chore(deps): update https://github.com/sigstore/cosign-installer action to v4 #18

Open
sa-renovate wants to merge 1 commit from renovate/https-github.com-sigstore-cosign-installer-4.x into main
Member

This PR contains the following updates:

Package Type Update Change
https://github.com/sigstore/cosign-installer action major v3v4.1.2

Release Notes

sigstore/cosign-installer (https://github.com/sigstore/cosign-installer)

v4.1.2

Compare Source

What's Changed

v4.1.1

Compare Source

What's Changed
  • chore: update default cosign-release to v3.0.5 in #​223

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1

v4.1.0

Compare Source

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

  • Bump cosign to 3.0.5 in #​220
  • fix: add retry to curl downloads for transient network failures in #​210

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0

v4.0.0

Compare Source

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

  • Add support for Cosign v3 releases (#​201)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [https://github.com/sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | action | major | `v3` → `v4.1.2` | --- ### Release Notes <details> <summary>sigstore/cosign-installer (https://github.com/sigstore/cosign-installer)</summary> ### [`v4.1.2`](https://github.com/sigstore/cosign-installer/releases/tag/v4.1.2) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v4.1.1...v4.1.2) ##### What's Changed - Bump cosign to 3.0.6 in [#&#8203;232](https://github.com/sigstore/cosign-installer/pull/232) ### [`v4.1.1`](https://github.com/sigstore/cosign-installer/releases/tag/v4.1.1) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1) ##### What's Changed - chore: update default cosign-release to v3.0.5 in [#&#8203;223](https://github.com/sigstore/cosign-installer/pull/223) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1> ### [`v4.1.0`](https://github.com/sigstore/cosign-installer/releases/tag/v4.1.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0) ##### What's Changed We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing `with: cosign-release` and strongly discourage using `cosign-release` unless you have a specific reason to use an older version of Cosign. - Bump cosign to 3.0.5 in [#&#8203;220](https://github.com/sigstore/cosign-installer/pull/220) - fix: add retry to curl downloads for transient network failures in [#&#8203;210](https://github.com/sigstore/cosign-installer/pull/210) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0> ### [`v4.0.0`](https://github.com/sigstore/cosign-installer/releases/tag/v4.0.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v3.10.1...v4.0.0) ##### What's Changed? **Note:** You must upgrade to cosign-installer v4 if you want to install [Cosign v3+](https://blog.sigstore.dev/cosign-3-0-available/). You may still install Cosign v2.x with cosign-installer v4. In version v3+, using `cosign sign-blob` requires adding the `--bundle` flag which may require you to update your signing command. - Add support for Cosign v3 releases ([#&#8203;201](https://github.com/sigstore/cosign-installer/issues/201)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIwOS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
chore(deps): update https://github.com/sigstore/cosign-installer action to v4
All checks were successful
Build and Publish Images / mirror-deps (pull_request) Successful in 2s
Build and Publish Images / build-scan-push (map[file:base-go/Containerfile name:stagex-base-go]) (pull_request) Successful in 1m34s
Build and Publish Images / build-scan-push (map[file:base-java/Containerfile name:stagex-base-java]) (pull_request) Successful in 2m6s
Build and Publish Images / build-scan-push (map[file:base-nodejs/Containerfile name:stagex-base-nodejs]) (pull_request) Successful in 1m48s
Build and Publish Images / build-scan-push (map[file:base-python/Containerfile name:stagex-base-python]) (pull_request) Successful in 1m59s
Build and Publish Images / build-scan-push (map[file:base-ruby/Containerfile name:stagex-base-ruby]) (pull_request) Successful in 1m56s
Build and Publish Images / build-scan-push (map[file:base-rust/Containerfile name:stagex-base-rust]) (pull_request) Successful in 1m39s
Build and Publish Images / build-scan-push (map[file:base-static/Containerfile name:stagex-base-static]) (pull_request) Successful in 1m33s
Build and Publish Images / build-scan-push (map[file:base/Containerfile name:stagex-base]) (pull_request) Successful in 1m41s
Build and Publish Images / build-apps (map[file:forgejo-runner/Containerfile name:stagex-forgejo-runner]) (pull_request) Successful in 2m8s
Build and Publish Images / summary (pull_request) Successful in 1s
51f257b53d
All checks were successful
Build and Publish Images / mirror-deps (pull_request) Successful in 2s
Build and Publish Images / build-scan-push (map[file:base-go/Containerfile name:stagex-base-go]) (pull_request) Successful in 1m34s
Build and Publish Images / build-scan-push (map[file:base-java/Containerfile name:stagex-base-java]) (pull_request) Successful in 2m6s
Build and Publish Images / build-scan-push (map[file:base-nodejs/Containerfile name:stagex-base-nodejs]) (pull_request) Successful in 1m48s
Build and Publish Images / build-scan-push (map[file:base-python/Containerfile name:stagex-base-python]) (pull_request) Successful in 1m59s
Build and Publish Images / build-scan-push (map[file:base-ruby/Containerfile name:stagex-base-ruby]) (pull_request) Successful in 1m56s
Build and Publish Images / build-scan-push (map[file:base-rust/Containerfile name:stagex-base-rust]) (pull_request) Successful in 1m39s
Build and Publish Images / build-scan-push (map[file:base-static/Containerfile name:stagex-base-static]) (pull_request) Successful in 1m33s
Build and Publish Images / build-scan-push (map[file:base/Containerfile name:stagex-base]) (pull_request) Successful in 1m41s
Build and Publish Images / build-apps (map[file:forgejo-runner/Containerfile name:stagex-forgejo-runner]) (pull_request) Successful in 2m8s
Build and Publish Images / summary (pull_request) Successful in 1s
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/https-github.com-sigstore-cosign-installer-4.x:renovate/https-github.com-sigstore-cosign-installer-4.x
git switch renovate/https-github.com-sigstore-cosign-installer-4.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff renovate/https-github.com-sigstore-cosign-installer-4.x
git switch renovate/https-github.com-sigstore-cosign-installer-4.x
git rebase main
git switch main
git merge --ff-only renovate/https-github.com-sigstore-cosign-installer-4.x
git switch renovate/https-github.com-sigstore-cosign-installer-4.x
git rebase main
git switch main
git merge --no-ff renovate/https-github.com-sigstore-cosign-installer-4.x
git switch main
git merge --squash renovate/https-github.com-sigstore-cosign-installer-4.x
git switch main
git merge --ff-only renovate/https-github.com-sigstore-cosign-installer-4.x
git switch main
git merge renovate/https-github.com-sigstore-cosign-installer-4.x
git push origin main
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
DevFW-CICD/stagex!18
No description provided.