slsa-verifier

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-07 09:06:35 +00:00

Author	SHA1	Message	Date
laurentsimon	a43888265e	fix: command in installer Action (#396 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> v2.0.1	2022-12-08 22:32:57 +00:00
laurentsimon	901c5f7901	update (#394 ) Signed-off-by: laurentsimon <laurentsimon@google.com>	2022-12-06 15:16:10 -06:00
laurentsimon	4cba39a15a	feat: Add env variable to facilitate CI tests of Action installer (#393 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <laurentsimon@google.com>	2022-12-06 20:25:47 +00:00
laurentsimon	477ac0d88e	fix: show version in `version` command (#392 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com>	2022-12-06 20:13:35 +00:00
laurentsimon	4a6c5b1677	feat: add more tests for GCB verification (#389 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <laurentsimon@google.com>	2022-12-05 13:31:58 -08:00
Ian Lewis	267242e153	fix: Fix error check for decodeSignature (#385 ) Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Signed-off-by: Ian Lewis <ianmlewis@gmail.com>	2022-12-03 11:05:56 -08:00
laurentsimon	b9058c5596	docs: Add comment for signature decoding (#380 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * Update verifiers/internal/gcb/provenance.go Co-authored-by: asraa <asraa@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: asraa <asraa@google.com>	2022-12-02 19:34:29 +00:00
asraa	b6a9853023	docs: add release steps for a new major release (#378 ) Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-12-02 18:16:18 +00:00
asraa	d50e89b559	fix: handle workflow input flag parsing (#379 ) * fix: handle workflow input flag parsing Signed-off-by: Asra Ali <asraa@google.com> * add smoke tests Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2022-12-02 10:01:20 -08:00
Shunsuke Suzuki	c9993a51d8	docs: fix go install (#376 ) https://github.com/slsa-framework/slsa-verifier/pull/375#discussion_r1037775148 I found this doesn't work. To install slsa-verifier v2 by go install, we have to release v2.0.1 or later. ``` go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.0.0 go: github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.0.0: github.com/slsa-framework/slsa-verifier@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("github.com/slsa-framework/slsa-verifier/v2") ``` Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>	2022-12-02 09:16:40 -06:00
Shunsuke Suzuki	798db79f54	docs: add the checksum of v2.0.0 (#374 ) Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2022-12-02 12:22:14 +09:00
Shunsuke Suzuki	59a3af3d90	docs: update slsa-verifier to v2.0.0 (#375 ) Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-12-02 03:13:25 +00:00
Shunsuke Suzuki	74fd528309	fix: fix the Go package version to v2 (#373 ) * fix: fix the package version to v2 ``` git ls-files \| grep ".go$" \| xargs -n 1 gsed -i "s\|github.com/slsa-framework/slsa-verifier\|github.com/slsa-framework/slsa-verifier/v2\|g" ``` Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * fix: fix the package version to v2 Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * test: fix source Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>	2022-12-01 18:49:39 -08:00
asraa	128324f488	ci: add pr workflow to check pr title format (#372 ) * ci: add pr workflow to check pr title format Signed-off-by: Asra Ali <asraa@google.com> v2.0.0	2022-11-30 21:35:33 +00:00
Mend Renovate	7bebbb9e1f	chore(deps): update actions/dependency-review-action action to v3 (#358 ) Co-authored-by: asraa <asraa@google.com>	2022-11-29 15:15:51 +00:00
Mend Renovate	0ef57a2b08	chore(deps): update github-actions (#359 ) * chore(deps): update github-actions * Update release.yml Co-authored-by: asraa <asraa@google.com>	2022-11-28 18:02:24 +00:00
asraa	1c41687aac	Update to reference v1.3.2 as latest version. (#369 ) Signed-off-by: Ian Lewis <ianlewis@google.com> Signed-off-by: Ian Lewis <ianlewis@google.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2022-11-28 16:40:11 +00:00
Ian Lewis	3162d85faf	Update README (#361 ) Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Co-authored-by: asraa <asraa@google.com>	2022-11-28 16:20:13 +00:00
Ian Lewis	2cd857d928	Update renovate config to group PRs (#368 ) Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Signed-off-by: Ian Lewis <ianmlewis@gmail.com>	2022-11-28 13:46:35 +09:00
Ian Lewis	28b554f525	Add golangci-lint and yamllint (#365 ) * Add Makefile and yamllint config Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * Add golangci-lint config Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * Add golangci-lint config Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * add linters to pre-submit Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * add issue link to todos Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * Fix whitespace issue Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Signed-off-by: Ian Lewis <ianmlewis@gmail.com>	2022-11-28 10:19:59 +09:00
Mend Renovate	6cd5d4ac68	chore(deps): update github-actions (#351 ) Co-authored-by: Ian Lewis <ianlewis@google.com>	2022-11-14 22:55:08 +00:00
