inputs now allows recursive globbing with **
(#106)
Removed
The following settings have been removed: fulcio-url, rekor-url,
ctfe, rekor-root-pubkey
(#140)
The following output settings have been removed: signature,
certificate, bundle
(#146)
Changed
inputs is now parsed according to POSIX shell lexing rules, improving
the action's consistency when used with filenames containing whitespace
or other significant characters
(#104)
inputs is now optional ifrelease-signing-artifacts is true
and the action's event is a release event. In this case, the action
takes no explicit inputs, but signs the source archives already attached
to the associated release
(#110)
The default suffix has changed from .sigstore to .sigstore.json,
per Sigstore's client specification
(#140)
release-signing-artifacts now defaults to true
(#142)
Fixed
The release-signing-artifacts setting no longer causes a hard error
when used under the incorrect event
(#103)
Various deprecations present in sigstore-python's 2.x series have been
resolved
(#140)
This workflow now supports CI runners that use PEP 668 to constrain global
package prefixes
(#145)
inputs now allows recursive globbing with **
(#106)
Removed
The following settings have been removed: fulcio-url, rekor-url,
ctfe, rekor-root-pubkey
(#140)
The following output settings have been removed: signature,
certificate, bundle
(#146)
Changed
inputs is now parsed according to POSIX shell lexing rules, improving
the action's consistency when used with filenames containing whitespace
or other significant characters
(#104)
inputs is now optional ifrelease-signing-artifacts is true
and the action's event is a release event. In this case, the action
takes no explicit inputs, but signs the source archives already attached
to the associated release
(#110)
The default suffix has changed from .sigstore to .sigstore.json,
per Sigstore's client specification
(#140)
release-signing-artifacts now defaults to true
(#142)
Fixed
The release-signing-artifacts setting no longer causes a hard error
when used under the incorrect event
(#103)
Various deprecations present in sigstore-python's 2.x series have been
resolved
(#140)
This workflow now supports CI runners that use PEP 668 to constrain global
package prefixes
(#145)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0.
Release notes
Sourced from sigstore/gh-action-sigstore-python's releases.
... (truncated)
Changelog
Sourced from sigstore/gh-action-sigstore-python's changelog.
... (truncated)
Commits
f514d46Prep 3.0.0 (#143)da238adCleanup workflows (#148)551a497action: remove old output settings (#146)16fbe9aaction: fliprelease-signing-artifacts(#142)1ddeb82action: use a venv to prevent PEP 668 errors (#145)9466100requirements: sigstore ~3.0 (#140)26de745schedule-selftest: reduce nagging (#134)4dde77fbuild(deps): bump the actions group with 1 update (#111)08a568cAllow empty inputs with release artifacts (#110)8579d48build(deps): bump the actions group with 1 update (#107)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show