Releases: philips-labs/slsa-provenance-action
Releases · philips-labs/slsa-provenance-action
v0.9.0
v0.9.0
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
6b2fd19
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
Changelog
- 3746bf2: ⬆️ Bump actions/cache from 3.0.4 to 3.0.5 (@dependabot[bot])
- 310f332: ⬆️ Bump actions/cache from 3.0.5 to 3.0.6 (@dependabot[bot])
- 7058b58: ⬆️ Bump actions/checkout from 3.0.2 to 3.1.0 (@dependabot[bot])
- b2d766f: ⬆️ Bump actions/checkout from 3.1.0 to 3.2.0 (@dependabot[bot])
- 8670b47: ⬆️ Bump actions/checkout from 3.2.0 to 3.3.0 (@dependabot[bot])
- d5c9345: ⬆️ Bump actions/checkout from 3.3.0 to 3.4.0 (@dependabot[bot])
- a87ddb8: ⬆️ Bump actions/checkout from 3.4.0 to 3.5.0 (@dependabot[bot])
- 88a1a09: ⬆️ Bump actions/checkout from 3.5.0 to 3.5.3 (@dependabot[bot])
- 0c00dd6: ⬆️ Bump actions/checkout from 3.5.3 to 3.6.0 (@dependabot[bot])
- 56cf398: ⬆️ Bump actions/checkout from 3.6.0 to 4.0.0 (@dependabot[bot])
- d6faf43: ⬆️ Bump actions/checkout from 4.0.0 to 4.1.0 (@dependabot[bot])
- 5dfb6a6: ⬆️ Bump actions/checkout from 4.1.0 to 4.1.1 (@dependabot[bot])
- 97f73bf: ⬆️ Bump actions/download-artifact from 3.0.0 to 3.0.1 (@dependabot[bot])
- 0c57f5c: ⬆️ Bump actions/download-artifact from 3.0.1 to 3.0.2 (@dependabot[bot])
- ed7a5bd: ⬆️ Bump actions/setup-go from 3.2.0 to 3.2.1 (@dependabot[bot])
- eaff0a1: ⬆️ Bump actions/setup-go from 3.2.1 to 3.3.0 (@dependabot[bot])
- 3a09484: ⬆️ Bump actions/setup-go from 3.3.0 to 3.3.1 (@dependabot[bot])
- b9db5d5: ⬆️ Bump actions/setup-go from 3.3.1 to 3.4.0 (@dependabot[bot])
- e27f4f2: ⬆️ Bump actions/setup-go from 3.4.0 to 3.5.0 (@dependabot[bot])
- 62876c1: ⬆️ Bump actions/setup-go from 3.5.0 to 4.0.0 (@dependabot[bot])
- 9631940: ⬆️ Bump actions/setup-go from 4.0.0 to 4.0.1 (@dependabot[bot])
- 85046cc: ⬆️ Bump actions/setup-go from 4.0.1 to 4.1.0 (@dependabot[bot])
- cc7d74c: ⬆️ Bump actions/setup-go from 4.1.0 to 5.0.0 (@dependabot[bot])
- 08b4d87: ⬆️ Bump actions/upload-artifact from 3.1.0 to 3.1.1 (@dependabot[bot])
- 70437b3: ⬆️ Bump actions/upload-artifact from 3.1.1 to 3.1.2 (@dependabot[bot])
- f0c324d: ⬆️ Bump actions/upload-artifact from 3.1.2 to 3.1.3 (@dependabot[bot])
- 35eca78: ⬆️ Bump anchore/sbom-action from 0.11.0 to 0.12.0 (@dependabot[bot])
- fb57b1f: ⬆️ Bump anchore/sbom-action from 0.12.0 to 0.13.0 (@dependabot[bot])
- 194d937: ⬆️ Bump anchore/sbom-action from 0.13.0 to 0.13.1 (@dependabot[bot])
- adf3a8a: ⬆️ Bump anchore/sbom-action from 0.13.1 to 0.13.3 (@dependabot[bot])
- b9347b1: ⬆️ Bump anchore/sbom-action from 0.13.3 to 0.13.4 (@dependabot[bot])
- 4aaf6a1: ⬆️ Bump anchore/sbom-action from 0.13.4 to 0.14.2 (@dependabot[bot])
- f188a89: ⬆️ Bump anchore/sbom-action from 0.14.2 to 0.14.3 (@dependabot[bot])
- bf784fd: ⬆️ Bump anchore/sbom-action from 0.14.3 to 0.15.0 (@dependabot[bot])
- 8e383f8: ⬆️ Bump anchore/sbom-action from 0.15.0 to 0.15.1 (@dependabot[bot])
- 0f36c52: ⬆️ Bump codecov/codecov-action from 3.1.0 to 3.1.1 (@dependabot[bot])
- bb600c5: ⬆️ Bump codecov/codecov-action from 3.1.1 to 3.1.2 (@dependabot[bot])
- b86f4e9: ⬆️ Bump codecov/codecov-action from 3.1.2 to 3.1.3 (@dependabot[bot])
- 450643d: ⬆️ Bump codecov/codecov-action from 3.1.3 to 3.1.4 (@dependabot[bot])
- e4305e8: ⬆️ Bump github.com/docker/distribution (@dependabot[bot])
- 37037a0: ⬆️ Bump github.com/docker/docker (@dependabot[bot])
- 2efd2ab: ⬆️ Bump github.com/docker/docker (@dependabot[bot])
