Skip to content

Commit

Permalink
chore(deps): bump slsa-framework/slsa-github-generator from 1.4.0 to …
Browse files Browse the repository at this point in the history 
…2.0.0 (#71)

Bumps
[slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator)
from 1.4.0 to 2.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/slsa-framework/slsa-github-generator/releases">slsa-framework/slsa-github-generator's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v2.0.0-rc.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.10.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.9.1</h2>
<p><strong>This is an un-finalized release.</strong></p>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.9.1-rc.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.9.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.9.0-rc.0</h2>
<p><strong>This is an un-finalized pre-release.</strong></p>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.8.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v180">CHANGELOG</a>
for details.</p>
<h2>v1.8.0-rc.2</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.8.0-rc.1</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.8.0-rc.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.7.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#170">CHANGELOG</a>
for details.</p>
<h2>v1.7.0-rc.1</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v1.7.0-rc.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<p>This is UNFINALIZED.</p>
<h2>v1.6.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md">slsa-framework/slsa-github-generator's
changelog</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<h3>v2.0.0: Breaking Change: upload-artifact and download-artifact</h3>
<ul>
<li>Our workflows now use the new <code>@v4</code>s of
<code>actions/upload-artifact</code> and
<code>actions/download-artifact</code>, which are incompatiblle with the
prior <code>@V3</code>. See
Our docs on the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#compatibility-with-actionsdownload-artifact">generic
generator</a>
for more information and how to upgrade.</li>
</ul>
<h3>v2.0.0: Breaking Change: attestation-name Workflow Input and
Output</h3>
<ul>
<li><code>attestation-name</code> as a workflow input to
<code>.github/workflows/generator_generic_slsa3.yml</code> is now
removed. Use
<code>provenance-name</code> instead.</li>
</ul>
<h3>v2.0.0: DSSE Rekor Type</h3>
<ul>
<li>When uploading signed provenance to the log, the entry created in
the log is now
a DSSE Rekor type. This fixes a bug where the current intoto type does
not
persist provenance signatures. The attestation will no longer be
persisted
in Rekor (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3299">#3299</a>)</li>
</ul>
<h2>v1.10.0</h2>
<p>Release <a
href="https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.10.0">v1.10.0</a>
includes bug fixes and new features.</p>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0">full
change list</a>.</p>
<h3>v1.10.0: TUF fix</h3>
<ul>
<li>The cosign TUF roots were fixed (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3350">#3350</a>).
More details <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid">here</a>.</li>
</ul>
<h3>v1.10.0: Gradle Builder</h3>
<ul>
<li>The Gradle Builder was fixed when the project root is the same as
the
repository root (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/2727">#2727</a>)</li>
</ul>
<h3>v1.10.0: Go Builder</h3>
<ul>
<li>The <code>go-version-file</code> input was fixed so that it can find
the <code>go.mod</code> file
(<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/2661">#2661</a>)</li>
</ul>
<h3>v1.10.0: Container Generator</h3>
<ul>
<li>A new <code>provenance-repository</code> input was added to allow
reading provenance from
a different container repository than the image itself (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/2956">#2956</a>)</li>
</ul>
<h2>v1.9.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/5a775b367a56d5bd118a224a811bba288150a563"><code>5a775b3</code></a>
chore: v2.0.0: update tags (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3583">#3583</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/41733f74c025cc6d156547121989dd50fbc92364"><code>41733f7</code></a>
chore: v2.0.0-rc.0: update tags (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3578">#3578</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/3789345176c808c7a10e049021fce712d8a0c8b7"><code>3789345</code></a>
docs: v.2.0.0: finalize CHANGELOG.md (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3577">#3577</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/02fc78b979e15ee621875039cb550e5b454b0955"><code>02fc78b</code></a>
fix: deadlock and improve debugging experience (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3570">#3570</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/4534a0b24500dfdd11685f2950cba9a35086c4d2"><code>4534a0b</code></a>
break: Revert &quot;chore: Revert &quot;fix: upload-artifact and
download-artifact v4&quot;&quot;...</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/e8c2dcff94b830dfe6897c48b7218c85fe6f3eb3"><code>e8c2dcf</code></a>
fix(deps): Update Sigstore Dep to Sigstore 2.2.2 (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3491">#3491</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/2512315f2272b7cde8e609d26a55807593c8dc68"><code>2512315</code></a>
feat(breaking): remove attestation-name input and output (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3456">#3456</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/4fbc6a9e127dff1c59d860d84c0234d1b5e3a3e3"><code>4fbc6a9</code></a>
chore: add ramonpetgrave64 to CODEOWNERS (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3490">#3490</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/8869c8a5155fcf554f5bc8dfa4ac3cae624d8513"><code>8869c8a</code></a>
fix: Switch to newer DSSE rekor type (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3299">#3299</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/9d81ca7164fc7ec1291ec266552f37bbb9099c6b"><code>9d81ca7</code></a>
chore: Update slsa-verifier version (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3454">#3454</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v2.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=slsa-framework/slsa-github-generator&package-manager=github_actions&previous-version=1.4.0&new-version=2.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **Novos Recursos**
- Atualização do workflow do GitHub Actions para a versão 2.0.0,
proporcionando melhorias e novas funcionalidades.


<!-- end of auto-generated comment: release notes by coderabbit.ai -->
  • Loading branch information
@nataliagranato
nataliagranato authored Sep 10, 2024
2 parents a62e839 + 722463a commit 9327731
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/generator-generic-ossf-slsa3-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ jobs:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.build.outputs.digests }}"
upload-assets: true # Optional: Upload to a new release

0 comments on commit 9327731

Please sign in to comment.