Releases: slsa-framework/slsa-github-generator
Releases · slsa-framework/slsa-github-generator
v1.6.0-rc.1
This is an un-finalized pre-release.
See the CHANGELOG for details.
v1.6.0-rc.0
See the CHANGELOG for details.
v1.5.0
v1.5.0-rc.0
See the CHANGELOG for details.
v1.4.0
What's Changed
🥳 This release is the first Generally Available version of the Container Generator workflow. The Container Generator workflow is now considered stable and can be included in your production GitHub Actions workflows 🥳
🎉 This is also the first release (technically the second) with support for the generally available version of sigstore!! 🎉
We hope to have fewer issues with sigstore infrastructure moving forward.
Generic Generator
Bug fixes
- Allow users of the Generic Generator to generate provenance for artifacts created in a project subdirectory (#1225)
Go Builder
Bug fixes
- Allow environment variables to contain '=' characters in the Go builder (#1231)
New Contributors
- @cfergeau made their first contribution in #1232
- @DanAlbert made their first contribution in #1239
- @gal-legit made their first contribution in #1252
Full Changelog
- Update references to main after v1.2.2 release by @ianlewis in #1228
- [generic] fix attestation file creation when subject names are in subdirectories by @asraa in #1226
- Update docs to use v1.2.2 by @ianlewis in #1229
- Update RELEASE docs by @ianlewis in #1227
- chore(deps): update npm dev to v5.43.0 by @renovate-bot in #1230
- builder: go: Allow equal signs in env vars by @cfergeau in #1232
- Ko example by @ianlewis in #951
- docs(generic-generator): clarify that created provenance is encapsulated by @diogoteles08 in #1235
- Fix semver regex in actions pre-submit by @ianlewis in #1233
- Fix typo in doc. by @DanAlbert in #1239
- Fix reference Gradle workflow. by @DanAlbert in #1240
- Start code freeze for v1.3.0 by @ianlewis in #1248
- Undo the v1.3.0 freeze by @ianlewis in #1260
- Badges and README updates by @ianlewis in #1263
- Fix docs for goreleaser with the generic generator to include docker di… by @gal-legit in #1252
- Fix grep by @ianlewis in #1249
- Exclude go from renovate PR grouping by @ianlewis in #1268
- chore(deps): update npm dev by @renovate-bot in #1243
- Fix permissions in doc by @ianlewis in #1247
- chore(deps): update github-actions by @renovate-bot in #1242
- Update GHA token permissions for generic container workflow by @ianlewis in #1258
- fix(deps): update go by @renovate-bot in #1205
- Update references check to support pre-release by @ianlewis in #1270
- Restore compile-builder pre-submit by @ianlewis in #1272
- Code freeze v1.4.0 rc.0 by @ianlewis in #1271
- undo freeze by @ianlewis in #1284
- Revert package perms by @ianlewis in #1283
- Code freeze for v1.4.0-rc.1 by @ianlewis in #1285
- Undo freeze for v1.4.0-rc.1 by @ianlewis in #1288
- Update generate-builder tag check to support pre-releases by @ianlewis in #1287
- refactor: Update refs to v1.4.0-rc.2 by @ianlewis in #1290
Contributors
ianlewis, DanAlbert, and 5 other contributors
Assets 8
v1.4.0-rc.2
What's Changed
This release is the first Generally Available version of the generic container workflow. The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows 🥳
This is also the first release with support for the generally available version of sigstore! 🎉
This release also includes a couple of bug fixes:
- Allow users of the generic generator workflow to generate provenance using for artifacts created in a project subdirectory (#1225)
