v0.3.0

Changelog

fc936c4 ⬆️ Bump actions/checkout from 2.3.5 to 2.4.0
c360d68 📝 Update Readme
2377f4c Add extra_materials to action.yaml
7267549 Add extra_materials to example workflow
bc88d4e Add some checks for extra materials
58dea99 Add test case for exceptions
920b639 Allow injection of extra materials via files
bfc0af0 Bump golang.org/x/crypto and golang.org/x/net transient dependencies
7114783 Don't require GITHUB_TOKEN for non-downloads
528e699 Fix CI for extra_materials
53b24cf Prevent duplicate workflow runs when pushing PR
153a9dc Release version 0.3.0
6cb63d0 Remove emojis and add commit sign-off
f2e8333 Rename TestVersionJson to TestVersionJSON to match Go conventions
f88630d Rename test data example provenance
87cc281 Resolve nil pointers during flaky test run
33d83e6 Update README on extra_materials
12f82ed Update and sync extra_materials description

Docker images

• docker pull philipssoftware/slsa-provenance:v0.3.0
• docker pull philipssoftware/slsa-provenance:153a9dc67e405f5cad77270b7f3f505d168c6eee
• docker pull ghcr.io/philips-labs/slsa-provenance:v0.3.0
• docker pull ghcr.io/philips-labs/slsa-provenance:153a9dc67e405f5cad77270b7f3f505d168c6eee

Contributors

Special thanks to @pieterlexis for implementing the extra_materials command flag and hotfixing provenance for GitHub Releases! You rock🤘

v0.2.3-alpha

Changelog

6159122 Add IMAGE_DIGEST output to release job
d621d59 Fetch image data by digest
b0d0e2e Rename provenanct to provenance.json

Docker images

• docker pull philipssoftware/slsa-provenance:v0.2.3-alpha
• docker pull philipssoftware/slsa-provenance:b0d0e2e65f16d13c7bba83676d5022e948f958f7
• docker pull ghcr.io/philips-labs/slsa-provenance:v0.2.3-alpha
• docker pull ghcr.io/philips-labs/slsa-provenance:b0d0e2e65f16d13c7bba83676d5022e948f958f7

v0.2.2

Changelog

b03b231 Add opcontainers vendor label for docker image
a620c5b Bump actions/checkout from v2.3.5 to v2.4.0
ca925a6 Bump golang.org/x/oauth2 from v0.0.0-20180821212333-d2e6202438be to v0.0.0-20211104180415-d3ed0bb246c8
27bfa79 Bump google.golang.org/protobuf from v1.26.0 to v1.27.1
4ce660b Bump slsa-provenance to v0.2.2
3e5bd5d Fix semantic image tags to be prefixed with 'v'
fc9329e Prevent CI clash on concurrent builds
57fd9be Simplify release docker image by reusing the goreleaser variables available
7261b0d Tidy modules
aaa84a3 Use .Version for tagging docker images
ae98a08 Use correct opencontainers annotation for created

Docker images

• docker pull philipssoftware/slsa-provenance:v0.2.2
• docker pull philipssoftware/slsa-provenance:4ce660b288bf0ec565c98d6f4e0a581b211cce69
• docker pull ghcr.io/philips-labs/slsa-provenance:v0.2.2
• docker pull ghcr.io/philips-labs/slsa-provenance:4ce660b288bf0ec565c98d6f4e0a581b211cce69

v0.2.1

Changelog

8235b63 Add GitHub Releases usage example
7a04e74 Add additional labels to Docker images
164cbe8 Bump actions/checkout from 2.3.4 to 2.3.5
9fc63a7 Bump actions/setup-go from 2.1.3 to 2.1.4
1a458a5 Remove unnecessary if statement from workflow
f471992 Rename LICENCE.md to LICENSE

Docker images

• docker pull philipssoftware/slsa-provenance:v0.2.1
• docker pull philipssoftware/slsa-provenance:f471992de16e6c31403e040d6fda5dc2f3431861
• docker pull ghcr.io/philips-labs/slsa-provenance:v0.2.1
• docker pull ghcr.io/philips-labs/slsa-provenance:f471992de16e6c31403e040d6fda5dc2f3431861

