Skip to content

⬆️ Update sigstore/gh-action-sigstore-python action to v3#714

Merged
frenck merged 1 commit intomainfrom
renovate/sigstore-gh-action-sigstore-python-3.x
Jul 15, 2024
Merged

⬆️ Update sigstore/gh-action-sigstore-python action to v3#714
frenck merged 1 commit intomainfrom
renovate/sigstore-gh-action-sigstore-python-3.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Jul 15, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
sigstore/gh-action-sigstore-python action major v2.1.1 -> v3.0.0

Release Notes

sigstore/gh-action-sigstore-python (sigstore/gh-action-sigstore-python)

v3.0.0

Compare Source

Added
  • inputs now allows recursive globbing with **
    (#​106)
Removed
  • The following settings have been removed: fulcio-url, rekor-url,
    ctfe, rekor-root-pubkey
    (#​140)
  • The following output settings have been removed: signature,
    certificate, bundle
    (#​146)
Changed

  • inputs is now parsed according to POSIX shell lexing rules, improving
    the action's consistency when used with filenames containing whitespace
    or other significant characters
    (#​104)

  • inputs is now optional if release-signing-artifacts is true
    and the action's event is a release event. In this case, the action
    takes no explicit inputs, but signs the source archives already attached
    to the associated release
    (#​110)

  • The default suffix has changed from .sigstore to .sigstore.json,
    per Sigstore's client specification
    (#​140)

  • release-signing-artifacts now defaults to true
    (#​142)

Fixed

  • The release-signing-artifacts setting no longer causes a hard error
    when used under the incorrect event
    (#​103)

  • Various deprecations present in sigstore-python's 2.x series have been
    resolved
    (#​140)

  • This workflow now supports CI runners that use PEP 668 to constrain global
    package prefixes
    (#​145)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added dependencies Upgrade or downgrade of project dependencies. github_actions no-stale This issue or PR is exempted from the stable bot. labels Jul 15, 2024
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Jul 15, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@frenck frenck merged commit 6119eca into main Jul 15, 2024
@renovate renovate bot deleted the renovate/sigstore-gh-action-sigstore-python-3.x branch July 15, 2024 16:26
@github-actions github-actions bot locked and limited conversation to collaborators Jul 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Upgrade or downgrade of project dependencies. github_actions no-stale This issue or PR is exempted from the stable bot.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@frenck