by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1284](https://togithub.com/slsa-framework/slsa-github-generator/pull/1284) - Revert package perms by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1283](https://togithub.com/slsa-framework/slsa-github-generator/pull/1283) - Code freeze for v1.4.0-rc.1 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1285](https://togithub.com/slsa-framework/slsa-github-generator/pull/1285) - Undo freeze for v1.4.0-rc.1 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1288](https://togithub.com/slsa-framework/slsa-github-generator/pull/1288) - Update generate-builder tag check to support pre-releases by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1287](https://togithub.com/slsa-framework/slsa-github-generator/pull/1287) - refactor: Update refs to v1.4.0-rc.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1290](https://togithub.com/slsa-framework/slsa-github-generator/pull/1290)Configuration
π Schedule: Branch creation - "every weekend" in timezone Europe/Prague, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.