Releases: sigstore/scaffolding
Releases · sigstore/scaffolding
v0.7.31
v0.7.30
v0.7.29
What's Changed
This release reverts a previous change to the prober to allow for insecure gRPC connections, in favor of allowing for gRPC testing to be disabled.
- Allow disabling Fulcio gRPC testing via flag in #1787
Full Changelog: v0.7.28...v0.7.29
v0.7.28
What's Changed
- Allow insecure transport for Fulcio gRPC requests to be configured by flag in #1786
Full Changelog: v0.7.27...v0.7.28
v0.7.27
What's Changed
- fix: Adjust Fulcio gRPC URL handling for internal services in #1774
Full Changelog: v0.7.26...v0.7.27
v0.7.26
v0.7.25
What's Changed
- Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot[bot] in #1617
- update docs and clean up scripts by @cpanato in #1624
- Parallelize service setup by @cmurphy in #1618
- Bump github/codeql-action from 3.29.0 to 3.29.2 by @dependabot[bot] in #1626
- Bump golang.org/x/net from 0.41.0 to 0.42.0 by @dependabot[bot] in #1629
- Bump github.com/letsencrypt/boulder from 0.0.0-20240620165639-de9c06129bec to 0.20250707.0 by @dependabot[bot] in #1630
- Bump cloud-sql-connectors/cloud-sql-proxy from 2.17.1-alpine to 2.18.0-alpine by @dependabot[bot] in #1632
- Bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by @dependabot[bot] in #1622
- Clean up GHAs using zizmor by @haydentherapper in #1633
- Bump chainguard-dev/actions from 1.4.5 to 1.4.7 by @dependabot[bot] in #1644
- Bump google.golang.org/grpc from 1.73.0 to 1.74.2 by @dependabot[bot] in #1646
- Bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #1645
- Bump github.com/letsencrypt/boulder from 0.20250707.0 to 0.20250721.0 by @dependabot[bot] in #1647
- Create utility for generating Tink keysets by @haydentherapper in #1627
- Bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #1652
- Bump chainguard-dev/actions from 1.4.7 to 1.4.8 by @dependabot[bot] in #1651
- Bump go.step.sm/crypto from 0.67.0 to 0.68.0 by @dependabot[bot] in #1650
- Bump github.com/go-jose/go-jose/v4 from 4.1.1 to 4.1.2 by @dependabot[bot] in #1648
- Bump docker/login-action from 3.4.0 to 3.5.0 by @dependabot[bot] in #1658
- Bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in #1657
- Bump go.step.sm/crypto from 0.68.0 to 0.69.0 by @dependabot[bot] in #1659
- Bump github.com/letsencrypt/boulder from 0.20250721.0 to 0.20250805.0 by @dependabot[bot] in #1654
- Bump chainguard-dev/actions from 1.4.8 to 1.4.9 by @dependabot[bot] in #1656
- Bump sigs.k8s.io/release-utils from 0.11.1 to 0.12.1 by @dependabot[bot] in #1653
- Add checkpoint key ID as output for create-tink-keyset by @haydentherapper in #1661
- macOS support for hermetic environment by @haydentherapper in #1662
- Bump chainguard-dev/actions from 1.4.9 to 1.4.10 by @dependabot[bot] in #1666
- Bump github.com/letsencrypt/boulder from 0.20250805.0 to 0.20250812.0 by @dependabot[bot] in #1674
- Bump k8s.io/api from 0.33.2 to 0.33.4 by @dependabot[bot] in #1672
- Bump github.com/sigstore/rekor-tiles from 0.1.6 to 0.1.9 by @dependabot[bot] in #1673
- Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #1667
- Bump k8s.io/client-go from 0.33.2 to 0.33.4 by @dependabot[bot] in #1671
- Bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 by @dependabot[bot] in #1665
- Bump k8s.io/code-generator from 0.33.2 to 0.33.4 by @dependabot[bot] in #1669
- Bump google.golang.org/protobuf from 1.36.6 to 1.36.7 by @dependabot[bot] in #1675
- Bump github.com/prometheus/client_golang from 1.22.0 to 1.23.0 by @dependabot[bot] in #1677
