Spiffe Vault Versions Save

Integrates Spiffe and Vault to have secretless authentication

v0.6.2

2 months ago

Changelog

Other changes

  • 24c489ae9311d5770433cf574eec7b264092bd12: Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (@dependabot[bot])

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.6.1...v0.6.2

v0.6.1

2 months ago

Changelog

Other changes

  • 0f49b983e95a77989670017834e8aacd903ea3c2: Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (@dependabot[bot])

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.6.0...v0.6.1

v0.6.0

2 months ago

Changelog

Other changes

  • 627190ba3890b73965f26071f80915894de6f6df: Add multi-arch Docker image support (@marcofranssen)
  • 1ff520854ae2061dc10d68e688d93f3933ba148d: Add source label on containers (@marcofranssen)
  • 61786a1fc63dddba86e295675291ce37b6929ebb: Also publish the signatures as part of the release (@marcofranssen)
  • f940c26f854b123768b9da1f8a0316bd85bc2d44: Bump actions/setup-go from 4.1.0 to 5.0.0 (@dependabot[bot])
  • 292d5e097eb967d7ecae29ebbe66c3b9b1f56a7f: Bump busybox to latest + bump ca-certificaes and vault-binary to latest (@marcofranssen)
  • 1690c2e858da0b45f3130543a61e53f16fc65ece: Bump codecov/codecov-action from 3.1.4 to 3.1.5 (@dependabot[bot])
  • f02eb63c96d6b450edb33794ea9ece1d8dd9651f: Bump codecov/codecov-action from 3.1.5 to 4.0.2 (@dependabot[bot])
  • a5d127081d580f6ebd857905ff0b631232c93a76: Bump codecov/codecov-action from 4.0.2 to 4.1.0 (@dependabot[bot])
  • 87498db54225db72491a5926f970a8e54ea51e49: Bump cosign to v2.2.1 (@marcofranssen)
  • dac9a3292c2993e85cd7a53086c7ad7c58d248b5: Bump cosign to v2.2.3 (@marcofranssen)
  • 4fd40a5bda68eb83593fbffc7f1bed68e80fc291: Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (@dependabot[bot])
  • 3120adc6351587c4a8a53fb084dcbbc2629904f1: Bump github.com/hashicorp/vault/api from 1.10.0 to 1.11.0 (@dependabot[bot])
  • 34abf28b0b7b6a59c2040cfa4cab11400ebe61c2: Bump github.com/hashicorp/vault/api from 1.11.0 to 1.12.0 (@dependabot[bot])
  • 5caad6433620fdc904ce0b6ec02579fcdb8e078a: Bump github.com/spiffe/go-spiffe/v2 from 2.1.6 to 2.1.7 (@dependabot[bot])
  • 269629cc2cc740001d8ebae1a92d1bfcff32ee28: Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (@dependabot[bot])
  • d11c1e00f8489c6a086bd2cc36da4d454efba812: Bump go to 1.22 (@marcofranssen)
  • d493d25a1dfff410fab147cdd7ec2f58c808c40b: Bump google.golang.org/grpc from 1.53.0 to 1.56.3 (@dependabot[bot])
  • 8974a991b87f40f44bb7784cc4720beadbac986c: Bump hashicorp/setup-terraform from 2.0.3 to 3.0.0 (@dependabot[bot])
  • 678457be4fce720f90b02d6cf65281997a6d37e0: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])
  • 66978ab7ca58f192721932e87242f3bfffe8de1e: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])
  • 919defdc2cf2d2edef452eb7d6c319dc49de52c5: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])
  • 74eaf9c244bf845a7f1e101f391dbf94ff853ea9: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])
  • 6dd2763818434e479920748892f7f5bc3f438249: Bump philips-labs/slsa-provenance-action from 0.8.0 to 0.9.0 (@dependabot[bot])
  • d7cfa18d2a9466384a33c2f10e858be26f342673: Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (@dependabot[bot])
  • 0408f4969c09eb8428db4e56f3be0d8a5e5d2300: Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (@dependabot[bot])
  • c852cde366a193f932fcdd5f0c4536ab497bc5bd: Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (@dependabot[bot])
  • c36ca04f87c77b54212dfac0c3b8ae7b687e91dc: Remove the release to dockerhub, only releasing to ghcr.io from now on (@marcofranssen)

