We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

Bump cosign to 3.0.5 in #220
fix: add retry to curl downloads for transient network failures in #210

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0

`v4.0.0`

Compare Source

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

Add support for Cosign v3 releases (#201)

`v3.10.1`

Compare Source

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

Bump default Cosign to v2.6.1 (#203)

`v3.10.0`

Compare Source

What's Changed

Bump default Cosign to v2.6.0 in #200

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0

`v3.9.2`

Compare Source

What's Changed

not fail fast and setup permissions in #195
drop old unsupported versions <v2.0.0 in #192
Update default to v2.5.3 in #196

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.9.1...v3.9.2

`v3.9.1`

Compare Source

What's Changed

default action install to use release v2.5.1 by @cpanato in #193
default cosign to v2.5.2 by @cpanato in #194

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1

`v3.9.0`

Compare Source

What's Changed

Bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in #189
bump cosign install to use release v2.5.0 as default by @cpanato in #191

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.9.0

`v3.8.2`

Compare Source

What's Changed

install cosign v2 from main in #186

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.8.2

`v3.8.1`

Compare Source

What's Changed

use cosign 2.4.3 and other updates by @cpanato in #182

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1

`v3.8.0`

Compare Source

What's Changed

test action against all non-rc releases, verify entry in rekor log by @bobcallaway in #179
bump for cosign v2.4.2 release by @bobcallaway in #181

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.8.0

`v3.7.0`

Compare Source

What's Changed

Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #172
bump for latest cosign v2.4.1 release by @bobcallaway in #173

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.6.0...v3.7.0

`v3.6.0`

Compare Source

What's Changed

Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #161
Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #162
Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #163
Bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #164
Bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #165
Bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #166
Bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #167
pin public key used for verification by @bobcallaway in #169
bump default version to v2.4.0 release by @bobcallaway in #168
update readme for new release by @bobcallaway in #170

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.6.0

`v3.5.0`

Compare Source

What's Changed

Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #157
use go 1.22 now by @bobcallaway in #160
bump default version to v2.2.4, prep for v3.5.0 release by @bobcallaway in #159

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0

`v3.4.0`

Compare Source

What's Changed

Use examples that work with multiple tags by @jkreileder in #155
default cosign install to release v2.2.3 by @cpanato in #156

New Contributors

@jkreileder made their first contribution in #155

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.4.0

`v3.3.0`

Compare Source

What's Changed

Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #152
update action to use latest cosign v2.2.2 by @cpanato in #153

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0

`v3.2.0`

Compare Source

Note: This release comes with a fix for CVE-2023-46737 described in this Github Security Advisory. Please upgrade to this release ASAP

see https://github.com/sigstore/cosign/releases/tag/v2.2.1

What's Changed

Support the runner context of gitea act by @josedev-union in #147
bump cosign to v2.2.1 by @cpanato in #148
test with latest go version by @bobcallaway in #150

New Contributors

@josedev-union made their first contribution in #147

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.2.0

`v3.1.2`

Compare Source

What's Changed

Fix build and push step Readme missing id by @hbenali in #138
bump cosign to v2.2.0 by @cpanato in #142

New Contributors

@hbenali made their first contribution in #138

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.1.2

`v3.1.1`

Compare Source

What's Changed

default cosign to v2.1.1 by @cpanato in #137

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1

`v3.1.0`

Compare Source

What's Changed

update job to use latest action release by @cpanato in #130
Update action example for keyless signing as xarg is not required by @jbtrystram in #132
update examples by @cpanato in #133
bump cosign to default to release v2.1.0 and update docs by @cpanato in #136

New Contributors

@jbtrystram made their first contribution in #132

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.0.5...v3.1.0

`v3.0.5`

Compare Source

What's Changed

download cosign releases from GitHub rather than GCS by @bobcallaway in #126

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.0.4...v3.0.5

`v3.0.4`

Compare Source

Include fix for #124
changes download URL for cosign binary to github.com instead of GCS