- Allow environment variables to contain '=' characters in the Go workflow (#1231)
New Contributors
- @cfergeau made their first contribution in #1232
- @DanAlbert made their first contribution in #1239
- @gal-legit made their first contribution in #1252
Full Changelog
- Update references to main after v1.2.2 release by @ianlewis in #1228
- [generic] fix attestation file creation when subject names are in subdirectories by @asraa in #1226
- Update docs to use v1.2.2 by @ianlewis in #1229
- Update RELEASE docs by @ianlewis in #1227
- chore(deps): update npm dev to v5.43.0 by @renovate-bot in #1230
- builder: go: Allow equal signs in env vars by @cfergeau in #1232
- Ko example by @ianlewis in #951
- docs(generic-generator): clarify that created provenance is encapsulated by @diogoteles08 in #1235
- Fix semver regex in actions pre-submit by @ianlewis in #1233
- Fix typo in doc. by @DanAlbert in #1239
- Fix reference Gradle workflow. by @DanAlbert in #1240
- Start code freeze for v1.3.0 by @ianlewis in #1248
- Undo the v1.3.0 freeze by @ianlewis in #1260
- Badges and README updates by @ianlewis in #1263
- Fix docs for goreleaser with the generic generator to include docker di… by @gal-legit in #1252
- Fix grep by @ianlewis in #1249
- Exclude go from renovate PR grouping by @ianlewis in #1268
- chore(deps): update npm dev by @renovate-bot in #1243
- Fix permissions in doc by @ianlewis in #1247
- chore(deps): update github-actions by @renovate-bot in #1242
- Update GHA token permissions for generic container workflow by @ianlewis in #1258
- fix(deps): update go by @renovate-bot in #1205
- Update references check to support pre-release by @ianlewis in #1270
- Restore compile-builder pre-submit by @ianlewis in #1272
- Code freeze v1.4.0 rc.0 by @ianlewis in #1271
- undo freeze by @ianlewis in #1284
- Revert package perms by @ianlewis in #1283
- Code freeze for v1.4.0-rc.1 by @ianlewis in #1285
- Undo freeze for v1.4.0-rc.1 by @ianlewis in #1288
- Update generate-builder tag check to support pre-releases by @ianlewis in #1287
Contributors
ianlewis, DanAlbert, and 5 other contributors
Assets 8
v1.4.0-rc.1
What's Changed
This release is the first Generally Available version of the generic container workflow. The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows 🥳
This is also the first release with support for the generally available version of sigstore! 🎉
This release also includes a couple of bug fixes:
- Allow users of the generic generator workflow to generate provenance using for artifacts created in a project subdirectory (#1225)
- Allow environment variables to contain '=' characters in the Go workflow (#1231)
New Contributors
- @cfergeau made their first contribution in #1232
- @DanAlbert made their first contribution in #1239
- @gal-legit made their first contribution in #1252
Full Changelog
- Update references to main after v1.2.2 release by @ianlewis in #1228
- [generic] fix attestation file creation when subject names are in subdirectories by @asraa in #1226
- Update docs to use v1.2.2 by @ianlewis in #1229
- Update RELEASE docs by @ianlewis in #1227
- chore(deps): update npm dev to v5.43.0 by @renovate-bot in #1230
- builder: go: Allow equal signs in env vars by @cfergeau in #1232
- Ko example by @ianlewis in #951
- docs(generic-generator): clarify that created provenance is encapsulated by @diogoteles08 in #1235
- Fix semver regex in actions pre-submit by @ianlewis in #1233
