search

turbot / steampipe-plugin-github

Use SQL to instantly query repositories, users, gists and more from GitHub. Open source CLI. No DB required.
https://hub.steampipe.io/plugins/turbot/github
Apache License 2.0
74 stars 29 forks source link

Bump github.com/buildkite/go-pipeline from 0.3.1 to 0.10.0 #443

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 3 months ago

Bumps github.com/buildkite/go-pipeline from 0.3.1 to 0.10.0.

Release notes

Sourced from github.com/buildkite/go-pipeline's releases.

v0.10.0

v0.10.0 (2024-06-25)

Full Changelog

⚠️ This release has some breaking changes to the signature subpackage.

All the following functions now take as their first param a context.Context, as well as the following changes.

The signature of signature.Sign function has changed to no longer take env map[string]string but instead use signature.WithEnv(env) as an option.

-func Sign(key jwk.Key, env map[string]string, sf SignedFielder) (*pipeline.Signature, error)
+func Sign(_ context.Context, key jwk.Key, sf SignedFielder, opts ...Option) (*pipeline.Signature, error)

The signature of signature.Verify function has also changed to take signature.WithEnv(env) as an option instead of env map[string]string.

-func Verify(s *pipeline.Signature, keySet jwk.Set, env map[string]string, sf SignedFielder)
+func Verify(ctx context.Context, s *pipeline.Signature, keySet jwk.Set, sf SignedFielder, opts ...Option) error

The signature of signature.SignSteps function has also changed to take signature.WithEnv(env) as an option instead of env map[string]string.

-func SignSteps(s pipeline.Steps, key jwk.Key, env map[string]string, repoURL string)
+func SignSteps(ctx context.Context, s pipeline.Steps, key jwk.Key, repoURL string, opts ...Option) error

Added

The following were added to the signature subpackage.

func WithEnv(env map[string]string) Option
func WithLogger(logger Logger) Option
func WithDebugSigning(debugSigning bool) Option
  • WithLogger enables logging public key thumbprints when signing and verifying steps
  • WithDebugSigning will enable debugging for signing steps. When this is enabled, along with WithLogger, will log step payloads before they are signed to assist in debugging verification failures
    • This is intended for development purposes
    • During step upload using signing this will log step payloads to the jobs log which could leak secrets to those with access to your Buildkite build page ⚠️
    • During step verification at the start of all signed jobs this will log the step payloads to the agent log

Removed

-func SignPipeline(p *pipeline.Pipeline, key jwk.Key, repo string) error

Call SignSteps instead.

Changed

  • (Described above) Log public key fingerprint in debug, log step payload in signing-debug #39 (@​patrobinson)

... (truncated)

Commits
  • 5e62e6c Merge pull request #42 from buildkite/josh-cleanups
  • 81faeec Delete SignPipeline
  • 3b5a1f4 Merge pull request #41 from buildkite/josh-cleanups
  • 2e6f3cb Replace mock logger with fake logger
  • 438c05f Fix inconsistent test error messages
  • 0f70318 Flatten debug log implementation
  • 5cb116b Pass ctx idiomatically
  • 14f1de0 Merge pull request #40 from buildkite/dependabot/go_modules/github.com/lestrr...
  • d66b4ec Merge pull request #39 from buildkite/debug-signature
  • 16b9498 Revert "Dont return error for failed key thumbprint, log message instead"
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
github-actions[bot] commented 1 month ago

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

dependabot[bot] commented 1 month ago

Superseded by #451.