`v3.0.3`

Compare Source

What's Changed

bump to cosign v2.0.2 by @bobcallaway in #119
changes download URL for cosign binary to github.com instead of GCS

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.0.2...v3.0.3

`v3.0.2`

Compare Source

What's Changed

add --yes to example workflow by @sebhoss in #110
Fix aarch64 action run by @ananos in #113
Bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #115
Bump actions/setup-go from 3.5.0 to 4.0.0 by @dependabot in #114
Bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #116
default cosign to v2.0.1 by @cpanato in #117
changes download URL for cosign binary to github.com instead of GCS

New Contributors

@sebhoss made their first contribution in #110
@ananos made their first contribution in #113

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.0.2

`v3.0.1`

Compare Source

What's Changed

make cosign v2.0.0 default version by @developer-guy in #109
changes download URL for cosign binary to github.com instead of GCS

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [https://github.com/sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | action | major | `v3` → `v4.1.2` | --- ### Release Notes <details> <summary>sigstore/cosign-installer (https://github.com/sigstore/cosign-installer)</summary> ### [`v4.1.2`](https://github.com/sigstore/cosign-installer/releases/tag/v4.1.2) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v4.1.1...v4.1.2) ##### What's Changed - Bump cosign to 3.0.6 in [#232](https://github.com/sigstore/cosign-installer/pull/232) ### [`v4.1.1`](https://github.com/sigstore/cosign-installer/releases/tag/v4.1.1) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1) ##### What's Changed - chore: update default cosign-release to v3.0.5 in [#223](https://github.com/sigstore/cosign-installer/pull/223) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1> ### [`v4.1.0`](https://github.com/sigstore/cosign-installer/releases/tag/v4.1.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0) ##### What's Changed We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing `with: cosign-release` and strongly discourage using `cosign-release` unless you have a specific reason to use an older version of Cosign. - Bump cosign to 3.0.5 in [#220](https://github.com/sigstore/cosign-installer/pull/220) - fix: add retry to curl downloads for transient network failures in [#210](https://github.com/sigstore/cosign-installer/pull/210) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0> ### [`v4.0.0`](https://github.com/sigstore/cosign-installer/releases/tag/v4.0.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.10.1...v4.0.0) ##### What's Changed? **Note:** You must upgrade to cosign-installer v4 if you want to install [Cosign v3+](https://blog.sigstore.dev/cosign-3-0-available/). You may still install Cosign v2.x with cosign-installer v4. In version v3+, using `cosign sign-blob` requires adding the `--bundle` flag which may require you to update your signing command. - Add support for Cosign v3 releases ([#201](https://github.com/sigstore/cosign-installer/issues/201)) ### [`v3.10.1`](https://github.com/sigstore/cosign-installer/releases/tag/v3.10.1) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.10.0...v3.10.1) ##### What's Changed? **Note:** cosign-installer v3.x cannot be used to install [Cosign v3.x](https://blog.sigstore.dev/cosign-3-0-available/). You must upgrade to cosign-installer v4 in order to use Cosign v3. **Note:** This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to [Cosign v3](https://blog.sigstore.dev/cosign-3-0-available/). - Bump default Cosign to v2.6.1 ([#203](https://github.com/sigstore/cosign-installer/issues/203)) ### [`v3.10.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.10.