- Bump golang.org/x/net from 0.42.0 to 0.43.0 by @dependabot[bot] in #1676
- Bump github/codeql-action from 3.29.8 to 3.29.9 by @dependabot[bot] in #1668
- Move deps dockerfile to dedicated directory by @haydentherapper in #1678
- Bump projectsigstore/rekor-server from v1.3.9 to v1.4.0 in /config/rekor/rekor by @dependabot[bot] in #1683
- Bump projectsigstore/fulcio from v1.6.6 to v1.7.1 in /config/fulcio/fulcio by @dependabot[bot] in #1682
- Bump trillian-opensource-ci/db_server from
ce3a107to3dcf614in /config/trillian/mysql by @dependabot[bot] in #1680 - Bump github/codeql-action from 3.29.9 to 3.29.10 by @dependabot[bot] in #1679
- Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @dependabot[bot] in #1685
- Bump chainguard-dev/actions from 1.4.10 to 1.4.12 by @dependabot[bot] in #1689
- Bump go.step.sm/crypto from 0.69.0 to 0.70.0 by @dependabot[bot] in #1691
- Bump trillian-opensource-ci/db_server from
3dcf614todfbfa89in /config/trillian/mysql by @dependabot[bot] in #1693 - Bump github.com/letsencrypt/boulder from 0.20250812.0 to 0.20250819.0 by @dependabot[bot] in #1690
- Bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #1687
- Bump google.golang.org/protobuf from 1.36.7 to 1.36.8 by @dependabot[bot] in #1688
- Trigger Prober Unit Test on pull request by @aaronlew02 in #1694
- Bump projectsigstore/rekor-server from v1.4.0 to v1.4.1 in /config/rekor/rekor by @dependabot[bot] in #1704
- Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in #1696
- Bump github.com/sigstore/rekor from 1.4.0 to 1.4.1 by @dependabot[bot] in #1697
- Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.5.3 by @dependabot[bot] in #1637
- Bump github.com/sigstore/rekor-tiles from 0.1.9 to 0.1.10 by @dependabot[bot] in #1700
- drop 1.30 k8s, add 1.34 and update knative by @cpanato in #1705
- Bump projectsigstore/rekor-server from v1.4.1 to v1.4.2 in /config/rekor/rekor by @dependabot[bot] in #1716
- Bump trillian-opensource-ci/db_server from
dfbfa89toce905c8in /config/trillian/mysql by @dependabot[bot] in #1715 - Bump github.com/prometheus/client_golang from 1.23.0 to 1.23.2 by @dependabot[bot] in #1712
- Bump golang.org/x/time from 0.12.0 to 0.13.0 by @dependabot[bot] in #1711
- Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by @dependabot[bot] in #1710
- Bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in #1707
- Bump github/codeql-action from 3.29.10 to 3.30.1 by @dependabot[bot] in #1706
- Bump chainguard-dev/actions from 1.4.13 to 1.4.14 by @dependabot[bot] in #1708
- Bump k8s.io/client-go from 0.33.4 to 0.34.0 by @dependabot[bot] in #1698
- Bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by @dependabot[bot] in #1635
- Bump cloud-sql-connectors/cloud-sql-proxy from 2.18.0-alpine to 2.18.2-alpine in /deps by @dependabot[bot] in #1684
- Bump github.com/letsencrypt/boulder from 0.20250819.0 to 0.20250902.0 by @dependabot[bot] in #1714
- Bump k8s.io/code-generator from 0.33.4 to 0.34.0 by @dependabot[bot] in #1709
- Bump github.com/sigstore/rekor from 1.4.1 to 1.4.2 by @dependabot[bot] in #1713
- Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @dependabot[bot] in #1721
- Bump chainguard-dev/actions from 1.4.14 to 1.4.15 by @dependabot[bot] in #1720
- Bump github/codeql-action from 3.30.1 to 3.30.3 by @dependabot[bot] in #1722
- Bump github.com/sigstore/timestamp-authority from 1.2.8 to 1.2.9 by @dependabot[bot] in #1726
- Bump github.com/sigstore/rekor-tiles from 0.1.10 to 0.1.11 by @dependabot[bot] in #1723
- Bump golang.org/x/net from 0.43.0 to 0.44.0 by @depen...