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.5.1...v0.6.0

v0.5.1

7 months ago

Changelog

Other changes

  • fbcc09b6e0bc7d2b11efde6637842a20562d81ff: Bump actions/checkout from 3 to 4 (@dependabot[bot])
  • aecdfa3dc401db6303c9c8cdc6fbc3d3799d9d55: Bump golang.org/x/net from 0.7.0 to 0.17.0 (@dependabot[bot])
  • 082cdbbd98e70b30d5587823c3d39d7f5dc136f7: Bump goreleaser/goreleaser-action from 4 to 5 (@dependabot[bot])
  • 470f901e68d61a31a8911f39f2aa0f1824945059: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.5.0...v0.5.1

v0.5.0

8 months ago

Changelog

Other changes

  • 49323a19490d93fed999d7c7e711a2f38776633a: Add .envrc to .gitignore (@marcofranssen)
  • 075030619d145689ce11cc8bda2cdad7c6b77455: Auto install goreleaser when binary is missing (@marcofranssen)
  • 558e1178f35399cfba4ffb5291d6f5fd7053ea9b: Bump Go from 1.18 to 1.21 (@marcofranssen)
  • f6c32735aaafca87361a0a91646b6dcce114becd: Bump actions/cache from 3.0.11 to 3.2.2 (@dependabot[bot])
  • 0e4da7cce5f2222dd620f109a19a2a4cd3f4bfde: Bump actions/cache from 3.2.2 to 3.2.3 (@dependabot[bot])
  • 17811461c6cf53f0425fae1ec464e2c06273e454: Bump actions/cache from 3.2.3 to 3.2.4 (@dependabot[bot])
  • 945224e2cdef5a2019582e3381bfc1854cdbda13: Bump actions/cache from 3.2.4 to 3.2.5 (@dependabot[bot])
  • 98fddef16095d8556bb204bfe7790e30d66fd7b8: Bump actions/cache from 3.2.5 to 3.3.1 (@dependabot[bot])
  • c8b305a27295364c893313aed13bf2439095c3eb: Bump actions/setup-go from 3.3.1 to 3.4.0 (@dependabot[bot])
  • a4e9cfc1f956857fb1d3b21a3e2cb645cdb57445: Bump actions/setup-go from 3.4.0 to 3.5.0 (@dependabot[bot])
  • c944e2810aa81c1c799644915a88c638b04b98a4: Bump actions/setup-go from 3.5.0 to 4.0.1 (@dependabot[bot])
  • 409f5f6bdea4f1b1c9b50d9c743dc25ed03e6b68: Bump actions/setup-go from 4.0.1 to 4.1.0 (@dependabot[bot])
  • 83592fefc5de37cb28780cd0c4ecf0e0e2d06e28: Bump codecov/codecov-action from 3.1.1 to 3.1.2 (@dependabot[bot])
  • d592fb0521e9705631840ea020a388f1476dd008: Bump codecov/codecov-action from 3.1.2 to 3.1.3 (@dependabot[bot])
  • 6e9df2534a63e82bc814ae095c0ccfdf27b858d1: Bump codecov/codecov-action from 3.1.3 to 3.1.4 (@dependabot[bot])
  • ff9c52fbdefc51a8308cede048a79c96c5dd2d3e: Bump cosign to v2.0.2 (@marcofranssen)
  • d3ec4fce8101d269fd01138acd0124a2e63e987e: Bump github.com/hashicorp/vault/api from 1.8.2 to 1.9.0 (@dependabot[bot])
  • d3411f9ba4383f0c7a0da0bf874789bd8fe836fb: Bump github.com/hashicorp/vault/api from 1.9.0 to 1.9.1 (@dependabot[bot])
  • 164673979090fdafa2a806e044ed7c1e4378a23c: Bump github.com/hashicorp/vault/api from 1.9.1 to 1.9.2 (@dependabot[bot])
  • 6c451a4c716141750a30b1ca2fedd07d4c1e1e1d: Bump github.com/hashicorp/vault/api from 1.9.2 to 1.10.0 (@dependabot[bot])
  • a2e77aa2534d853b29fffdf29a3b2e1edd44f1bf: Bump github.com/peterbourgon/ff/v3 from 3.3.0 to 3.3.1 (@dependabot[bot])
  • 7ded13f85eb72a44a862ddcb0423b6edb4952ffa: Bump github.com/peterbourgon/ff/v3 from 3.3.1 to 3.3.2 (@dependabot[bot])