- ad77417: ⬆️ Bump github.com/google/go-containerregistry (@dependabot[bot])
- 333da6a: ⬆️ Bump github.com/google/go-containerregistry (@dependabot[bot])
- e7ae6b3: ⬆️ Bump github.com/google/go-containerregistry (@dependabot[bot])
- 1606b56: ⬆️ Bump github.com/google/go-containerregistry (@dependabot[bot])
- 9c4d5ab: ⬆️ Bump github.com/google/go-containerregistry (@dependabot[bot])
- 3df408f: ⬆️ Bump github.com/google/go-containerregistry (@dependabot[bot])
- 710ccc9: ⬆️ Bump github.com/google/go-containerregistry (@dependabot[bot])
- 9b01beb: ⬆️ Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (@dependabot[bot])
- 69bbe78: ⬆️ Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (@dependabot[bot])
- c40a444: ⬆️ Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (@dependabot[bot])
- 7f470e3: ⬆️ Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (@dependabot[bot])
- e31a5dd: ⬆️ Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (@dependabot[bot])
- 2af308f: ⬆️ Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (@dependabot[bot])
- 68bfd44: ⬆️ Bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (@dependabot[bot])
- d88be0a: ⬆️ Bump golang.org/x/crypto (@dependabot[bot])
- 3805275: ⬆️ Bump golang.org/x/net from 0.16.0 to 0.17.0 (@dependabot[bot])
- 66d28a2: ⬆️ Bump golang.org/x/net from 0.5.0 to 0.7.0 (@dependabot[bot])
- 8a5fd51: ⬆️ Bump golang.org/x/oauth2 from 0.1.0 to 0.2.0 (@dependabot[bot])
- a7de893: ⬆️ Bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 (@dependabot[bot])
- b8e8907: ⬆️ Bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (@dependabot[bot])
- 4a1cc02: ⬆️ Bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 (@dependabot[bot])
- 0ddf5ab: ⬆️ Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (@dependabot[bot])
- 5c27f90: ⬆️ Bump golang.org/x/oauth2 from 0.2.0 to 0.3.0 (@dependabot[bot])
- f68f40b: ⬆️ Bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 (@dependabot[bot])
- 3fbb2bc: ⬆️ Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (@dependabot[bot])
- b8dceba: ⬆️ Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (@dependabot[bot])
- 7a20e22: ⬆️ Bump golang.org/x/oauth2 from 0.9.0 to 0.11.0 (@dependabot[bot])
- 903776f: ⬆️ Bump goreleaser/goreleaser-action from 3 to 4 (@dependabot[bot])
- e25e2f0: ⬆️ Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 (@dependabot[bot])
- 6d2d381: ⬆️ Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 (@dependabot[bot])
- 97f7199: ⬆️ Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (@dependabot[bot])
- c6603ef: ⬆️ Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (@dependabot[bot])
- b3eabdf: ⬆️ Bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 (@dependabot[bot])
- f450c79: ⬆️ Bump philips-labs/slsa-provenance-action from 0.7.2 to 0.8.0 (@dependabot[bot])
- e5f2562: ⬆️ Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (@dependabot[bot])
- 7a7a210: ⬆️ Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (@dependabot[bot])
- 4f18ebf: ⬆️ Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (@dependabot[bot])
- 79f0052: ⬆️ Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (@dependabot[bot])
- 32de026: ⬆️ Bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (@dependabot[bot])
- 5c7e269: ⬆️ Bump sigstore/cosign-installer from 2.7.0 to 2.8.0 (@dependabot[bot])
- cb07346: ⬆️ Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (@dependabot[bot])
- f93593c...