Contributors
cmurphy, cpanato, and 3 other contributors
Assets 13
v0.7.24
Changelog
Thanks to all contributors!
What's Changed
- Revert "Fix dependabot" by @bobcallaway in #1576
- Bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in #1581
- Bump golang.org/x/net from 0.39.0 to 0.40.0 by @dependabot in #1580
- Bump github.com/sigstore/sigstore-go from 0.7.2 to 0.7.3 by @dependabot in #1579
- Bump github.com/sigstore/timestamp-authority from 1.2.6 to 1.2.7 by @dependabot in #1578
- Bump github.com/sigstore/sigstore-go from 0.7.3 to 1.0.0 by @dependabot in #1587
- Bump k8s.io/client-go from 0.33.0 to 0.33.1 by @dependabot in #1582
- Bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot in #1588
- Bump go.step.sm/crypto from 0.63.0 to 0.64.0 by @dependabot in #1589
- setup-sigstore-env: Support signingconfig 0.2 by @jku in #1590
- Bump go.step.sm/crypto from 0.64.0 to 0.66.0 by @dependabot in #1591
- Bump golang.org/x/time from 0.11.0 to 0.12.0 by @dependabot in #1598
- Bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot in #1593
- Bump github.com/sigstore/timestamp-authority from 1.2.7 to 1.2.8 by @dependabot in #1595
- Bump golang.org/x/crypto from 0.38.0 to 0.39.0 by @dependabot in #1596
- Bump google.golang.org/grpc from 1.72.2 to 1.73.0 by @dependabot in #1594
- Bump golang.org/x/net from 0.40.0 to 0.41.0 by @dependabot in #1597
- Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 by @dependabot in #1599
- Bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by @dependabot in #1600
- Bump cloud-sql-connectors/cloud-sql-proxy from 2.16.0-alpine to 2.17.1-alpine by @dependabot in #1604
- Bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot in #1603
- Bump github.com/google/certificate-transparency-go from 1.3.1 to 1.3.2 by @dependabot in #1602
- Bump github.com/sigstore/sigstore from 1.9.4 to 1.9.5 by @dependabot in #1601
- Use service URLs and server name in trusted root by @cmurphy in #1606
- Bump k8s.io/api from 0.33.1 to 0.33.2 by @dependabot in #1609
- Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @dependabot in #1614
- Bump k8s.io/code-generator from 0.33.0 to 0.33.2 by @dependabot in #1613
- Bump github.com/hashicorp/go-retryablehttp from 0.7.7 to 0.7.8 by @dependabot in #1608
- Bump k8s.io/client-go from 0.33.1 to 0.33.2 by @dependabot in #1610
- Bump go.step.sm/crypto from 0.66.0 to 0.67.0 by @dependabot in #1607
- Bump github.com/sigstore/cosign/v2 from 2.5.0 to 2.5.2 by @dependabot in #1611
Full Changelog: v0.7.23...v0.7.24
Contributors
jku, cmurphy, and 2 other contributors
Assets 13
v0.7.23
Thanks to all contributors!