  • e0dd42c8f780a192c4474d6d9c22a8795064237a: Bump github.com/peterbourgon/ff/v3 from 3.3.2 to 3.4.0 (@dependabot[bot])
  • 99ed4f628a0a65230eb9dc10e656eaf31b58b30a: Bump github.com/spiffe/go-spiffe/v2 from 2.1.1 to 2.1.2 (@dependabot[bot])
  • 093b38f11ebfc15cce09e11dbc40817086e88b9b: Bump github.com/spiffe/go-spiffe/v2 from 2.1.2 to 2.1.4 (@dependabot[bot])
  • 90d7d2450643276e47090a3f37ec3fb8e8e250a9: Bump github.com/spiffe/go-spiffe/v2 from 2.1.4 to 2.1.5 (@dependabot[bot])
  • 9307a79cbba5813e29d20eda9a6b934f033ea17c: Bump github.com/spiffe/go-spiffe/v2 from 2.1.5 to 2.1.6 (@dependabot[bot])
  • 8bf2631416e7c1da2fd3a89f8db32fc833e574da: Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (@dependabot[bot])
  • 898f187c04a56d566bcbf8f753c559abffc2278b: Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (@dependabot[bot])
  • 2fdd820d8dde8e2aa8ce81e4b13224ae62032ed4: Bump goreleaser/goreleaser-action from 3 to 4 (@dependabot[bot])
  • 990678d86ed98a150bc78a1442d457cef4a95787: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])
  • 5c1648da9fcaf63079ece9286efb1a90f819868b: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])
  • 8e01e5fffb4d3d72119da21fd8d2b7ad77f26b7d: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])
  • e86ba86a2e02886e033b03d41ae3f840f14f00bc: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])
  • 2e46a22719985c947e6b5377810f82de2bcc84e0: Bump hashicorp/vault in /example/vault/environments/local (@dependabot[bot])
  • c9972a20808853265df19d30aaf26ead6ae33141: Bump runners from ubuntu-20.04 to ubuntu-22.04 (@marcofranssen)
  • 34b9ec6ddcb1c3cb8d01adf7fe634e2d405d6a0f: Bump sigstore/cosign-installer from 2.8.1 to 3.0.3 (@dependabot[bot])
  • 926a8e7b086b856f74c6d0714fe7de37c262e9a6: Bump sigstore/cosign-installer from 3.0.3 to 3.0.5 (@dependabot[bot])
  • c01299a3709d39d8bbbc266d4189960a56184725: Bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#144) (@dependabot[bot])
  • d2b219e7c930edf8e782edae60bb46dccd875a85: Bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#146) (@dependabot[bot])
  • a3da63b5e9355d5a072249740dfc6ef0abed243b: Bump sigstore/cosign-installer from 3.1.1 to 3.1.2 (#151) (@dependabot[bot])
  • f12cc64b391ac75387c48a3e7a7267343676becd: Fix cosign in goreleaser (@marcofranssen)
  • 0913caca86a966983b2af3652ee3cc855c61d92f: Fix opencontainers.image.created label (@marcofranssen)
  • 52216bd8c1307d4cd34b4aa8d71eeb3e721e7fa1: Fix terraform formatting (@marcofranssen)
  • 430e7d0f6aed0255d232c0fe566bf55f6f932efb: Remove caching action as this is integrated in setup-go (@marcofranssen)
  • 203c7b6e07464a2007060e06dda235d04d341ebf: Remove deprecated replacements config from archives (@marcofranssen)
  • 872d494957d6abc4af2dcbe73e8e5b06370c1cb0: Replace deprecated --rm-dist flag with --clean (@marcofranssen)
  • 628ccef2df38fc5bd074dadf805c24e664c39353: Tidy Go modules (@marcofranssen)