Contributors
JeroenKnoops, jkremser, and 3 other contributors
Assets 29
- 1.31 KB
2023-12-11T10:46:32Z - 96 Bytes
2023-12-11T10:46:33Z - 178 Bytes
2023-12-11T10:46:34Z - 8.51 MB
2023-12-11T10:46:29Z - 70.5 KB
2023-12-11T10:46:30Z - 96 Bytes
2023-12-11T10:46:33Z - 96 Bytes
2023-12-11T10:46:33Z - 8.19 MB
2023-12-11T10:46:29Z - 70.5 KB
2023-12-11T10:46:30Z - 96 Bytes
2023-12-11T10:46:32Z -
2023-12-11T10:40:14Z -
2023-12-11T10:40:14Z - Loading
v0.8.0
v0.8.0
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
752766b
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
Changelog
- ea5e636: ⬆️ Bump actions/cache from 2.1.7 to 3 (@dependabot[bot])
- 0e178a0: ⬆️ Bump actions/cache from 3.0.0 to 3.0.1 (@dependabot[bot])
- 1af3390: ⬆️ Bump actions/cache from 3.0.1 to 3.0.2 (@dependabot[bot])
- 780df15: ⬆️ Bump actions/cache from 3.0.2 to 3.0.3 (@dependabot[bot])
- 7f1466f: ⬆️ Bump actions/cache from 3.0.3 to 3.0.4 (@dependabot[bot])
- 7973ba9: ⬆️ Bump actions/checkout from 2.4.0 to 3 (@dependabot[bot])
- 32bc9ba: ⬆️ Bump actions/checkout from 3.0.0 to 3.0.1 (@dependabot[bot])
- db379dc: ⬆️ Bump actions/checkout from 3.0.1 to 3.0.2 (@dependabot[bot])
- 7f47fcc: ⬆️ Bump actions/download-artifact from 2 to 3 (@dependabot[bot])
- 64b5b2e: ⬆️ Bump actions/setup-go from 2.2.0 to 3 (@dependabot[bot])
- a721c1e: ⬆️ Bump actions/setup-go from 3.0.0 to 3.1.0 (@dependabot[bot])
- 0734d7c: ⬆️ Bump actions/setup-go from 3.1.0 to 3.2.0 (@dependabot[bot])
- ec9320c: ⬆️ Bump actions/upload-artifact from 2 to 3 (@dependabot[bot])
- 1399248: ⬆️ Bump actions/upload-artifact from 3.0.0 to 3.1.0 (@dependabot[bot])
- 20e0a56: ⬆️ Bump anchore/sbom-action from 0.10.0 to 0.11.0 (@dependabot[bot])
- 912092a: ⬆️ Bump anchore/sbom-action from 0.6.0 to 0.7.0 (@dependabot[bot])
- 02d0828: ⬆️ Bump anchore/sbom-action from 0.7.0 to 0.8.0 (@dependabot[bot])
- 537b485: ⬆️ Bump anchore/sbom-action from 0.8.0 to 0.10.0 (@dependabot[bot])
- 2e13eeb: ⬆️ Bump codecov/codecov-action from 2.1.0 to 3.0.0 (#168) (@dependabot[bot])
- d334c62: ⬆️ Bump codecov/codecov-action from 3.0.0 to 3.1.0 (@dependabot[bot])
- ff63877: ⬆️ Bump github.com/google/go-containerregistry (@dependabot[bot])
- 49c89ee: ⬆️ Bump github.com/google/go-containerregistry (@dependabot[bot])
- bd911a6: ⬆️ Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 (@dependabot[bot])
- 7521383: ⬆️ Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (@dependabot[bot])
- 04b61d0: ⬆️ Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (@dependabot[bot])
- f844e63: ⬆️ Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (@dependabot[bot])