- Fix typo in doc. by @DanAlbert in #1239
- Fix reference Gradle workflow. by @DanAlbert in #1240
- Start code freeze for v1.3.0 by @ianlewis in #1248
- Undo the v1.3.0 freeze by @ianlewis in #1260
- Badges and README updates by @ianlewis in #1263
- Fix docs for goreleaser with the generic generator to include docker di… by @gal-legit in #1252
- Fix grep by @ianlewis in #1249
- Exclude go from renovate PR grouping by @ianlewis in #1268
- chore(deps): update npm dev by @renovate-bot in #1243
- Fix permissions in doc by @ianlewis in #1247
- chore(deps): update github-actions by @renovate-bot in #1242
- Update GHA token permissions for generic container workflow by @ianlewis in #1258
- fix(deps): update go by @renovate-bot in #1205
- Update references check to support pre-release by @ianlewis in #1270
- Restore compile-builder pre-submit by @ianlewis in #1272
- Code freeze v1.4.0 rc.0 by @ianlewis in #1271
- undo freeze by @ianlewis in #1284
- Revert package perms by @ianlewis in #1283
Contributors
ianlewis, DanAlbert, and 5 other contributors
Assets 8
v1.4.0-rc.0
What's Changed
This release is the first Generally Available version of the generic container workflow. The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows 🥳
This is also the first release with support for the generally available version of sigstore! 🎉
This release also includes a couple of bug fixes:
- Allow users of the generic generator workflow to generate provenance using for artifacts created in a project subdirectory (#1225)
- Allow environment variables to contain '=' characters in the Go workflow (#1231)
New Contributors
- @cfergeau made their first contribution in #1232
- @DanAlbert made their first contribution in #1239
- @gal-legit made their first contribution in #1252
Full Changelog
- Update references to main after v1.2.2 release by @ianlewis in #1228
- [generic] fix attestation file creation when subject names are in subdirectories by @asraa in #1226
- Update docs to use v1.2.2 by @ianlewis in #1229
- Update RELEASE docs by @ianlewis in #1227
- chore(deps): update npm dev to v5.43.0 by @renovate-bot in #1230
- builder: go: Allow equal signs in env vars by @cfergeau in #1232
- Ko example by @ianlewis in #951
- docs(generic-generator): clarify that created provenance is encapsulated by @diogoteles08 in #1235
- Fix semver regex in actions pre-submit by @ianlewis in #1233
- Fix typo in doc. by @DanAlbert in #1239
- Fix reference Gradle workflow. by @DanAlbert in #1240
- Start code freeze for v1.3.0 by @ianlewis in #1248
- Undo the v1.3.0 freeze by @ianlewis in #1260
- Badges and README updates by @ianlewis in #1263
- Fix docs for goreleaser with the generic generator to include docker di… by @gal-legit in #1252
- Fix grep by @ianlewis in #1249
- Exclude go from renovate PR grouping by @ianlewis in #1268
- chore(deps): update npm dev by @renovate-bot in #1243
- Fix permissions in doc by @ianlewis in #1247
- chore(deps): update github-actions by @renovate-bot in #1242
- Update GHA token permissions for generic container workflow by @ianlewis in #1258
- fix(deps): update go by @renovate-bot in #1205
Contributors
ianlewis, DanAlbert, and 5 other contributors
Assets 2
v1.3.0
v1.2.2
What's Changed
This release fixes issues with signing provenance due to a change in Sigstore TUF root certificates (#1163). This release also includes better handling of transient errors from the Rekor transparency logs.