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.4.1...v0.5.0

v0.4.1

1 year ago

Changelog

Other changes

  • 63c2029648be855a58e00063ed2f4b8c0266e2f0: Add configurable socketPath for spire-agent (@marcofranssen)
  • 56be1c87f920bfcebb3c1f19c4558e7922be4ed5: Bump actions/cache from 3.0.10 to 3.0.11 (@dependabot[bot])
  • 9990d6d5217adb446cdac7b82708b7b0ff83c979: Bump actions/cache from 3.0.5 to 3.0.6 (@dependabot[bot])
  • 6c89c61a9633b4c43fc754da48874a0da8342029: Bump actions/cache from 3.0.6 to 3.0.8 (@dependabot[bot])
  • b0456ce02200034755ac90fc99cf8622424c0a38: Bump actions/cache from 3.0.8 to 3.0.10 (@dependabot[bot])
  • 1074d6cca058961180a93908c4280f3400f7a16b: Bump actions/setup-go from 3.2.1 to 3.3.0 (@dependabot[bot])
  • 9e6f2db40e8eb7339099845ec3ce04dc95db0a8c: Bump actions/setup-go from 3.3.0 to 3.3.1 (@dependabot[bot])
  • 3fd6fdb79a36656f35522d01f8d484a8beca57b2: Bump codecov/codecov-action from 3.1.0 to 3.1.1 (@dependabot[bot])
  • 7ebd2b6a8b64141abee16bfc0fecf787dc9787c4: Bump cosign from 1.10.1 to 1.11.1 (@marcofranssen)
  • 6ee2400955b0bc98f811d9ca12bbae224805b198: Bump cosign from 1.11.1 to 1.12.1 (@marcofranssen)
  • a46b5dbc817764864cf0bc5bdd4002894757caa8: Bump cosign from 1.12.1 to 1.13.0 (@marcofranssen)
  • 3359762efab5a234341da9112d36a538ea008d3e: Bump cosign from v1.10.0 to v1.10.1 (@marcofranssen)
  • ff22aa0be564a793d53400670b31e214fe0ac415: Bump cosign from v1.13.0 to v1.13.1 (@marcofranssen)
  • 210d03959d6577c7fd5f44435e1c2ac9569a4bd5: Bump cosign to v1.10.0 (@marcofranssen)
  • b9b4b83d1c7be42d86e92e76b8cb480402bd15a4: Bump example to install pinned version of vault (@marcofranssen)
  • 6f9b9767cb68d94bb8ebdcf2833abcc6a9f282c6: Bump example vault terraform provisioning (@marcofranssen)
  • d03cdfcf30fa14bf0b337c68e35f5cceff9d8f9c: Bump github.com/hashicorp/vault/api from 1.7.2 to 1.8.1 (@dependabot[bot])
  • b9fc99c87a0c48df6b7c2f7bcdabc3d32f8b7dc2: Bump github.com/hashicorp/vault/api from 1.8.1 to 1.8.2 (@dependabot[bot])
  • 70609dd2e8936d65f9362033696c94acfa7dd132: Bump github.com/peterbourgon/ff/v3 from 3.1.2 to 3.3.0 (@dependabot[bot])
  • cccc2f99ac14654890cdc39ef0f9ffb28a3f6e81: Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (@dependabot[bot])
  • a699e405bd7a834f2545b780b09bfdcea30547db: Bump hashicorp/setup-terraform from 2.0.0 to 2.0.2 (@dependabot[bot])
  • 904d422862a94696612257ceb4bc86d30b531aa3: Bump hashicorp/setup-terraform from 2.0.2 to 2.0.3 (@dependabot[bot])
  • 7d5b90304fe713ee8e863857d99616f846760912: Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (@dependabot[bot])
  • f8876c8f8f8e8062bb3cf0adec7c57b0a5d9a72d: Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (@dependabot[bot])
  • 9bae4a9ada1034bdcfacc6a56c91520fe9c2ac07: Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (@dependabot[bot])
  • 2c3196d1bfc64606bfd6dfe766c384865f950521: Bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (@dependabot[bot])
  • bdd5d540085b64918bde9c5a031a9405b05aca5b: Bump sigstore/cosign-installer from 2.7.0 to 2.8.0 (@dependabot[bot])
  • 7d2f9a78566542542bdab684546f214d4fc7312c: Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (@dependabot[bot])
  • 3c3dac2ed99faddc5af983bc8342d970824e090a: Bump spiffe-vault chart to use spiffe csi driver (@marcofranssen)
  • 35041f60380df3466d32b0937b1ccf44222b7c1a: Bump spire chart in example to 0.6.3 (@marcofranssen)
  • 0c2b245a8d334bb87716ed0d88ba8f90d26e9bda: Bump spire chart to latest version in example README.md (@marcofranssen)
  • 77f90f76c80098c0025babbcf44ca998896901b0: Bump version of cosign and docker for spiffe-vault-cosign example (@marcofranssen)
  • f6976a96bf6aff403cc550920191c52047105e47: Conditionally install traefik if not exists (@marcofranssen)
  • 22690f8ea88dd639798293598ed894c39f04d9e4: Optimize spiffe-vault container and spiffe-vault-cosign example container (@marcofranssen)
  • 26e9145cd5c4e4629e56bc75ce54bf5108d7ade3: Remove manual step in example (@marcofranssen)
  • da1e295bf4de053e612d82f621ed17f9fe19e748: Resolve deprecation warnings in workflow (@marcofranssen)
  • 9ea7f3a5f78ad972f43995eb058eec3cf9cbf4a1: Update spiffe-vault-cosign example instructions (@marcofranssen)