- 16681d3: ⬆️ Bump github.com/stretchr/testify from 1.7.2 to 1.7.5 (@dependabot[bot])
- 9a1cda7: ⬆️ Bump goreleaser/goreleaser-action from 2 to 3 (@dependabot[bot])
- 7e3251c: ⬆️ Bump sigstore/cosign-installer from 2.0.0 to 2.0.1 (@dependabot[bot])
- d515ccd: ⬆️ Bump sigstore/cosign-installer from 2.0.1 to 2.1.0 (@dependabot[bot])
- 781e803: ⬆️ Bump sigstore/cosign-installer from 2.1.0 to 2.2.0 (@dependabot[bot])
- ec66c08: ⬆️ Bump sigstore/cosign-installer from 2.2.0 to 2.3.0 (@dependabot[bot])
- 1239f68: ⬆️ Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 (@dependabot[bot])
- 28fa884: Bump cosign from v1.5.2 to v1.6.0 (@marcofranssen)
- b683690: Bump cosign in workflow from 1.5.1 to 1.5.2 (@marcofranssen)
- 42a888f: Bump cosign to v1.7.1 (@marcofranssen)
- 94745ae: Bump cosign to v1.8.0 (@marcofranssen)
- 752766b: Bump cosign to v1.9.0 (@marcofranssen)
- 5efa5ba: Bump to Go 1.18 (@marcofranssen)
- db23432: Enable workflows also on PR updates (@marcofranssen)
- 489d3b7: Lock actions used in workflows on patch releases (@marcofranssen)
- 09bcd85: Lock cache action on patch release (@marcofranssen)
- be0d6af: Lock download-artifact action on patch version (@marcofranssen)
- 59e02a2: Lock upload-artifact on patch release (@marcofranssen)
- 6941e32: Use go project package conventions (@marcofranssen)
Full Changelog: v0.7.2...v0.8.0
Contributors
marcofranssen and dependabot
Assets 31
v0.7.2
v0.7.2
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
dddb40e
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
Changelog
- dddb40e: Bump v0.7.1 to v0.7.2 for release (@marcofranssen)
- 1a66b6c: Restore github release provenance + provenance signing (@marcofranssen)
Full Changelog: v0.7.1...v0.7.2
Contributors
marcofranssen
Assets 31
v0.7.1
v0.7.1
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
3645ec0
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
Changelog
- 3645ec0: Bump v0.7.0 to v0.7.1 for release (@marcofranssen)
- 0ffd7f6: Create SBOM using Syft (#134) (@Brend-Smits)
- b6edd56: Use github to generate release notes (@marcofranssen)
Full Changelog: v0.7.0...v0.7.1
Contributors
marcofranssen and Brend-Smits
Assets 29
v0.7.0
v0.7.0
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
91684f3
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
This release drops the use of Docker to run this action. Instead we are now using the binaries natively. This allows to reuse you docker login session. Either via the docker/login-action or a docker login within your workflow. It is recommended to use the sigstore/cosign- installer so the release signature will also be verified upon installation of the binary.
