·
234 commits
to main
since this release
v0.7.0
marcofranssen
Marco Franssen
This tag was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
91684f3
This commit was signed with the committer’s verified signature.
The key has expired.
marcofranssen
Marco Franssen
This release drops the use of Docker to run this action. Instead we are now using the binaries natively. This allows to reuse you docker login session. Either via the docker/login-action or a docker login within your workflow. It is recommended to use the sigstore/cosign- installer so the release signature will also be verified upon installation of the binary.
Changelog
- d50e6fc ⬆️ Bump actions/setup-go from 2.1.5 to 2.2.0
- 9be60c7 ⬆️ Bump sigstore/cosign-installer from 1.4.1 to 2.0.0
- 6ae8f65 Bump cosign from v1.4.1 to v1.5.1
- 1917ee5 Bump v0.6.0 to v0.7.0-rc for release
- 91684f3 Bump v0.7.0-rc to v0.7.0 for release
- 419b873 Fix draft release installer
- 5df3fa8 Fix draft releases
- 58b193c Fix gh-release make task on MacOS
- 3c3ee60 Fix link to slsa-framework/github-actions-demo
- f9e3db5 Fix list releases test
- 03e87f5 Improve logging of slsa-provenance install
- ef55f6d Install slsa-provenance instead of using docker image
- cdc0cb7 Log cosign unavailable as warning
- 0d93f72 Make k8s keychain vs default keychain configurable
- 4d3ee36 Reduce duplication in downloading assets
- dfdaf36 Support Windows and ARM64 in installer
- 67318bf Utilize new setup-go action 'check-latest'
Full Changelog: v0.6.0...v0.7.0