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.4.0...v0.4.1

v0.4.0

1 year ago

Changelog

Other changes

  • 7b997ecea81ffb78aae2332c622696d446303f05: Bump actions/cache from 3.0.4 to 3.0.5 (@dependabot[bot])
  • 5ba8cf4a854b5707f854b020ee33b2a87ad29e8b: Bump actions/setup-go from 3.2.0 to 3.2.1 (@dependabot[bot])
  • 76c7f50d5ad3f205d9132bf5c13573e090dd1aed: Bump chart appVersion (@marcofranssen)
  • 14d6d56f770fa769351fe2ff60ebbd893b82ccff: Bump github.com/spiffe/go-spiffe/v2 from 2.1.0 to 2.1.1 (@dependabot[bot])
  • 8a13c889bb702b381a8c4138b7e1f1a911f0dc0f: Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (@dependabot[bot])
  • ce2b95fd2eabf2c86ec949983d89820886ba52c2: Bump philips-labs/slsa-provenance-action from 0.7.2 to 0.8.0 (@dependabot[bot])
  • 1f6009e8ba22db1fc3e12a62e3df56fd471a4206: Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (@dependabot[bot])
  • c36c81daa9321bae60d24b4bf77831c5be286254: fix: correct cosign version (@developer-guy)
  • 4b76d035dc2e77725a62b50374a4ca6a8dc3e2b9: some fixes to implement spiffe-vault use-case (@developer-guy)