What's Changed
- have prober test use staging TSA by @bobcallaway in #1540
- Remove Terraform modules from scaffolding by @haydentherapper in #1507
- Fix dependabot by @haydentherapper in #1542
- Bump github/codeql-action from 3.28.12 to 3.28.15 by @dependabot in #1545
- Bump ko-build/setup-ko from 0.8 to 0.9 by @dependabot in #1546
- Bump golang.org/x/net from 0.37.0 to 0.39.0 by @dependabot in #1547
- Bump go.step.sm/crypto from 0.59.1 to 0.60.0 by @dependabot in #1529
- Bump github.com/go-openapi/swag from 0.23.0 to 0.23.1 by @dependabot in #1510
- Bump google.golang.org/grpc from 1.71.0 to 1.71.1 by @dependabot in #1549
- Bump go.step.sm/crypto from 0.60.0 to 0.61.0 by @dependabot in #1552
- Bump cloud-sql-connectors/cloud-sql-proxy from 2.15.2-alpine@sha256:ab3068069deb05806c80d9fc7e6e542853283860cf7f1e4d6fa6ddeedfdc8600 to sha256:7487d086006d4b32e489fad6098343ec23a6c03c55874f0a3e4551d4fe5fb903 by @dependabot in #1553
- feat: action for test containers by @ramonpetgrave64 in #1544
- Bump golang.org/x/crypto from 0.32.0 to 0.35.0 in /actions/setup-sigstore-env/fakeoidc by @dependabot in #1556
- Bump github.com/google/trillian from 1.7.1 to 1.7.2 by @dependabot in #1561
- Bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot in #1558
- Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by @dependabot in #1557
- Bump github.com/sigstore/sigstore from 1.9.0 to 1.9.4 by @dependabot in #1563
- Bump trillian-opensource-ci/db_server from
94a0852toce3a107in /config/trillian/mysql by @dependabot in #1541 - Bump k8s.io/client-go from 0.32.2 to 0.33.0 by @dependabot in #1559
- add support for testing on k8s 1.33 by @bobcallaway in #1567
- Bump k8s.io/code-generator from 0.32.2 to 0.33.0 by @dependabot in #1565
- bump cloud-sql-proxy to v2.16.0 by @bobcallaway in #1568
- Bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot in #1575
- Bump github.com/go-sql-driver/mysql from 1.9.1 to 1.9.2 by @dependabot in #1573
- Bump github.com/golang/glog from 1.2.4 to 1.2.5 by @dependabot in #1572
- Bump github.com/sigstore/timestamp-authority from 1.2.5 to 1.2.6 by @dependabot in #1569
- Bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.0 by @dependabot in #1571
- Bump go.step.sm/crypto from 0.61.0 to 0.63.0 by @dependabot in #1570
- Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 by @dependabot in #1574
New Contributors
- @ramonpetgrave64 made their first contribution in #1544
Full Changelog: v0.7.22...v0.7.23
Contributors
bobcallaway, haydentherapper, and 2 other contributors
Assets 13
v0.7.22
Thanks to all contributors!
What's Changed
- Bump trillian-opensource-ci/db_server from
acc3517to882bbd9in /config/trillian/mysql by @dependabot in #1496 - Bump github.com/prometheus/client_golang from 1.21.0 to 1.21.1 by @dependabot in #1497
- Bump go.step.sm/crypto from 0.59.1-0.20250303235342-5e0f3ecf9547 to 0.59.1 by @dependabot in #1498
- Bump golang.org/x/net from 0.35.0 to 0.37.0 by @dependabot in #1499
- Bump github.com/sigstore/sigstore from 1.8.15 to 1.9.0 by @dependabot in #1502
- Bump github.com/hashicorp/go-secure-stdlib/parseutil from 0.1.9 to 0.2.0 by @dependabot in #1503
- Bump google.golang.org/grpc from 1.70.0 to 1.71.0 by @dependabot in #1500
- Bump golang.org/x/time from 0.10.0 to 0.11.0 by @dependabot in #1504
- Bump github/codeql-action from 3.28.10 to 3.28.11 by @dependabot in #1505
- Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #1519
- Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot in #1518
- Bump github/codeql-action from 3.28.11 to 3.28.12 by @dependabot in #1520
- Bump golangci/golangci-lint-action from 6.5.0 to 6.5.2 by @dependabot in #1521
- Bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot in #1522
- Bump github.com/go-sql-driver/mysql from 1.9.0 to 1.9.1 by @dependabot in #1525
- Bump cloud-sql-connectors/cloud-sql-proxy from 2.15.1-alpine to 2.15.2-alpine by @dependabot in #1523
- Bump docker/login-action from 3.3.0 to 3.4.0 by @dependabot in #1516
- update cloud-sql-proxy automation to match on all versions by @bobcallaway in #1526
- Bump trillian-opensource-ci/db_server from
882bbd9to94a0852in /config/trillian/mysql by @dependabot in #1524 - bump c-s-p to 2.15.2 in .ko.yaml by @bobcallaway in #1527
- Bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 by @dependabot in #1532
- Update linter to v2 by @haydentherapper in #1538
- add tsa support to in-cluster prober by @bobcallaway in #1539
Full Changelog: v0.7.21...v0.7.22
Contributors
bobcallaway, haydentherapper, and dependabot