Changelog
- d50e6fc ⬆️ Bump actions/setup-go from 2.1.5 to 2.2.0
- 9be60c7 ⬆️ Bump sigstore/cosign-installer from 1.4.1 to 2.0.0
- 6ae8f65 Bump cosign from v1.4.1 to v1.5.1
- 1917ee5 Bump v0.6.0 to v0.7.0-rc for release
- 91684f3 Bump v0.7.0-rc to v0.7.0 for release
- 419b873 Fix draft release installer
- 5df3fa8 Fix draft releases
- 58b193c Fix gh-release make task on MacOS
- 3c3ee60 Fix link to slsa-framework/github-actions-demo
- f9e3db5 Fix list releases test
- 03e87f5 Improve logging of slsa-provenance install
- ef55f6d Install slsa-provenance instead of using docker image
- cdc0cb7 Log cosign unavailable as warning
- 0d93f72 Make k8s keychain vs default keychain configurable
- 4d3ee36 Reduce duplication in downloading assets
- dfdaf36 Support Windows and ARM64 in installer
- 67318bf Utilize new setup-go action 'check-latest'
Full Changelog: v0.6.0...v0.7.0
v0.7.0-rc
v0.7.0-rc
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
47260ae
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
Changelog
- 9be60c7 ⬆️ Bump sigstore/cosign-installer from 1.4.1 to 2.0.0
- 6ae8f65 Bump cosign from v1.4.1 to v1.5.1
- 47260ae Bump v0.6.0 to v0.7.0-rc for release
- 58b193c Fix gh-release make task on MacOS
- 3c3ee60 Fix link to slsa-framework/github-actions-demo
- e79e0f9 Install slsa-provenance instead of using docker image
- ee2282e Make k8s keychain vs default keychain configurable
Full Changelog: v0.6.0...v0.7.0-rc
v0.6.0
v0.6.0
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
3c40057
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
This release adds support for Private Docker registries that require authentication.
To authenticate simply run docker login. slsa-provenance will read the credentials from the credential store.
Changelog
- 8d0286f Add ClientOptions for authentication to crane
- 3c40057 Bump v0.5.1 to v0.6.0 for release
- 6d36724 Fix version in docker build
- a16ebc9 Pass json as environment variables
- 1d1afcf Replace docker client with crane
Full Changelog: v0.5.1...v0.6.0
v0.5.1
v0.5.1
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
7510a8c
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
Changelog
- ca6c1b2 ⬆️ Bump actions/setup-go from 2.1.4 to 2.1.5
- b29f27b ⬆️ Bump github.com/docker/docker
- 91e5591 Add footer to release notes
- 885106c Add signing of binaries
- fae521a Add signing of release artifacts and containers
- f0be99d Attach slsaprovenance predicate only
- 940f3c5 Bump goreleaser version in Makefile
- 6a643ba Bump version for release to v0.5.1-draft
- 7855bd2 Bump version to v0.5.1 for release
- 7255811 Check release has a annotation/description
- f454e93 Fix to also sign the images
- 7736088 Remove as pub key is already committed
- 8cfdefd Remove certificates as we not use PKCS11
- abc16c4 Remove the PKCS11 certs from signing
- 7510a8c Revert "Remove as pub key is already committed"
- 598f792 Update release docs with drafts explanation
- 43d7a70 Update test for release paging
Full Changelog: v0.5.0...v0.5.1
v0.5.0
v0.5.0
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
ba29e99
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
Changelog
- b5cf8b5 ⬆️ Bump actions/cache from 2.1.6 to 2.1.7
- 33a20a0 ⬆️ Bump github.com/spf13/cobra from 1.2.1 to 1.3.0
- 4dc7f6f Add IMAGE_DIGEST output to release job
- 5c3277b Add container provenance job
- 79973f2 Add debugging for the action arguments
- 7225285 Add logging of http request with GitHub
- 6a59561 Add some missing defer calls to Close
- d5263fa Add subcommand input to the Github Action