Ian Lewis	bbe98e8f2e	Add e2e tests for slsa-github-generator v1.2.2 (#355 ) * Add e2e tests for slsa-github-generator v1.2.2 * Fix testdata Signed-off-by: Ian Lewis <ianmlewis@gmail.com>	2022-11-14 15:31:04 +00:00
Shunsuke Suzuki	f7bd16431b	fix: fix error logs (#356 )	2022-11-11 10:44:03 -06:00
Tahir Raza	a9f100cf3d	fixing typo (#352 ) Signed-off-by: Tahir Raza <tahirraza@gmail.com> Signed-off-by: Tahir Raza <tahirraza@gmail.com>	2022-11-05 23:14:06 +00:00
asraa	ef0f1a7a24	refactor: consolidate verification funcs for GHA (#348 ) * consolidate verification funcs Signed-off-by: Asra Ali <asraa@google.com>	2022-11-02 15:32:39 -05:00
asraa	26f422b6b2	add new releases (#347 ) Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2022-11-01 09:38:26 +09:00
WhiteSource Renovate	a5568ee8ba	fix(deps): update module github.com/spf13/cobra to v1.6.1 (#340 ) Co-authored-by: asraa <asraa@google.com>	2022-10-31 18:24:56 +00:00
WhiteSource Renovate	1dfd8ba693	chore(deps): update github-actions (#342 )	2022-10-31 18:13:42 +00:00
WhiteSource Renovate	12d81454a0	chore(deps): update dependency @types/node to v18.11.8 (#341 ) Co-authored-by: asraa <asraa@google.com>	2022-10-31 16:38:18 +00:00
WhiteSource Renovate	9a0c0ce3c4	chore(deps): update github-actions to v3 (#344 ) Co-authored-by: asraa <asraa@google.com>	2022-10-31 09:39:45 -05:00
WhiteSource Renovate	f0d1b30dca	chore(deps): update dependency jasmine to v4.5.0 (#345 )	2022-10-31 09:24:08 -05:00
WhiteSource Renovate	585539ab5f	chore(deps): update dependency typescript to v4.8.4 (#270 ) Co-authored-by: Ian Lewis <ianlewis@google.com>	2022-10-28 04:58:23 +00:00
Ian Lewis	c845407336	Update sigstore libraries (#326 ) * Update sigstore libraries Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * Update slsa-github-generator Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * go mod tidy Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Co-authored-by: asraa <asraa@google.com>	2022-10-27 14:36:36 +00:00
laurentsimon	78187e501f	feat: run CLI tests daily (#327 ) * update * update * update * update * update	2022-10-27 05:46:10 -07:00
WhiteSource Renovate	429634c0e6	chore(deps): update dependency eslint to v8.26.0 (#323 ) Co-authored-by: asraa <asraa@google.com>	2022-10-25 14:55:53 +00:00
laurentsimon	e9e3ab2e33	Make GitHub token optional (#324 ) Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-10-25 11:04:34 +00:00
kpk47	37cf8fd48d	Fix installer: Add arguments to actions/checkout so that it checks ou… (#319 ) * Fix installer: Add arguments to actions/checkout so that it checks out slsa-framework/slsa-verifier instead of the repo using the Action. Signed-off-by: kpk47 <kkris@google.com> * Switch to JS action * rebuild TS Signed-off-by: kpk47 <kkris@google.com>	2022-10-25 10:42:00 +00:00
Wietse Venema	27597feff8	Add optional (#316 ) * Update README.md Add missing [optional] indicators to the "verify-artifact" --help example. Signed-off-by: Wietse Venema <72045954+wietse-gmail@users.noreply.github.com> * Add missing [optional] indicators to the verify-artifact help message Signed-off-by: Wietse Venema <72045954+wietse-gmail@users.noreply.github.com> Signed-off-by: Wietse Venema <72045954+wietse-gmail@users.noreply.github.com>	2022-10-23 23:33:39 +00:00
asraa	e9cd6b763c	fix: address gcb verifier comments and add gcb documentation (#300 ) * address gcb verifier comments Signed-off-by: Asra Ali <asraa@google.com>	2022-10-21 21:06:22 +00:00
asraa	efc53fc78e	docs: update release.md docs to describe a pre-release (#314 ) * update docs Signed-off-by: Asra Ali <asraa@google.com>	2022-10-21 15:37:12 -05:00
asraa	c151f47368	add v1.2.1 builder tests (#310 ) Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2022-10-20 01:45:22 -07:00
asraa	6766be33a8	tests: fix builder id matching (#308 ) * fix builder id matching Signed-off-by: Asra Ali <asraa@google.com>	2022-10-18 16:02:08 -05:00
WhiteSource Renovate	4ec69efd87	chore(deps): update dependency eslint to v8.25.0 (#273 )	2022-10-17 13:25:37 -05:00
asraa	05d247fb14	rekor: use rekor client with retries (#301 ) Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2022-10-17 16:55:40 +00:00
WhiteSource Renovate	beada4bd09	fix(deps): update module github.com/go-openapi/runtime to v0.24.2 (#304 ) Co-authored-by: asraa <asraa@google.com>	2022-10-17 16:33:55 +00:00
WhiteSource Renovate	94b6087e2b	chore(deps): update dependency eslint-plugin-github to v4.4.0 (#305 ) Co-authored-by: asraa <asraa@google.com>	2022-10-17 11:26:05 -05:00
WhiteSource Renovate	4a8f4bd0d9	chore(deps): update gcr.io/distroless/base:nonroot docker digest to a6441d1 (#306 )	2022-10-17 10:53:38 -05:00
WhiteSource Renovate	3ab86db547	chore(deps): update gcr.io/distroless/base:nonroot docker digest to 3778d4f (#293 ) Co-authored-by: asraa <asraa@google.com>	2022-10-12 14:45:11 +00:00
WhiteSource Renovate	4f09605a47	fix(deps): update module github.com/sigstore/sigstore to v1.4.4 (#294 ) Co-authored-by: asraa <asraa@google.com>	2022-10-12 14:26:35 +00:00
WhiteSource Renovate	b7b67c6740	chore(deps): update github-actions (#295 )	2022-10-12 09:15:59 -05:00

1 2 3 4 5

211 Commits