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.3.0...v0.4.0

v0.3.0

1 year ago

Changelog

Other changes

  • 2bc4aaa57a964666c9fa76f88d76bcb44da0f0ab: Bump actions/cache from 2.1.7 to 3.0.1 (@dependabot[bot])
  • fc398507b8f4d4d9f33eb1faa5fcdc40e5929387: Bump actions/cache from 3.0.1 to 3.0.2 (@dependabot[bot])
  • 3cfbf2408a7ffb37a72ebe6c57c9ecc8bf60e24a: Bump actions/cache from 3.0.2 to 3.0.3 (@dependabot[bot])
  • 13f8c396f404723c7d6001939dfaa99a59f4cf43: Bump actions/cache from 3.0.3 to 3.0.4 (@dependabot[bot])
  • 0bca703c7db5aafc8b0e49438c7cb328a0b236bb: Bump actions/checkout from 2.4.0 to 3 (@dependabot[bot])
  • c648e73c5a77d19be3f10c9654d87309ea444925: Bump actions/setup-go from 2.2.0 to 3.0.0 (@dependabot[bot])
  • 8c623719668a8103bc12aad26b9a7587ca535aca: Bump actions/setup-go from 3.0.0 to 3.2.0 (@dependabot[bot])
  • 0197c501c329b8e169139c1f76bc5d8a9bdb5b88: Bump codecov/codecov-action from 2.1.0 to 3.0.0 (@dependabot[bot])
  • b5d30da305e2a9f59dcc45406551b61d35c2a6c6: Bump codecov/codecov-action from 3.0.0 to 3.1.0 (@dependabot[bot])
  • 0b1fae7ce565e429f9a25a0ea375a3a87f313c4d: Bump cosign from v1.5.1 to v1.7.2 (@marcofranssen)
  • 473c9ccb93a7185ce2f259bc7f44949d6954f01e: Bump cosign to v1.8.0 (@marcofranssen)
  • cd6fed0992dce3a6427fc2e5025f3ab37dc72a50: Bump cosign to v1.9.0 (@marcofranssen)
  • 6acb0facba5ab3eb8a6ab0d1cc4c4e0b5d5f00ba: Bump github.com/hashicorp/vault/api from 1.3.1 to 1.4.1 (@dependabot[bot])
  • db09808e3b787b3f028206213b7f35e85b46e8ab: Bump github.com/hashicorp/vault/api from 1.4.1 to 1.5.0 (@dependabot[bot])
  • f8e2014adab27abd0ebe4522dcfa41ebfcb3f09a: Bump github.com/hashicorp/vault/api from 1.5.0 to 1.6.0 (@dependabot[bot])
  • a7da694adfe435a820926958ea0e00baeba86c3d: Bump github.com/hashicorp/vault/api from 1.6.0 to 1.7.2 (@dependabot[bot])
  • a640ded1945e85408197091dadb40fe91423777a: Bump github.com/spiffe/go-spiffe/v2 from 2.0.0 to 2.1.0 (@dependabot[bot])
  • ccd7110d9d3e666fa011cdfc26e11c8ddca28ba7: Bump github.com/spiffe/go-spiffe/v2 from 2.0.0-beta.11 to 2.0.0-beta.12 (@dependabot[bot])
  • de961efe075c6ef46550afaf777895e2010a06c7: Bump github.com/spiffe/go-spiffe/v2 from 2.0.0-beta.12 to 2.0.0 (@dependabot[bot])
  • 32b8f2320ff0641c5a3ce7600d948b210721c8db: Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (@dependabot[bot])
  • c7356bab233480442697ff121c3471885509ed7e: Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (@dependabot[bot])
  • eff6885615f0bee6fa7b14153ba50055b4aa9ce1: Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (@dependabot[bot])
  • ebfb6c8e7b2f2404ea151323ceb4619163cf88ed: Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (@dependabot[bot])
  • 5a0b514d10e9ddb4d6efecd56a5ecc4919b29aa3: Bump goreleaser/goreleaser-action from 2 to 3 (@dependabot[bot])
  • 2cac5dc3229a36ebd6d0d22b45c1d465d3ce0220: Bump hashicorp/setup-terraform from 1.3.2 to 1.4.0 (@dependabot[bot])
  • 7ea40e9ca0e7ca7ed39ff787d3caf82b9107f2f8: Bump hashicorp/setup-terraform from 1.4.0 to 2.0.0 (@dependabot[bot])
  • 0403ed54ab5890ba1f614f6bb2dcba26cb3f7bea: Bump philips-labs/slsa-provenance-action from 0.7.0 to 0.7.2 (@dependabot[bot])
  • 28180f4760aacd7e41e1d4117020e2eb65ea7ec2: Bump sigstore/cosign-installer from 2.0.0 to 2.0.1 (@dependabot[bot])
  • 0e781407dc5763dd97f715f40193bd0b5d31f044: Bump sigstore/cosign-installer from 2.0.1 to 2.1.0 (@dependabot[bot])
  • a4a8557a34c87a0ec52a21883c3d31f69301b07d: Bump sigstore/cosign-installer from 2.1.0 to 2.2.0 (@dependabot[bot])
  • cad9cb81db53e5e01759c030ab067e4006347276: Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 (@dependabot[bot])
  • 72a885bcb0cbed160690902a0d5456c08688c22a: Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 (@dependabot[bot])
  • 812594ddc46d44f2c9e363b81f92218417c17cbf: Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 (@dependabot[bot])
  • f1fb68c285ccf57a2d5e7832fcb9ccb8c222ebad: Bump to Go 1.18 (@marcofranssen)
  • b687dba7972b2cb2f3e9f4f37e0da291def4d1e6: Move logging to stderr (@marcofranssen)
  • a12d431415615f74d0471853389b68ddfe1394d1: chore(cosign): upgrade cosign to latest version 1.9.0 (@developer-guy)