- 6b4cbd9 Add test-race task to Makefile
- b7c8807 Add tests for OCI subjecter
- 636239e Add tests for container command + fix digest flag error
- 9390333 Args as string output
- 7e2ee54 Attest the container using cosign
- f70badb Bump github.com/google/go-github/v41/github from v39.2 to v41.0
- ba29e99 Bump version from v0.4.0 to v0.5.0 for release
- dac1c12 Change default to provenance.json instead of build.provenance
- 587690e Do not commit doc updates
- 8778fdc Fix arguments
- 5bd7c0a Fix provenance args for dockers in CI
- 6d97912 Fix release provenance to use the new github-release subcommand
- 1489f06 Get container variables for provenance in workflow
- 0c0ed88 Implement first draft to generate provenance for containers
- 0fc6b93 Migrate error wrapping to use go native logic
- d40a806 Move repeated string to const in files_test
- 0a8c490 Prevent whitelines in base64 encoding
- 4233703 Publish as draft when tag has suffix -draft
- a8bd75c Quote contexts in action.yml
- dca7236 Refactor Generate Command to cobra cli lib
- 29db98e Refactor Generate Command to cobra cli lib
- 2e451be Refactor action to support multiple usecases
- 0d8b360 Refactor additional materials to the environment
- 75cb706 Refactor materials reading from file to lib
- 95c63d2 Refactor version command to cobra lib
- 3125396 Remove action-docs.yaml as it does not add value anymore
- 8595578 Remove docker username secret
- a93f24e Resolve bug resulting in failing to push tags to origin
- 60802d7 Resolve issue with CONTAINER_DIGEST var in ci
- cf2d451 Resolve linter warnings
- b8149b4 Split files and release asset cli commands
- 0c8cf3a Swap files and github-release command to cobra lib
- c4d4dc4 Switch to composite action to dynamically build the image args
- bf324a9 Temp fix testcase release pages
- b92a609 Tidy go modules
- a28c1a8 Try fix action.yml
- 204d953 Update documentation
- 065eab8 Use base64 encoding for github and runner context
- cc02d63 Use variable for repos in Makefile
- 6d30e4e Validate required params gh-release make task
- 0645c6a fix-snapshot release naming
Docker images
docker pull philipssoftware/slsa-provenance:v0.5.0docker pull philipssoftware/slsa-provenance:7b62f2c0c0604997f0fad2288e85016f64c7bf1edocker pull ghcr.io/philips-labs/slsa-provenance:v0.5.0docker pull ghcr.io/philips-labs/slsa-provenance:7b62f2c0c0604997f0fad2288e85016f64c7bf1e
v0.4.0
v0.4.0
This tag was signed with the committer’s verified signature.
Brend-Smits
Brend Smits
33ba3da
This commit was signed with the committer’s verified signature.
Brend-Smits
Brend Smits
Changelog
6442288 Add BuildConfig to predicate structure
5e82c30 Add URI and Digest to ConfigSource
9086b31 Add assertions for metadata
33cb940 Add documentation about release procedure
60854d2 Add make command to automate release procedure
4d1028a Add test to verify code is producing the correct JSON
2ca9be8 Apply suggestions from code review
33ba3da Bump v0.3.0 to v0.4.0 for release
10c44b6 Move recipe.type one level up as buildType
b79087a Refactor arguments to parameters
19073a9 Refactor invocation entrypoint to configSource
968662e Remove definedInMaterial from invocation
9551b97 Rename recipe to invocation
af780dc Update example_provenance.json to slsa 0.2 spec
Docker images
docker pull philipssoftware/slsa-provenance:v0.4.0docker pull philipssoftware/slsa-provenance:33ba3da2213c83ce02df0f2f6ba925ec79037f9ddocker pull ghcr.io/philips-labs/slsa-provenance:v0.4.0docker pull ghcr.io/philips-labs/slsa-provenance:33ba3da2213c83ce02df0f2f6ba925ec79037f9d