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0) ##### What's Changed - Bump default Cosign to v2.6.0 in [#200](https://github.com/sigstore/cosign-installer/pull/200) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0> ### [`v3.9.2`](https://github.com/sigstore/cosign-installer/releases/tag/v3.9.2) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.9.1...v3.9.2) ##### What's Changed - not fail fast and setup permissions in [#195](https://github.com/sigstore/cosign-installer/pull/195) - drop old unsupported versions \<v2.0.0 in [#192](https://github.com/sigstore/cosign-installer/pull/192) - Update default to v2.5.3 in [#196](https://github.com/sigstore/cosign-installer/pull/196) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.9.1...v3.9.2> ### [`v3.9.1`](https://github.com/sigstore/cosign-installer/releases/tag/v3.9.1) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1) ##### What's Changed - default action install to use release v2.5.1 by [@cpanato](https://github.com/cpanato) in [#193](https://github.com/sigstore/cosign-installer/pull/193) - default cosign to v2.5.2 by [@cpanato](https://github.com/cpanato) in [#194](https://github.com/sigstore/cosign-installer/pull/194) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1> ### [`v3.9.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.9.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.8.2...v3.9.0) ##### What's Changed - Bump actions/setup-go from 5.4.0 to 5.5.0 by [@dependabot](https://github.com/dependabot) in [#189](https://github.com/sigstore/cosign-installer/pull/189) - bump cosign install to use release v2.5.0 as default by [@cpanato](https://github.com/cpanato) in [#191](https://github.com/sigstore/cosign-installer/pull/191) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3...v3.9.0> ### [`v3.8.2`](https://github.com/sigstore/cosign-installer/releases/tag/v3.8.2) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.8.1...v3.8.2) ##### What's Changed - install cosign v2 from main in [#186](https://github.com/sigstore/cosign-installer/pull/186) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3...v3.8.2> ### [`v3.8.1`](https://github.com/sigstore/cosign-installer/releases/tag/v3.8.1) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.8.0...v3.8.1) ##### What's Changed - use cosign 2.4.3 and other updates by [@cpanato](https://github.com/cpanato) in [#182](https://github.com/sigstore/cosign-installer/pull/182) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1> ### [`v3.8.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.8.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.7.0...v3.8.0) ##### What's Changed - test action against all non-rc releases, verify entry in rekor log by [@bobcallaway](https://github.com/bobcallaway) in [#179](https://github.com/sigstore/cosign-installer/pull/179) - bump for cosign v2.4.2 release by [@bobcallaway](https://github.com/bobcallaway) in [#181](https://github.com/sigstore/cosign-installer/pull/181) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3...v3.8.0> ### [`v3.7.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.7.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.6.0...v3.7.0) ##### What's Changed - Bump actions/checkout from 4.1.7 to 4.2.0 by [@dependabot](https://github.com/dependabot) in [#172](https://github.com/sigstore/cosign-installer/pull/172) - bump for latest cosign v2.4.1 release by [@bobcallaway](https://github.com/bobcallaway) in [#173](https://github.com/sigstore/cosign-installer/pull/173) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.6.0...v3.7.0> ### [`v3.6.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.6.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0) ##### What's Changed - Bump actions/checkout from 4.1.2 to 4.1.3 by [@dependabot](https://github.com/dependabot) in [#161](https://github.com/sigstore/cosign-installer/pull/161) - Bump actions/checkout from 4.1.3 to 4.1.4 by [@dependabot](https://github.com/dependabot) in [#162](https://github.com/sigstore/cosign-installer/pull/162) - Bump actions/setup-go from 5.0.0 to 5.0.1 by [@dependabot](https://github.com/dependabot) in [#163](https://github.com/sigstore/cosign-installer/pull/163) - Bump actions/checkout from 4.1.4 to 4.1.5 by [@dependabot](https://github.com/dependabot) in [#164](https://github.com/sigstore/cosign-installer/pull/164) - Bump actions/checkout from 4.1.5 to 4.1.6 by [@dependabot](https://github.com/dependabot) in [#165](https://github.com/sigstore/cosign-installer/pull/165) - Bump actions/checkout from 4.1.6 to 4.1.7 by [@dependabot](https://github.com/dependabot) in [#166](https://github.com/sigstore/cosign-installer/pull/166) - Bump actions/setup-go from 5.0.1 to 5.0.2 by [@dependabot](https://github.com/dependabot) in [#167](https://github.com/sigstore/cosign-installer/pull/167) - pin public key used for verification by [@bobcallaway](https://github.com/bobcallaway) in [#169](https://github.com/sigstore/cosign-installer/pull/169) - bump default version to v2.4.0 release by [@bobcallaway](https://github.com/bobcallaway) in [#168](https://github.com/sigstore/cosign-installer/pull/168) - update readme for new release by [@bobcallaway](https://github.com/bobcallaway) in [#170](https://github.com/sigstore/cosign-installer/pull/170) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3...v3.6.0> ### [`v3.5.