search

sigstore / root-signing-staging

Staging TUF repository for Sigstore trust root
https://tuf-repo-cdn.sigstage.dev/
Apache License 2.0
3 stars 6 forks source link

build(deps): bump theupdateframework/tuf-on-ci from 0.5.0 to 0.6.0 #50

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps theupdateframework/tuf-on-ci from 0.5.0 to 0.6.0.

Release notes

Sourced from theupdateframework/tuf-on-ci's releases.

v0.6.0

NOTE: please see upgrade instructions below.

Changes

  • Signing events now happen in GitHub pull requests
  • Signer now probes for PKCS11 module: configuring that is no longer required, as long as as the module is in one of the expected locations.

Upgrade instructions

  • As usual we recommend copying your workflows from https://github.com/theupdateframework/tuf-on-ci-template/.
    • signing event action no longer needs issues: write permission but instead requires pull-requests: write
  • Custom token users need to create a new token with an additional permission Pull requests: write
  • Settings->Actions->General->Allow GitHub Actions to create and approve pull requests needs to be enabled in repository settings (not required if a custom token is used)
Changelog

Sourced from theupdateframework/tuf-on-ci's changelog.

Changelog

Unreleased

v0.6.0

NOTE: please see upgrade instructions below.

Changes

  • Signing events now happen in GitHub pull requests
  • Signer now probes for PKCS11 module: configuring that is no longer required, as long as as the module is in one of the expected locations.

Upgrade instructions

  • As usual we recommend copying your workflows from https://github.com/theupdateframework/tuf-on-ci-template/.
    • signing event action no longer needs issues: write permission but instead requires pull-requests: write
  • Custom token users need to create a new token with an additional permission Pull requests: write
  • Settings->Actions->General->Allow GitHub Actions to create and approve pull requests needs to be enabled in repository settings (not required if a custom token is used)

v0.5.0

NOTE: Do not accept a dependabot upgrade, please see upgrade instructions.

This release contains improved failure handling and testing.

Changes

  • New action test-repository: This new action enables smoke testing every published repository with a TUF client.
  • New action update-issue: This action enables automated filing of issues when a TUF-on-CI workflow fails

Upgrade instructions

As usual we recommend copying your workflows from https://github.com/theupdateframework/tuf-on-ci-template/ as there are a number of changes, including a new reusable workflow.

v0.4.0

NOTE: This is a major Actions API break, users should not just upgrade the action versions but should instead update their workflows based on the ones from

... (truncated)

Commits
  • 38e31ce Merge pull request #191 from jku/release-v0.6.0
  • 559a41f Release version bump for 0.6.0
  • 4873e28 Merge pull request #190 from jku/probe-pkcs-module
  • a30ae35 Merge pull request #189 from jku/improve-pr-docs
  • 65e049f signer: Try to guess where libykcs11 could be
  • a894bf5 docs: clarify the security settings
  • 19b7a4f Update docs on PR permissions
  • ae7c084 Merge pull request #186 from jku/use-prs
  • a5b256b signing event: Address review comments
  • 967574f docs: Update changelog
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
jku commented 7 months ago

Settings->Actions->General->Allow GitHub Actions to create and approve pull requests needs to be enabled in repository settings (not required if a custom token is used)

I suggest we merge this PR and then confirm the above comment by starting a signing event we don't intend to actually sign: I just want to see if the PR opening works with custom token without this setting enabled)

kommendorkapten commented 7 months ago

I suggest we merge this PR and then confirm the above comment by starting a signing event we don't intend to actually sign: I just want to see if the PR opening works with custom token without this setting enabled)

Agreed.