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.2.3...v0.3.0

v0.2.3

2 years ago

Changelog

  • 623068bcda587783a945fa54ee47663600026678: Add code signing to release assets (@marcofranssen)
  • 052ec4db5678a2fcd0e8e5073e460411012069af: Add container provenance (@marcofranssen)
  • 24b0d01f8ce2af9d5b9d73fbca275a8d2c95b485: Add signing of provenance for github release (@marcofranssen)
  • 9f8b373510614a163da421afe696653d3503fd48: Few slight improvements on release (@marcofranssen)
  • 993fba4f267165e6a1ba50ca0e72ab3b6b816a29: Fix cli version in Docker image (@marcofranssen)
  • 1ae8ad7963a1f1b1ed97545e20ac28617910703f: Fix signature upload (@marcofranssen)
  • 50435c929027e5853dd7213ef12e84b7b3f05bfb: Improve versioning Docker and labels (@marcofranssen)
  • e2d12defb917e33801ff247dd6f9cd7abec384f6: Reuse some variables in Makefile (@marcofranssen)
  • 9acf4eb1ed67303afca6518de4d14caead77b168: Utilize new setup-go action 'check-latest' (@marcofranssen)
  • 83b3a20a096aec230afe93fd917a62210ea85e78: explicitly define permissions for workflow (@marcofranssen)

Version bumps

  • 1ef4c363cc86449cd4ae103ae2c47d0deb300b64: Bump Go from 1.16 to 1.17 (@marcofranssen)
  • ce4e189917b3cf4435d72ea7820abf3ac4ec7d14: Bump actions/cache from 2.1.6 to 2.1.7 (@dependabot[bot])
  • a96d112e53aec6801f00f82f3a7ca0e12726b9cf: Bump actions/checkout from 2.3.5 to 2.4.0 (@dependabot[bot])
  • 8db21403d7285600be972bf453ab766fec55f982: Bump actions/setup-go from 2.1.4 to 2.1.5 (@dependabot[bot])
  • 565b62dad829940300bd8a8c349ea3e76c43d89c: Bump actions/setup-go from 2.1.5 to 2.2.0 (@dependabot[bot])
  • d691c811a28a31f71e7644e3ff78baec6d862ded: Bump cloud.google.com/go indirect dependencies (@marcofranssen)
  • 7f746035f4fd7c43a69a5c1769e096856af9b5ba: Bump github.com/google indirect dependencies (@marcofranssen)
  • 071165696d3b9c84ec7d04b812e51b33c349d1e0: Bump github.com/hashicorp indirect dependencies (@marcofranssen)
  • 465654d738696af5585175d185dcf8e4399c2432: Bump github.com/hashicorp/vault/api from 1.1.1 to 1.3.0 (@dependabot[bot])
  • 40cbaa8b0ebbcb8cbb94c1d69193dfbbff049675: Bump github.com/hashicorp/vault/api from 1.3.0 to 1.3.1 (@dependabot[bot])
  • 77021f15a8fdd5bde32f93cb42da88c31098261b: Bump github.com/spiffe/go-spiffe/v2 from 2.0.0-beta.10 to 2.0.0-beta.11 (@dependabot[bot])
  • 4382600909068b657b818fa851455ddff0bf93d0: Bump go.opentelemetry.io indirect dependencies (@marcofranssen)
  • 9fa4c5cc5f647f5c4562b2ef4e8139ea3f59a0fd: Bump go.uber.org indirect dependencies (@marcofranssen)
  • caf4def131b08d06dd4a315886c76a36cd691ab7: Bump golang.org/x indirect dependencies (@marcofranssen)
  • a3350212c08319d2f0c70df9b6fa31dac66656a5: Bump philips-labs/slsa-provenance-action from 0.2.0 to 0.2.2 (@dependabot[bot])
  • a5c915111b6c9b8284c94a728fbecd815dcf21ee: Bump philips-labs/slsa-provenance-action from 0.2.2 to 0.4.0 (@dependabot[bot])
  • 0a9e5743e6a38b4838ba1fe24487d5fa7bd9ea67: Bump slsa-provenance-action to v0.7.0 (@marcofranssen)
  • 010580f1b504ffde7464a0b493a1ee7c15b24b31: Bump some more hashicorp/vault indirect dependencies (@marcofranssen)

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.2.2...v0.2.3

v0.2.2

2 years ago

Changelog

7d5d692 Release docker images also to ghcr.io

Docker images

  • docker pull philipssoftware/spiffe-vault:v0.2.2
  • docker pull philipssoftware/spiffe-vault:7d5d692528085aaf7a5bf836641e0ffc5d601ca7
  • docker pull ghcr.io/philips-labs/spiffe-vault:v0.2.2
  • docker pull ghcr.io/philips-labs/spiffe-vault:7d5d692528085aaf7a5bf836641e0ffc5d601ca7