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.5.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0) ##### What's Changed - Bump actions/checkout from 4.1.1 to 4.1.2 by [@dependabot](https://github.com/dependabot) in [#157](https://github.com/sigstore/cosign-installer/pull/157) - use go 1.22 now by [@bobcallaway](https://github.com/bobcallaway) in [#160](https://github.com/sigstore/cosign-installer/pull/160) - bump default version to v2.2.4, prep for v3.5.0 release by [@bobcallaway](https://github.com/bobcallaway) in [#159](https://github.com/sigstore/cosign-installer/pull/159) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0> ### [`v3.4.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.4.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.3.0...v3.4.0) ##### What's Changed - Use examples that work with multiple tags by [@jkreileder](https://github.com/jkreileder) in [#155](https://github.com/sigstore/cosign-installer/pull/155) - default cosign install to release v2.2.3 by [@cpanato](https://github.com/cpanato) in [#156](https://github.com/sigstore/cosign-installer/pull/156) ##### New Contributors - [@jkreileder](https://github.com/jkreileder) made their first contribution in [#155](https://github.com/sigstore/cosign-installer/pull/155) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3...v3.4.0> ### [`v3.3.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.3.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0) ##### What's Changed - Bump actions/setup-go from 4.1.0 to 5.0.0 by [@dependabot](https://github.com/dependabot) in [#152](https://github.com/sigstore/cosign-installer/pull/152) - update action to use latest cosign v2.2.2 by [@cpanato](https://github.com/cpanato) in [#153](https://github.com/sigstore/cosign-installer/pull/153) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0> ### [`v3.2.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.2.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.1.2...v3.2.0) **Note: This release comes with a fix for CVE-2023-46737 described in this [Github Security Advisory](https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9). Please upgrade to this release ASAP** see <https://github.com/sigstore/cosign/releases/tag/v2.2.1> ##### What's Changed - Support the runner context of gitea act by [@josedev-union](https://github.com/josedev-union) in [#147](https://github.com/sigstore/cosign-installer/pull/147) - bump cosign to v2.2.1 by [@cpanato](https://github.com/cpanato) in [#148](https://github.com/sigstore/cosign-installer/pull/148) - test with latest go version by [@bobcallaway](https://github.com/bobcallaway) in [#150](https://github.com/sigstore/cosign-installer/pull/150) ##### New Contributors - [@josedev-union](https://github.com/josedev-union) made their first contribution in [#147](https://github.com/sigstore/cosign-installer/pull/147) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3...v3.2.0> ### [`v3.1.2`](https://github.com/sigstore/cosign-installer/releases/tag/v3.1.2) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.1.1...v3.1.2) ##### What's Changed - Fix build and push step Readme missing id by [@hbenali](https://github.com/hbenali) in [#138](https://github.com/sigstore/cosign-installer/pull/138) - bump cosign to v2.2.0 by [@cpanato](https://github.com/cpanato) in [#142](https://github.com/sigstore/cosign-installer/pull/142) ##### New Contributors - [@hbenali](https://github.com/hbenali) made their first contribution in [#138](https://github.com/sigstore/cosign-installer/pull/138) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3...v3.1.2> ### [`v3.1.1`](https://github.com/sigstore/cosign-installer/releases/tag/v3.1.1) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1) ##### What's Changed - default cosign to v2.1.1 by [@cpanato](https://github.com/cpanato) in [#137](https://github.com/sigstore/cosign-installer/pull/137) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1> ### [`v3.1.