github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-17 14:06:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
438 Commits 40 Branches 45 Tags
f0fedec1ddea913a67c24e4e25b2b7cebcacc901
Commit Graph

53 Commits

Author SHA1 Message Date
Mend Renovate
e7a8f74b9c fix(deps): update dependency @actions/core to v1.10.1 (#717) 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[@actions/core](https://togithub.com/actions/toolkit/tree/main/packages/core)
([source](https://togithub.com/actions/toolkit/tree/HEAD/packages/core))
| [`1.10.0` ->
`1.10.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.10.0/1.10.1)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@actions%2fcore/1.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@actions%2fcore/1.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@actions%2fcore/1.10.0/1.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@actions%2fcore/1.10.0/1.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/toolkit (@&#8203;actions/core)</summary>

###
[`v1.10.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1101)

- Fix error message reference in oidc utils
[#&#8203;1511](https://togithub.com/actions/toolkit/pull/1511)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

---------

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: github-actions <github-actions@github.com>
Co-authored-by: github-actions <github-actions@github.com>
 2024-05-07 14:09:48 -04:00
Ramon Petgrave
bcc39bf21a chore(deps): update npm dev (major) (#753) 
Redo of https://github.com/slsa-framework/slsa-verifier/pull/654

- Fix dev-dependencies related to es-lint that the renovate-bot couldn't
auto-fix

- a few commas automatically added by the new linter

- use node20 for tests to avoid caompatibility warnings

```
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@typescript-eslint/parser@7.5.0',
npm WARN EBADENGINE   required: { node: '^18.18.0 || >=20.0.0' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
```

---------

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
Co-authored-by: Mend Renovate <bot@renovateapp.com>
 2024-04-02 17:44:08 -07:00
laurentsimon
b1f986788d chore: Update @actions/github v6 (#749) 
Need to re-compile
https://github.com/slsa-framework/slsa-verifier/pull/720/files

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2024-03-26 22:03:42 +00:00
laurentsimon
f315652a8c chore: Update doc and digests for v2.5.1 (#748) 
This sets the expected sha256 of the v2.5.1 slsa-verifier released
binary.

How to LGTM this PR (I'll work on a proper doc for this in
https://github.com/slsa-framework/slsa-github-generator/issues/112):

1. Download the binary and provenance from
https://github.com/slsa-framework/slsa-verifier/releases/tag/v0.0.1
2. Clone the slsa-verifier repo, compile and verify the provenance using
the steps described in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git
$ cd slsa-verifier
$ bash verify-release.sh v2.5.1
```

The output hash should be the hash I'm updating to in this PR. If they
match, LGTM. If they don't, someone tampered with the released binary
and don't LGTM

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2024-03-26 08:11:24 -07:00
laurentsimon
eb7007070b feat: Update verifier version in GHA installer (#747) 
This is part of the release tests in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#dry-run
to verify that the Action installer works.

A follow up PR will be sent prior to release to update to `v2.5.0`

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2024-03-25 14:54:53 +00:00
laurentsimon
e986dfc0ff feat: Digest for new release (#722) 
#label:release v2.4.1

How to LGTM this PR:

Ensure you have installed the GitHub client from https://cli.github.com.
If it is not installed in your `PATH`, set `export GH=/path/to/your/gh`

Set your `export GH_TOKEN=...`

Use [verify-release.sh](./verify-release.sh) script in this repository:
```
bash verify-release v2.4.1
```

Once it completes, you will see the last line `Verifying artifact
/tmp/tmp.SomeRanDOm/` and do:
```bash
sha256sum /tmp/tmp.SomeRanDOm/* | grep -v intoto
```

This will print out the hashes. Compare them to the changes in this PR

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-11-07 17:23:25 -08:00
laurentsimon
2184d9d604 chore: bump versions (#715) 
Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-10-10 00:27:33 +00:00
laurentsimon
d23c97947e chore: Update doc for v2.4.0 (#699) 
How to LGTM this PR (I'll work on a proper doc for this in
https://github.com/slsa-framework/slsa-github-generator/issues/112):

1.  Clone repo
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git 
$ cd slsa-verifier
$ bash verify-release.sh v2.4.0 # NOTE: use the file in _this_ PR.
# Note down the path to the temporary dir use. The bash script will print its first line as "INFO: using dir: /tmp/tmp.VaYi6HfbmL"
```
2. Run command below and compare to SHA256SUM.md in this PR
```
$sha256sum /tmp/tmp.VaYi6HfbmL/*
```

