chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 #104
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v3.2.0...v3.3.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
bsherman
deleted the
dependabot/github_actions/sigstore/cosign-installer-3.3.0
branch
bpbeatty
added a commit
to bpbeatty/ucore
that referenced
this pull request
Jan 25, 2024
* fix: enable ublue-nvctk-cdi by default for nvidia images (ublue-os#103) * fix: run depmod after installing ZFS RPMs With zfs 2.1.x, depmod ran automatically. Though unclear why, it no longer seems to occur when installing zfs 2.2.x RPMs in a container build (it does still work automatically on a non image-based Fedora system). Manually running depmod, as in this commit, ensures the 2.2.x kmods load as expected. * docs: reflect zfs 2.2 change * chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (ublue-os#104) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add package with secure boot public signing key Add the new package from `ucore-kmods` which includes the signing key. This enables a user to import the signing key as a MOK using: sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der Closes ublue-os#82 * docs: add SecureBoot info to README * docs: update SecureBoot to include zfs Relates: ublue-os#16 * feat: enable signed images These files should enable rpm-ostreed/container tooling to validate signed images when using appropriate references. It will require signed images for ghcr.io/ublue-os images. Relates: ublue-os#101 * chore(ci): resume use of latest tag for stable image I intentionally stopped publishing a `:latest` tag back on April 1st. It was not intended to be an April Fool's joke, but rather a cleanup to best practices of not using that tag. However, the old images did not expire, so the old `:latest` continues to exist, confusing both users and our website's image discovery code. I suppose it turned out to be a long lived April Fool's joke after all! This resumes the publishing of the tag, ensuring it matches the `:stable` tag, and only on the `ucore` image. There will be no `:latest` for nvidia, zfs or testing images, nor `fedora-coreos` or `ucore-hci`. * chore(ci): bash variables only work when using proper braces * chore(ci): move to reusable workflow (ublue-os#114) Convert to a reusable workflow such that stable and testing builds can happen on separate schedules and so that stable builds are all that gate merge success, allowing testing to be more unstable. * chore(ci): use Containerfile targets for ucore-hci (ublue-os#115) This should allow faster overall builds of ucore and ucore-hci by building in parallel, and removes the need to publish ucore to GHCR even for PRs just to allow ucore-hci to build successfully. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Benjamin Sherman <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bpbeatty
added a commit
to bpbeatty/ucore
that referenced
this pull request
Jan 25, 2024
* fix: enable ublue-nvctk-cdi by default for nvidia images (ublue-os#103) * fix: run depmod after installing ZFS RPMs With zfs 2.1.x, depmod ran automatically. Though unclear why, it no longer seems to occur when installing zfs 2.2.x RPMs in a container build (it does still work automatically on a non image-based Fedora system). Manually running depmod, as in this commit, ensures the 2.2.x kmods load as expected. * docs: reflect zfs 2.2 change * chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (ublue-os#104) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add package with secure boot public signing key Add the new package from `ucore-kmods` which includes the signing key. This enables a user to import the signing key as a MOK using: sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der Closes ublue-os#82 * docs: add SecureBoot info to README * docs: update SecureBoot to include zfs Relates: ublue-os#16 * feat: enable signed images These files should enable rpm-ostreed/container tooling to validate signed images when using appropriate references. It will require signed images for ghcr.io/ublue-os images. Relates: ublue-os#101 * chore(ci): resume use of latest tag for stable image I intentionally stopped publishing a `:latest` tag back on April 1st. It was not intended to be an April Fool's joke, but rather a cleanup to best practices of not using that tag. However, the old images did not expire, so the old `:latest` continues to exist, confusing both users and our website's image discovery code. I suppose it turned out to be a long lived April Fool's joke after all! This resumes the publishing of the tag, ensuring it matches the `:stable` tag, and only on the `ucore` image. There will be no `:latest` for nvidia, zfs or testing images, nor `fedora-coreos` or `ucore-hci`. * chore(ci): bash variables only work when using proper braces * chore(ci): move to reusable workflow (ublue-os#114) Convert to a reusable workflow such that stable and testing builds can happen on separate schedules and so that stable builds are all that gate merge success, allowing testing to be more unstable. * chore(ci): use Containerfile targets for ucore-hci (ublue-os#115) This should allow faster overall builds of ucore and ucore-hci by building in parallel, and removes the need to publish ucore to GHCR even for PRs just to allow ucore-hci to build successfully. * feat: adds bpbeatty signature rpm * remove tailscale and nfs-utils * debug: remove freeipa-client --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Benjamin Sherman <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps sigstore/cosign-installer from 3.2.0 to 3.3.0.
Release notes
Sourced from sigstore/cosign-installer's releases.
Commits
9614faeupdate action to use latest cosign v2.2.2 (#153)c81cf06Bump actions/setup-go from 4.1.0 to 5.0.0 (#152)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)