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.1.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.5...v3.1.0) ##### What's Changed - update job to use latest action release by [@cpanato](https://github.com/cpanato) in [#130](https://github.com/sigstore/cosign-installer/pull/130) - Update action example for keyless signing as xarg is not required by [@jbtrystram](https://github.com/jbtrystram) in [#132](https://github.com/sigstore/cosign-installer/pull/132) - update examples by [@cpanato](https://github.com/cpanato) in [#133](https://github.com/sigstore/cosign-installer/pull/133) - bump cosign to default to release v2.1.0 and update docs by [@cpanato](https://github.com/cpanato) in [#136](https://github.com/sigstore/cosign-installer/pull/136) ##### New Contributors - [@jbtrystram](https://github.com/jbtrystram) made their first contribution in [#132](https://github.com/sigstore/cosign-installer/pull/132) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.0.5...v3.1.0> ### [`v3.0.5`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.5) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.4...v3.0.5) ##### What's Changed - download cosign releases from GitHub rather than GCS by [@bobcallaway](https://github.com/bobcallaway) in [#126](https://github.com/sigstore/cosign-installer/pull/126) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.0.4...v3.0.5> ### [`v3.0.4`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.4) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.3...v3.0.4) - Include fix for [#124](https://github.com/sigstore/cosign-installer/pull/124) - changes download URL for `cosign` binary to github.com instead of GCS ### [`v3.0.3`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.3) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.2...v3.0.3) ##### What's Changed - bump to cosign v2.0.2 by [@bobcallaway](https://github.com/bobcallaway) in [#119](https://github.com/sigstore/cosign-installer/pull/119) - changes download URL for `cosign` binary to github.com instead of GCS **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.0.2...v3.0.3> ### [`v3.0.2`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.2) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.0.1...v3.0.2) ##### What's Changed - add --yes to example workflow by [@sebhoss](https://github.com/sebhoss) in [#110](https://github.com/sigstore/cosign-installer/pull/110) - Fix aarch64 action run by [@ananos](https://github.com/ananos) in [#113](https://github.com/sigstore/cosign-installer/pull/113) - Bump actions/checkout from 3.3.0 to 3.4.0 by [@dependabot](https://github.com/dependabot) in [#115](https://github.com/sigstore/cosign-installer/pull/115) - Bump actions/setup-go from 3.5.0 to 4.0.0 by [@dependabot](https://github.com/dependabot) in [#114](https://github.com/sigstore/cosign-installer/pull/114) - Bump actions/checkout from 3.4.0 to 3.5.0 by [@dependabot](https://github.com/dependabot) in [#116](https://github.com/sigstore/cosign-installer/pull/116) - default cosign to v2.0.1 by [@cpanato](https://github.com/cpanato) in [#117](https://github.com/sigstore/cosign-installer/pull/117) - changes download URL for `cosign` binary to github.com instead of GCS ##### New Contributors - [@sebhoss](https://github.com/sebhoss) made their first contribution in [#110](https://github.com/sigstore/cosign-installer/pull/110) - [@ananos](https://github.com/ananos) made their first contribution in [#113](https://github.com/sigstore/cosign-installer/pull/113) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3...v3.0.2> ### [`v3.0.1`](https://github.com/sigstore/cosign-installer/releases/tag/v3.0.1) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3...v3.0.1) ##### What's Changed - make cosign v2.0.0 default version by [@developer-guy](https://github.com/developer-guy) in [#109](https://github.com/sigstore/cosign-installer/pull/109) - changes download URL for `cosign` binary to github.com instead of GCS **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