The output hash should be the hash I'm updating to in this PR. If they
match, LGTM. If they don't, someone tampered with the released binary
and don't LGTM

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-08-25 12:09:40 -07:00
Mend Renovate
658d91aa82 chore(deps): update npm dev (#608) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-06-12 13:47:38 +09:00
Mend Renovate
a86957c6a5 chore(deps): update dependency jasmine to v5 (#598) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-05-15 04:14:31 +00:00
Mend Renovate
ab4b6b4cc7 chore(deps): update dependency @types/node to v18.16.9 (#596) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-05-15 03:55:18 +00:00
Ian Lewis
f59b55ef21 chore: Update SHA256SUM.md for v2.3.0 (#592) 
Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-05-12 08:23:56 +09:00
Mend Renovate
c9abffe4d2 chore(deps): update npm dev (#586) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-05-10 00:48:36 +00:00
sunnyyip
030c40080b docs(gh-action): update actions installer path (#581) 
Signed-off-by: Sunny Yip <sunny@kusari.dev>
 2023-05-03 09:20:04 -07:00
Mend Renovate
5c0baa4f3e chore(deps): update npm dev (#568) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-05-01 11:03:55 +09:00
Ian Lewis
62c0dfdde9 docs: Update docs for 2.2.0 release. (#556) 
* Update SHA256SUM.md

Signed-off-by: Ian Lewis <ianlewis@google.com>

* Update version in docs

Signed-off-by: Ian Lewis <ianlewis@google.com>

---------

Signed-off-by: Ian Lewis <ianlewis@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2023-04-13 19:15:15 +00:00
Mend Renovate
623cf20a23 fix(deps): update npm (#535) 
* fix(deps): update npm

---------

Signed-off-by: Renovate Bot <bot@renovateapp.com>
Signed-off-by: Ian Lewis <ianlewis@google.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-11 13:41:24 +09:00
Mend Renovate
84c3bbdd84 chore(deps): update npm dev (#534) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-11 10:57:38 +09:00
Mend Renovate
3c5abb613f chore(deps): update dependency typescript to v5 (#545) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-11 00:08:54 +00:00
asraa
e8ce5c0204 chore: update docs for release v2.1.0 (#530) 
* chore: update docs for release v2.1.0

Signed-off-by: Asra Ali <asraa@google.com>

---------

Signed-off-by: Asra Ali <asraa@google.com>
 2023-03-17 15:07:25 +00:00
Mend Renovate
1ed3847709 chore(deps): update npm dev (#517) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-03-14 11:58:36 +09:00
laurentsimon
20b06426ff docs: update installation to cover the Action and to receive updates (#523) 
docs: update installation to cover the Action and to receive updates (#523)