v0.2.0

Changelog

466dc10 💚 Update tocLevel for automated docs.
3d0ef7f 📝 Update Readme
8322049 📝 Update Readme
45eed60 Add context timeout when calling external sources from GitHub
ee31692 Add error tests for generate gh provenance
bc0ccde Add function to download release assets
60ec77b Add pagination for list of releases and release assets
65828b9 Add subjects test
2d685a7 Add test for generate command using tag_name flag
975c865 Add testcase for generating provenance statements
850f90e Allow reduce of coverage of 8%
4f3703d Bump action version 2 to rc 3
0e088b6 Bump version of provenance job
1caff6a Create new release candidate for GH releases
f594e15 Decouple intoto package from github package
508b48f Enable configuring GITHUB_TOKEN for integrationtest in vscode
03ce146 Fix canceled context issue by saving downloads immediately
38b77a0 Fix markdown linting errors and add vscode extension suggestion
29d308f Generate provenance for release
8cd9c0d Implement logic and test to get a github release
0502d05 Implement tagName flag on cli
bb1cec5 Implement upload to GH releases
96ebd0a Increment version from v0.2.0-rc3 to v0.2.0
219da1b Make patch coverage informational
ea93259 Move subjects logic into intoto package
55788bd Only run on opening/reopening PR
12b74cf Prevent API Rate limits by doing authenticated requests in tests
8419f49 Publish Images on GitHub Container registry
db61ea0 Refactor GenerateProvenanceStatement to github package
78f8114 Refactor creation of Provenance Clients into new function for tests
80a707d Refactor generate provenance statement to slsa package
e3fd8a4 Refactor github release provenance
75852a0 Refactor persisting provenance to environment
b1287d9 Remove integration test workflow
0a48da9 Rename ProvenanceClient to ReleaseClient
64e26dd Rename build step docker login and logout
e2e0274 Skip test if no GITHUB_TOKEN is set
bd92158 Update Readme with info about container registries
15a14cc Update action-docs.yaml

Docker images

• docker pull philipssoftware/slsa-provenance:v0.2.0
• docker pull philipssoftware/slsa-provenance:96ebd0a2d2be7c191399e9dc52575fc315ac0126
• docker pull ghcr.io/philips-labs/slsa-provenance:v0.2.0
• docker pull ghcr.io/philips-labs/slsa-provenance:96ebd0a2d2be7c191399e9dc52575fc315ac0126

v0.2.0-rc3

Changelog

5a683ee Bump action version 2 to rc 3
f8d4084 Bump version of provenance job
f07c4f5 Publish Images on GitHub Container Registry
320ca56 Remove integration test workflow

Docker images

• docker pull philipssoftware/slsa-provenance:v0.2.0-rc3
• docker pull philipssoftware/slsa-provenance:f8d40849521945d99ace0ad97b1ed3f932d899b0
• docker pull ghcr.io/philips-labs/slsa-provenance:v0.2.0-rc3
• docker pull ghcr.io/philips-labs/slsa-provenance:f8d40849521945d99ace0ad97b1ed3f932d899b0

v0.2.0-rc2

Changelog

d8c4418 Add context timeout when calling external sources from GitHub
624a74e Add error tests for generate gh provenance
a954a23 Add test for generate command using tag_name flag
ff6508c Allow reduce of coverage of 8%
38e35cb Create new release candidate for GH releases
e36abf1 Decouple intoto package from github package
bfb91d3 Fix canceled context issue by saving downloads immediately
77d30ee Implement upload to GH releases
8778de7 Make patch coverage informational
cfc33c2 Refactor GenerateProvenanceStatement to github package
5188ab7 Refactor github release provenance
563ba76 Refactor persisting provenance to environment
bfbd158 Rename ProvenanceClient to ReleaseClient

Docker images

• docker pull philipssoftware/slsa-provenance:v0.2.0-rc2
• docker pull philipssoftware/slsa-provenance:38e35cb51eab5a064af12ad182bc97559cb00356

v0.2.0-rc1

Changelog

c837c55 Add function to download release assets
c4a45c8 Add pagination for list of releases and release assets
1af3b37 Add subjects test
7ab4fb5 Add testcase for generating provenance statements
904b157 Enable configuring GITHUB_TOKEN for integrationtest in vscode
b30df8f Generate provenance for release
1acc345 Implement logic and test to get a github release
61ae958 Implement tagName flag on cli
f9bcc92 Move subjects logic into intoto package
8ccb1d5 Prevent API Rate limits by doing authenticated requests in tests
1c207f9 Refactor creation of Provenance Clients into new function for tests
b4245a7 Refactor generate provenance statement to slsa package
9fb6b32 Skip test if no GITHUB_TOKEN is set

