sonarcloud[bot]
commented
1 year ago Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
This PR contains the following updates:
v1.2.1->v1.3.0Release Notes
slsa-framework/slsa-github-generator
### [`v1.3.0`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.3.0) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.2.2...v1.3.0) 🚨⚠️ **This is a pre-release that is currently being tested and is subject to change. Please do not upgrade.** ⚠️🚨 #### What's Changed This release is the first Generally Available version of the [generic container workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows. This release includes a couple of bug fixes. 1. Allow users of the [generic generator workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance using for artifacts created in a project subdirectory ([#1225](https://togithub.com/slsa-framework/slsa-github-generator/issues/1225)) 2. Allow environment variables to contain '=' characters in the [Go workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) ([#1231](https://togithub.com/slsa-framework/slsa-github-generator/issues/1231)) #### New Contributors - [@cfergeau](https://togithub.com/cfergeau) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - [@DanAlbert](https://togithub.com/DanAlbert) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) #### Full Changelog - Update references to main after v1.2.2 release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1228](https://togithub.com/slsa-framework/slsa-github-generator/pull/1228) - \[generic] fix attestation file creation when subject names are in subdirectories by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1226](https://togithub.com/slsa-framework/slsa-github-generator/pull/1226) - Update docs to use v1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1229](https://togithub.com/slsa-framework/slsa-github-generator/pull/1229) - Update RELEASE docs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1227](https://togithub.com/slsa-framework/slsa-github-generator/pull/1227) - chore(deps): update npm dev to v5.43.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1230](https://togithub.com/slsa-framework/slsa-github-generator/pull/1230) - builder: go: Allow equal signs in env vars by [@cfergeau](https://togithub.com/cfergeau) in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - Ko example by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/951](https://togithub.com/slsa-framework/slsa-github-generator/pull/951) - docs(generic-generator): clarify that created provenance is encapsulated by [@diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/slsa-framework/slsa-github-generator/pull/1235](https://togithub.com/slsa-framework/slsa-github-generator/pull/1235) - Fix semver regex in actions pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1233](https://togithub.com/slsa-framework/slsa-github-generator/pull/1233) - Fix typo in doc. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) - Fix reference Gradle workflow. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1240](https://togithub.com/slsa-framework/slsa-github-generator/pull/1240) ### [`v1.2.2`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.2.2) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.2.1...v1.2.2) #### What's Changed This release fixes issues with signing provenance due to a change in Sigstore TUF root certificates ([#1163](https://togithub.com/slsa-framework/slsa-github-generator/issues/1163)). This release also includes better handling of transient errors from the Rekor transparency logs. #### New Contributors - [@suzuki-shunsuke](https://togithub.com/suzuki-shunsuke) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1061](https://togithub.com/slsa-framework/slsa-github-generator/pull/1061) - [@datosh](https://togithub.com/datosh) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1074](https://togithub.com/slsa-framework/slsa-github-generator/pull/1074) - [@pnacht](https://togithub.com/pnacht) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1187](https://togithub.com/slsa-framework/slsa-github-generator/pull/1187) - [@dongheelee92](https://togithub.com/dongheelee92) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1209](https://togithub.com/slsa-framework/slsa-github-generator/pull/1209) #### Full Changelog - fix: use GITHUB_OUTPUT instead of deprecated set-output command by [@suzuki-shunsuke](https://togithub.com/suzuki-shunsuke) in [https://github.com/slsa-framework/slsa-github-generator/pull/1061](https://togithub.com/slsa-framework/slsa-github-generator/pull/1061) - Fix reference to generic generator by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1063](https://togithub.com/slsa-framework/slsa-github-generator/pull/1063) - Add presumbit checks for internal actions by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1067](https://togithub.com/slsa-framework/slsa-github-generator/pull/1067) - chore(deps): update gcr.io/distroless/static docker digest to [`cb0f703`](https://togithub.com/slsa-framework/slsa-github-generator/commit/cb0f703) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1062](https://togithub.com/slsa-framework/slsa-github-generator/pull/1062) - Add ref to checkout-node action by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1071](https://togithub.com/slsa-framework/slsa-github-generator/pull/1071) - Document