sa-renovate added 1 commit

2026-05-18 03:08:55 +00:00

chore(deps): update https://github.com/sigstore/cosign-installer action to v4

Build and Publish Images / mirror-deps (pull_request) Successful in 2s

Details

Build and Publish Images / build-scan-push (map[file:base-go/Containerfile name:stagex-base-go]) (pull_request) Successful in 1m34s

Details

Build and Publish Images / build-scan-push (map[file:base-java/Containerfile name:stagex-base-java]) (pull_request) Successful in 2m6s

Details

Build and Publish Images / build-scan-push (map[file:base-nodejs/Containerfile name:stagex-base-nodejs]) (pull_request) Successful in 1m48s

Details

Build and Publish Images / build-scan-push (map[file:base-python/Containerfile name:stagex-base-python]) (pull_request) Successful in 1m59s

Details

Build and Publish Images / build-scan-push (map[file:base-ruby/Containerfile name:stagex-base-ruby]) (pull_request) Successful in 1m56s

Details

Build and Publish Images / build-scan-push (map[file:base-rust/Containerfile name:stagex-base-rust]) (pull_request) Successful in 1m39s

Details

Build and Publish Images / build-scan-push (map[file:base-static/Containerfile name:stagex-base-static]) (pull_request) Successful in 1m33s

Details

Build and Publish Images / build-scan-push (map[file:base/Containerfile name:stagex-base]) (pull_request) Successful in 1m41s

Details

Build and Publish Images / build-apps (map[file:forgejo-runner/Containerfile name:stagex-forgejo-runner]) (pull_request) Successful in 2m8s

Details

Build and Publish Images / summary (pull_request) Successful in 1s

Details

51f257b53d

Build and Publish Images / mirror-deps (pull_request) Successful in 2s

Details

Build and Publish Images / build-scan-push (map[file:base-go/Containerfile name:stagex-base-go]) (pull_request) Successful in 1m34s

Details

Build and Publish Images / build-scan-push (map[file:base-java/Containerfile name:stagex-base-java]) (pull_request) Successful in 2m6s

Details

Build and Publish Images / build-scan-push (map[file:base-nodejs/Containerfile name:stagex-base-nodejs]) (pull_request) Successful in 1m48s

Details

Build and Publish Images / build-scan-push (map[file:base-python/Containerfile name:stagex-base-python]) (pull_request) Successful in 1m59s

Details

Build and Publish Images / build-scan-push (map[file:base-ruby/Containerfile name:stagex-base-ruby]) (pull_request) Successful in 1m56s

Details

Build and Publish Images / build-scan-push (map[file:base-rust/Containerfile name:stagex-base-rust]) (pull_request) Successful in 1m39s

Details

Build and Publish Images / build-scan-push (map[file:base-static/Containerfile name:stagex-base-static]) (pull_request) Successful in 1m33s

Details

Build and Publish Images / build-scan-push (map[file:base/Containerfile name:stagex-base]) (pull_request) Successful in 1m41s

Details

Build and Publish Images / build-apps (map[file:forgejo-runner/Containerfile name:stagex-forgejo-runner]) (pull_request) Successful in 2m8s

Details

Build and Publish Images / summary (pull_request) Successful in 1s

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/https-github.com-sigstore-cosign-installer-4.x:renovate/https-github.com-sigstore-cosign-installer-4.x

git switch renovate/https-github.com-sigstore-cosign-installer-4.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff renovate/https-github.com-sigstore-cosign-installer-4.x

git switch renovate/https-github.com-sigstore-cosign-installer-4.x

git rebase main

git switch main

git merge --ff-only renovate/https-github.com-sigstore-cosign-installer-4.x

git switch renovate/https-github.com-sigstore-cosign-installer-4.x

git rebase main

git switch main

git merge --no-ff renovate/https-github.com-sigstore-cosign-installer-4.x

git switch main

git merge --squash renovate/https-github.com-sigstore-cosign-installer-4.x

git switch main

git merge --ff-only renovate/https-github.com-sigstore-cosign-installer-4.x

git switch main

git merge renovate/https-github.com-sigstore-cosign-installer-4.x

git push origin main

No reviewers

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

DevFW-CICD/stagex!18

No description provided.

Rows
Columns