Skip to content

Latest commit

 

History

History
64 lines (43 loc) · 2.31 KB

CHANGELOG.md

File metadata and controls

64 lines (43 loc) · 2.31 KB
Raw

Changelog

All notable changes to gh-action-sigstore-python will be documented in this file.

The format is based on Keep a Changelog.

All versions prior to 3.0.0 are untracked.

Unreleased

3.0.0

Added

  • inputs now allows recursive globbing with ** (#106)

Removed

  • The following settings have been removed: fulcio-url, rekor-url, ctfe, rekor-root-pubkey (#140)
  • The following output settings have been removed: signature, certificate, bundle (#146)

Changed

  • inputs is now parsed according to POSIX shell lexing rules, improving the action's consistency when used with filenames containing whitespace or other significant characters (#104)

  • inputs is now optional if release-signing-artifacts is true and the action's event is a release event. In this case, the action takes no explicit inputs, but signs the source archives already attached to the associated release (#110)

  • The default suffix has changed from .sigstore to .sigstore.json, per Sigstore's client specification (#140)

  • release-signing-artifacts now defaults to true (#142)

Fixed

  • The release-signing-artifacts setting no longer causes a hard error when used under the incorrect event (#103)

  • Various deprecations present in sigstore-python's 2.x series have been resolved (#140)

  • This workflow now supports CI runners that use PEP 668 to constrain global package prefixes (#145)