renovate exception for tags over digest. by [@datosh](https://togithub.com/datosh) in [https://github.com/slsa-framework/slsa-github-generator/pull/1074](https://togithub.com/slsa-framework/slsa-github-generator/pull/1074) - ci: exclude codeql on yaml by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1008](https://togithub.com/slsa-framework/slsa-github-generator/pull/1008) - Update CodeQL workflow by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1081](https://togithub.com/slsa-framework/slsa-github-generator/pull/1081) - Remove ref for internal action calls by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1075](https://togithub.com/slsa-framework/slsa-github-generator/pull/1075) - Update link to container generator workflow by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1079](https://togithub.com/slsa-framework/slsa-github-generator/pull/1079) - Add doc on sigstore policy-controller by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/946](https://togithub.com/slsa-framework/slsa-github-generator/pull/946) - Enable CodeQL scanning for Javascript by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1078](https://togithub.com/slsa-framework/slsa-github-generator/pull/1078) - bug: fix path in action by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1085](https://togithub.com/slsa-framework/slsa-github-generator/pull/1085) - bug: additional fixes for ref removal by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1083](https://togithub.com/slsa-framework/slsa-github-generator/pull/1083) - fix: grep in secure download action by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1087](https://togithub.com/slsa-framework/slsa-github-generator/pull/1087) - fix: workingDir by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1107](https://togithub.com/slsa-framework/slsa-github-generator/pull/1107) - fix: workingDir by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1109](https://togithub.com/slsa-framework/slsa-github-generator/pull/1109) - feat: update ref by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1086](https://togithub.com/slsa-framework/slsa-github-generator/pull/1086) - doc: add tag pinning documentation in each builder README by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1106](https://togithub.com/slsa-framework/slsa-github-generator/pull/1106) - docs: update release.md for generating verifier e2e tests by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1108](https://togithub.com/slsa-framework/slsa-github-generator/pull/1108) - fix: use GITHUB_OUTPUT instead of deprecated set-output command by [@suzuki-shunsuke](https://togithub.com/suzuki-shunsuke) in [https://github.com/slsa-framework/slsa-github-generator/pull/1066](https://togithub.com/slsa-framework/slsa-github-generator/pull/1066) - fix: checkout uses the wrong repository by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1113](https://togithub.com/slsa-framework/slsa-github-generator/pull/1113) - fix(deps): update module github.com/in-toto/in-toto-golang to v0.4.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/987](https://togithub.com/slsa-framework/slsa-github-generator/pull/987) - chore(deps): update github-actions to v3 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1059](https://togithub.com/slsa-framework/slsa-github-generator/pull/1059) - feat: improve refs by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1126](https://togithub.com/slsa-framework/slsa-github-generator/pull/1126) - Fix privacy-check checkout by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1160](https://togithub.com/slsa-framework/slsa-github-generator/pull/1160) - Update Rekor to v1.0.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1121](https://togithub.com/slsa-framework/slsa-github-generator/pull/1121) - Update Rekor client by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1162](https://togithub.com/slsa-framework/slsa-github-generator/pull/1162) - Add documentation for private-repository input by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1165](https://togithub.com/slsa-framework/slsa-github-generator/pull/1165) - Temporarily disable pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1171](https://togithub.com/slsa-framework/slsa-github-generator/pull/1171) - re-enable pre-submits by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1161](https://togithub.com/slsa-framework/slsa-github-generator/pull/1161) - fix(deps): update module github.com/sigstore/sigstore to v1.4.5 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1123](https://togithub.com/slsa-framework/slsa-github-generator/pull/1123) - fix(deps): update module github.com/in-toto/in-toto-golang to v0.5.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1122](https://togithub.com/slsa-framework/slsa-github-generator/pull/1122) - chore(deps): update dependency eslint to v8.26.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1115](https://togithub.com/slsa-framework/slsa-github-generator/pull/1115) - fix(deps): update module github.com/slsa-framework/slsa-github-generator to v1.2.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1114](https://togithub.com/slsa-framework/slsa-github-generator/pull/1114) - fix(deps): update module github.com/spf13/cobra to v1.6.