Docker images

• docker pull philipssoftware/slsa-provenance:v0.2.0-rc1
• docker pull philipssoftware/slsa-provenance:b30df8f4917212d967e5799d42864d4579a25705

v0.1.1

Changelog

7aa79e1 🎨 Change auto commit message
6d872f0 🎨 Ignore DS_Store
3098047 🎨 Remove specific branch to trigger documentation
0da6722 🎨 Rename workflow files to use proper extension
cc64e8b 🎨 Update .github/workflows/action-docs.yaml
23e5904 🐛 Remove space in filename...
7552a50 💚 Add correct prefix for dependabot commits
2c4e21f 💚 commit-message in dependabot
57ee3be 📝 Add Automatic sync of Action documentation
4c3eb19 📝 Update Readme
fd59954 ✅ Fix repoURI in intoto test
d52cec8 Fix expression for the falsy outcome
f69e5b1 Prevent token from leaking and move some struct into github package
b8e726e Refactor Builder as StatementOption
9c77f15 Refactor Metadata as StatementOption
0f9e071 Refactor Recipe and Materials to StatementOption
a484c54 Refactor SLSA Provenance Statement
08461dd Rename provenance package to intoto
b558113 Simplify release workflow for snapshots

Docker images

• docker pull philipssoftware/slsa-provenance:v0.1.1
• docker pull philipssoftware/slsa-provenance:d52cec84deae31ad5ec4f3601ba4b10460fb82d7

v0.1.0

Changelog

b25a3e0 📝 CONTRIBUTING.md; Add syntax for icons
d79e995 📝 Small typo fix
27ee90e Add .editorconfig to prevent different formatting styles
8c2b2d3 Add CODEOWNERS
3cdef4c Add CODEOWNERS
8c78a6b Add CONTRIBUTING.md
62629e6 Add Makefile
03df0c9 Add Multiple Artifacts to a workflow
933743a Add Unit Test to check for matching error message in Generate function
fd45fe3 Add buildInvocation and diff
8664fa7 Add dependabot config for Go and GH Actions
eb90e46 Add image task to Makefile to build docker image
71df7f7 Add integration test for file provenance type
a64debd Add lint task to Makefile
e8b9e66 Add make task to test and get codecoverage
ed00d02 Add more flexible arguments that allow for both happy and bad flow test cases
2c32820 Add project team
dac8718 Add recommendations of vscode extensions
d4cef8b Add release workflow and Make tasks
dc0e878 Add steps to ci to execute unit tests and codecoverage
69a7b28 Add task to download go modules to Makefile
c010e6d Add tests for version cli
b79a22d Add unit tests for additional arguments
1de67f4 Add version command to slsa-provenance cli
d79a3cf Add workflow for CI
2afd89a Add workflow input argument in the local GH Action Workflow
5452628 Compare error strings in test
d2fd8ec Diff-filter instead of diff-checker
eb9a288 First commit with example code
37b6f00 Fix arguments and add artifact name to download
1012791 Fix editorconfig for Go
f7a7cd5 Fix issue where passing arguments to generate command in unit test was not functioning
152e54e Fix linting result output in ci workflow
a42a3f7 Fix required flag error tests
88dad4c Fix some of the unittest
826de43 Fix unit tests + allow defining output writer
cca7a22 Get rid of deprecated ioutil invocations
bc1d86b Initial commit
80e7277 Lock example-local workflow on ubuntu-20.04
2dadf47 Lowercase the action name in the publish workflow
6a66407 Remove - from commandline flags as only one is necessary
1b7e1d5 Remove duplicate CODEOWNERS
83918a5 Resolve linting errors
13cddba Restructure go package and add build make task
b9a038f Restructure slsa-provenance cli
5018f39 Specifying versions
d47b4e3 Try other diff option
e842282 Update License to reference to Philips Labs
88b43e9 Update README with new documentation and information (#37)
7b2f4d3 Update README.md
fdbe06e Update repo to use philips-labs action
2262070 Update test resource with new repo name
3779cad Update with arguments and add check to the function
39289c0 Updated test provenance file and check
6081c48 Upload multiple artifacts
508b877 Use stretchr/testify package for unit tests
6436bc7 update workflow on PR and remove branches
6d10494 updated the example provenance file location

Docker images

• docker pull philipssoftware/slsa-provenance:v0.1.0
• docker pull philipssoftware/slsa-provenance:cdf8b8f071df8f9c16aede8802a4f9a47e17d0d8