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-03-10 15:46:04 -06:00
Mend Renovate
66931c71be chore(deps): update npm dev (#501) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-27 17:46:32 +09:00
Mend Renovate
f2b8ee8fff chore(deps): update npm dev (#497) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-22 10:52:04 +09:00
Mend Renovate
878947f5e8 chore(deps): update npm dev (#482) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-13 09:46:28 +00:00
Mend Renovate
53ca117e3c chore(deps): update npm dev (#466) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: asraa <asraa@google.com>
 2023-02-06 15:01:12 +00:00
Mend Renovate
3c012d278e chore(deps): update npm dev (#459) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-30 05:23:26 -08:00
Mend Renovate
fb8ab2af45 chore(deps): update npm dev (#445) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-16 05:51:13 +00:00
Mend Renovate
257c370894 chore(deps): update dependency prettier to v2.8.2 (#437) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-09 09:19:17 -06:00
Mend Renovate
71a4b4d2bb chore(deps): update npm dev (#428) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-05 02:25:41 +00:00
Mend Renovate
82cb42fb20 chore(deps): update dependency @types/node to v18.11.17 (#416) 2022-12-18 09:56:35 +09:00
Mend Renovate
a88e26b866 chore(deps): update npm dev (#415) 2022-12-17 16:04:09 +09:00
Mend Renovate
b1aad15c35 chore(deps): update npm dev (#383) 
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2022-12-16 00:41:58 +00:00
Ian Lewis
8510abc10f Add codeowners (#401) 
Signed-off-by: Ian Lewis <ianlewis@google.com>
 2022-12-14 03:05:04 +00:00
laurentsimon
53b3aebdb9 feat: scheduled tests for installer Action (#398) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* Update .github/workflows/schedule.installer.yml

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* Update .github/workflows/schedule.installer.yml

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* Update .github/workflows/schedule.installer.yml

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* Update .github/workflows/schedule.installer.yml

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* Update .github/workflows/schedule.installer.yml

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* Update .github/workflows/schedule.installer.yml

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* Update .github/workflows/schedule.installer.yml

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2022-12-14 01:37:23 +00:00
laurentsimon
a43888265e fix: command in installer Action (#396) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2022-12-08 22:32:57 +00:00
laurentsimon
901c5f7901 update (#394) 
Signed-off-by: laurentsimon <laurentsimon@google.com>
 2022-12-06 15:16:10 -06:00
laurentsimon
4cba39a15a feat: Add env variable to facilitate CI tests of Action installer (#393) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2022-12-06 20:25:47 +00:00
laurentsimon
477ac0d88e fix: show version in version command (#392) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2022-12-06 20:13:35 +00:00
WhiteSource Renovate
12d81454a0 chore(deps): update dependency @types/node to v18.11.8 (#341) 
Co-authored-by: asraa <asraa@google.com>
 2022-10-31 16:38:18 +00:00
WhiteSource Renovate
f0d1b30dca chore(deps): update dependency jasmine to v4.5.0 (#345) 2022-10-31 09:24:08 -05:00
WhiteSource Renovate
585539ab5f chore(deps): update dependency typescript to v4.8.4 (#270) 
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2022-10-28 04:58:23 +00:00
WhiteSource Renovate
429634c0e6 chore(deps): update dependency eslint to v8.26.0 (#323) 
Co-authored-by: asraa <asraa@google.com>
 2022-10-25 14:55:53 +00:00
laurentsimon
e9e3ab2e33 Make GitHub token optional (#324) 
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-10-25 11:04:34 +00:00
kpk47
37cf8fd48d Fix installer: Add arguments to actions/checkout so that it checks ou… (#319) 
* Fix installer: Add arguments to actions/checkout so that it checks out slsa-framework/slsa-verifier instead of the repo using the Action.

Signed-off-by: kpk47 <kkris@google.com>

* Switch to JS action

* rebuild TS

Signed-off-by: kpk47 <kkris@google.com>
 2022-10-25 10:42:00 +00:00
WhiteSource Renovate
4ec69efd87 chore(deps): update dependency eslint to v8.25.0 (#273) 2022-10-17 13:25:37 -05:00
WhiteSource Renovate
94b6087e2b chore(deps): update dependency eslint-plugin-github to v4.4.0 (#305) 
Co-authored-by: asraa <asraa@google.com>
 2022-10-17 11:26:05 -05:00
WhiteSource Renovate
b7b67c6740 chore(deps): update github-actions (#295) 2022-10-12 09:15:59 -05:00
WhiteSource Renovate
300cb9003d chore(deps): update dependency jasmine to v4.4.0 (#283) 2022-10-05 15:44:34 -05:00
WhiteSource Renovate
fc50b662fc chore(deps): pin dependencies (#269) 
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2022-10-04 01:00:02 +00:00