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1058](https://togithub.com/slsa-framework/slsa-github-generator/pull/1058) - fix(deps): update module github.com/sigstore/cosign to v1.13.1 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1057](https://togithub.com/slsa-framework/slsa-github-generator/pull/1057) - chore(deps): update typescript-eslint monorepo to v5.41.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1056](https://togithub.com/slsa-framework/slsa-github-generator/pull/1056) - chore(deps): update dependency eslint-plugin-github to v4.4.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1055](https://togithub.com/slsa-framework/slsa-github-generator/pull/1055) - chore(deps): update dependency [@types/node](https://togithub.com/types/node) to v16.18.2 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1054](https://togithub.com/slsa-framework/slsa-github-generator/pull/1054) - chore(deps): update dependency [@types/node](https://togithub.com/types/node) to v18 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1179](https://togithub.com/slsa-framework/slsa-github-generator/pull/1179) - chore(deps): update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/864](https://togithub.com/slsa-framework/slsa-github-generator/pull/864) - verifier: update verifier version to v1.3.2 by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1184](https://togithub.com/slsa-framework/slsa-github-generator/pull/1184) - Add known issues to docs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1170](https://togithub.com/slsa-framework/slsa-github-generator/pull/1170) - 📖 Bump version tag in examples by [@pnacht](https://togithub.com/pnacht) in [https://github.com/slsa-framework/slsa-github-generator/pull/1187](https://togithub.com/slsa-framework/slsa-github-generator/pull/1187) - Container build type by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1176](https://togithub.com/slsa-framework/slsa-github-generator/pull/1176) - Group updates for renovate by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1185](https://togithub.com/slsa-framework/slsa-github-generator/pull/1185) - Add CONTRIBUTING.md by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1080](https://togithub.com/slsa-framework/slsa-github-generator/pull/1080) - feat: add commands to nodejs builder by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1189](https://togithub.com/slsa-framework/slsa-github-generator/pull/1189) - cleanup: remove more set-outputs by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1194](https://togithub.com/slsa-framework/slsa-github-generator/pull/1194) - chore(deps): update npm dev by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1203](https://togithub.com/slsa-framework/slsa-github-generator/pull/1203) - chore(deps): update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1202](https://togithub.com/slsa-framework/slsa-github-generator/pull/1202) - chore(deps): update gcr.io/distroless/static docker digest to [`5759d19`](https://togithub.com/slsa-framework/slsa-github-generator/commit/5759d19) by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1201](https://togithub.com/slsa-framework/slsa-github-generator/pull/1201) - feat: npm builder updates by [@laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/slsa-framework/slsa-github-generator/pull/1206](https://togithub.com/slsa-framework/slsa-github-generator/pull/1206) - chore(deps): update dependency eslint to v8.27.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1208](https://togithub.com/slsa-framework/slsa-github-generator/pull/1208) - \[doc] Add example for Python by [@dongheelee92](https://togithub.com/dongheelee92) in [https://github.com/slsa-framework/slsa-github-generator/pull/1209](https://togithub.com/slsa-framework/slsa-github-generator/pull/1209) - \[doc] update TOC(Table Of Content) for python example by [@dongheelee92](https://togithub.com/dongheelee92) in [https://github.com/slsa-framework/slsa-github-generator/pull/1213](https://togithub.com/slsa-framework/slsa-github-generator/pull/1213) - Fix PR description check for releases by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1211](https://togithub.com/slsa-framework/slsa-github-generator/pull/1211) - release: fix release tag reference by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1215](https://togithub.com/slsa-framework/slsa-github-generator/pull/1215) - Update release instructions by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1212](https://togithub.com/slsa-framework/slsa-github-generator/pull/1212) - Update release tag for v1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1210](https://togithub.com/slsa-framework/slsa-github-generator/pull/1210) - Revert "Update release tag for v1.2.2 ([#1210](https://togithub.com/slsa-framework/slsa-github-generator/issues/1210))" by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1220](https://togithub.com/slsa-framework/slsa-github-generator/pull/1220) - Fix builder-fetch.sh path by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1221](https://togithub.com/slsa-framework/slsa-github-generator/pull/1221) - Update refs for release 1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1222](https://togithub.com/slsa-framework/slsa-github-generator/pull/1222)Configuration
📅 Schedule: Branch creation - "every weekend" in timezone Europe/Prague, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.