New Contributors
- @suzuki-shunsuke made their first contribution in #1061
- @datosh made their first contribution in #1074
- @pnacht made their first contribution in #1187
- @dongheelee92 made their first contribution in #1209
Full Changelog
- fix: use GITHUB_OUTPUT instead of deprecated set-output command by @suzuki-shunsuke in #1061
- Fix reference to generic generator by @ianlewis in #1063
- Add presumbit checks for internal actions by @ianlewis in #1067
- chore(deps): update gcr.io/distroless/static docker digest to cb0f703 by @renovate-bot in #1062
- Add ref to checkout-node action by @ianlewis in #1071
- Document renovate exception for tags over digest. by @datosh in #1074
- ci: exclude codeql on yaml by @asraa in #1008
- Update CodeQL workflow by @ianlewis in #1081
- Remove ref for internal action calls by @laurentsimon in #1075
- Update link to container generator workflow by @ianlewis in #1079
- Add doc on sigstore policy-controller by @ianlewis in #946
- Enable CodeQL scanning for Javascript by @ianlewis in #1078
- bug: fix path in action by @laurentsimon in #1085
- bug: additional fixes for ref removal by @laurentsimon in #1083
- fix: grep in secure download action by @laurentsimon in #1087
- fix: workingDir by @laurentsimon in #1107
- fix: workingDir by @laurentsimon in #1109
- feat: update ref by @laurentsimon in #1086
- doc: add tag pinning documentation in each builder README by @laurentsimon in #1106
- docs: update release.md for generating verifier e2e tests by @asraa in #1108
- fix: use GITHUB_OUTPUT instead of deprecated set-output command by @suzuki-shunsuke in #1066
- fix: checkout uses the wrong repository by @laurentsimon in #1113
- fix(deps): update module github.com/in-toto/in-toto-golang to v0.4.0 by @renovate-bot in #987
- chore(deps): update github-actions to v3 by @renovate-bot in #1059
- feat: improve refs by @laurentsimon in #1126
- Fix privacy-check checkout by @ianlewis in #1160
- Update Rekor to v1.0.0 by @ianlewis in #1121
- Update Rekor client by @ianlewis in #1162
- Add documentation for private-repository input by @ianlewis in #1165
- Temporarily disable pre-submit by @ianlewis in #1171
- re-enable pre-submits by @ianlewis in #1161
- fix(deps): update module github.com/sigstore/sigstore to v1.4.5 by @renovate-bot in #1123
- fix(deps): update module github.com/in-toto/in-toto-golang to v0.5.0 by @renovate-bot in #1122
- chore(deps): update dependency eslint to v8.26.0 by @renovate-bot in #1115
- fix(deps): update module github.com/slsa-framework/slsa-github-generator to v1.2.1 by @renovate-bot in #1114
- fix(deps): update module github.com/spf13/cobra to v1.6.1 by @renovate-bot in #1058
- fix(deps): update module github.com/sigstore/cosign to v1.13.1 by @renovate-bot in #1057
- chore(deps): update typescript-eslint monorepo to v5.41.0 by @renovate-bot in #1056
- chore(deps): update dependency eslint-plugin-github to v4.4.0 by @renovate-bot in #1055
- chore(deps): update dependency @types/node to v16.18.2 by @renovate-bot in #1054
- chore(deps): update dependency @types/node to v18 by @renovate-bot in #1179
- chore(deps): update github-actions by @renovate-bot in #864
- verifier: update verifier version to v1.3.2 by @asraa in #1184
- Add known issues to docs by @ianlewis in #1170
- 📖 Bump version tag in examples by @pnacht in #1187
- Container build type by @ianlewis in #1176
- Group updates for renovate by @ianlewis in #1185
- Add CONTRIBUTING.md by @ianlewis in #1080
- feat: add commands to nodejs builder by @laurentsimon in #1189
- cleanup: remove more set-outputs by @asraa in #1194
- chore(deps): update npm dev by @renovate-bot in #1203
- chore(deps): update github-actions by @renovate-bot in #1202
- chore(deps): update gcr.io/distroless/static docker digest to 5759d19 by @renovate-bot in #1201
- feat: npm builder updates by @laurentsimon in #1206
- chore(deps): update dependency eslint to v8.27.0 by @renovate-bot in #1208
- [doc] Add example for Python by @dongheelee92 in #1209
- [doc] update TOC(Table Of Content) for python example by @dongheelee92 in #1213
- Fix PR description check for releases by @ianlewis in #1211
- release: fix release tag reference by @asraa in #1215
- Update release instructions by @ianlewis in #1212
- Update release tag for v1.2.2 by @ianlewis in #1210
- Revert "Update release tag for v1.2.2 (#1210)" by @ianlewis in #1220
- Fix builder-fetch.sh path by @ianlewis in #1221
- Update refs for release 1.2.2 by @ianlewis in #1222
Contributors
ianlewis, asraa, and 6 other contributors