Ville Skyttä
4ed7002681
Switch from actions/attest-build-provenance to actions/attest
...
https://github.com/actions/attest-build-provenance#usage
> As of version 4, actions/attest-build-provenance is simply a wrapper
> on top of actions/attest.
>
> Existing applications may continue to use the attest-build-provenance
> action, but new implementations should use actions/attest instead.
2026-05-01 10:16:14 +03:00
dependabot[bot]
ed31e2f6e8
chore(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 7.0.0 to 7.2.1.
- [Commits](ec59f474b9...1a80836c5c
2026-04-27 17:26:50 +00:00
orbisai0security
f52acd51e9
fix: yaml.github-actions.security.run-shell-injection.run-shell-injection security vulnerability
...
Automated security fix generated by Orbis Security AI
2026-04-22 16:05:54 +05:30
William Martin
afe0adf7ed
Merge pull request #12951 from cli/dependabot/github_actions/azure/login-3.0.0
...
chore(deps): bump azure/login from 2.3.0 to 3.0.0
2026-03-26 14:09:45 +01:00
William Martin
c61b1600c2
Merge pull request #13004 from cli/dependabot/github_actions/mislav/bump-homebrew-formula-action-4.1
...
chore(deps): bump mislav/bump-homebrew-formula-action from 3.6 to 4.1
2026-03-26 14:09:33 +01:00
dependabot[bot]
dd1a3680d3
chore(deps): bump microsoft/setup-msbuild from 2.0.0 to 3.0.0
...
Bumps [microsoft/setup-msbuild](https://github.com/microsoft/setup-msbuild ) from 2.0.0 to 3.0.0.
- [Release notes](https://github.com/microsoft/setup-msbuild/releases )
- [Commits](6fb0222098...30375c66a4
2026-03-23 14:14:35 +00:00
dependabot[bot]
c255e77dde
chore(deps): bump mislav/bump-homebrew-formula-action from 3.6 to 4.1
...
Bumps [mislav/bump-homebrew-formula-action](https://github.com/mislav/bump-homebrew-formula-action ) from 3.6 to 4.1.
- [Release notes](https://github.com/mislav/bump-homebrew-formula-action/releases )
- [Commits](56a283fa15...ccf2332299
2026-03-23 14:14:32 +00:00
dependabot[bot]
ead34e1ed2
chore(deps): bump azure/login from 2.3.0 to 3.0.0
...
Bumps [azure/login](https://github.com/azure/login ) from 2.3.0 to 3.0.0.
- [Release notes](https://github.com/azure/login/releases )
- [Commits](a457da9ea1...532459ea53
2026-03-17 14:03:22 +00:00
Kynan Ware
bd12a06860
Switch deployment signing to OIDC authentication
2026-03-11 18:42:56 -06:00
Kynan Ware
e3ac074968
Merge pull request #12760 from cli/dependabot/github_actions/goreleaser/goreleaser-action-7.0.0
...
chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0
2026-03-02 09:27:01 -07:00
Kynan Ware
453d89c2d4
Merge pull request #12795 from cli/dependabot/github_actions/actions/attest-build-provenance-4.1.0
...
chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0
2026-03-02 09:26:34 -07:00
Kynan Ware
c2ccf29aa4
Merge pull request #12796 from cli/dependabot/github_actions/actions/download-artifact-8
...
chore(deps): bump actions/download-artifact from 7 to 8
2026-03-02 09:24:28 -07:00
dependabot[bot]
b1df464f52
chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 6.4.0 to 7.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](e435ccd777...ec59f474b9
2026-03-02 16:03:04 +00:00
dependabot[bot]
ab399f09e1
chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 3.2.0 to 4.1.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](96278af6ca...a2bbfa2537
2026-03-02 16:02:34 +00:00
dependabot[bot]
6842f5bdcb
chore(deps): bump actions/download-artifact from 7 to 8
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v7...v8 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-02 16:02:32 +00:00
dependabot[bot]
cc15e7e16d
chore(deps): bump actions/upload-artifact from 6 to 7
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-02 16:02:25 +00:00
dependabot[bot]
fdc72751a7
chore(deps): bump actions/attest-build-provenance from 3.1.0 to 3.2.0
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](00014ed6ed...96278af6ca
2026-01-27 14:01:36 +00:00
dependabot[bot]
09e66252fd
chore(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.4.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 6.0.0 to 6.4.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](286f3b13b1...e435ccd777
2026-01-23 18:22:34 +00:00
Kynan Ware
c8335e3f55
Merge pull request #12315 from cli/dependabot/github_actions/actions/upload-artifact-6
...
chore(deps): bump actions/upload-artifact from 5 to 6
2026-01-23 11:18:50 -07:00
Kynan Ware
970a1ebbc1
Merge pull request #12314 from cli/dependabot/github_actions/actions/download-artifact-7
...
chore(deps): bump actions/download-artifact from 6 to 7
2026-01-23 11:18:19 -07:00
Kynan Ware
1d76eae5aa
Add shell specification for temporary tag creation
2026-01-06 10:37:12 -07:00
Babak K. Shandiz
f47a230eda
ci: shorten run block
...
Signed-off-by: Babak K. Shandiz <babakks@github.com>
2026-01-06 17:04:02 +00:00
Babak K. Shandiz
d02341d5a3
ci: improve step name
...
Signed-off-by: Babak K. Shandiz <babakks@github.com>
2026-01-06 17:02:54 +00:00
Babak K. Shandiz
fa871ffa67
ci: tag per build job
...
We need to tag the HEAD commit to make sure the right version is baked
into the built binaries.
See for more details:
- https://github.com/cli/cli/issues/12263
Signed-off-by: Babak K. Shandiz <babakks@github.com>
2026-01-06 16:59:08 +00:00
Kynan Ware
c9ba3793ee
Update Azure Code Signing endpoint URL
2026-01-05 13:43:55 -07:00
Kynan Ware
319567c2cf
Update Azure Code Signing client to 1.0.95
...
Also updates the source URL
2026-01-05 11:49:16 -07:00
Babak K. Shandiz
aed52d5ee1
ci: disable create storage record for artifacts
...
Signed-off-by: Babak K. Shandiz <babakks@github.com>
2025-12-19 19:17:44 +00:00
dependabot[bot]
4f5e755c24
chore(deps): bump actions/attest-build-provenance from 3.0.0 to 3.1.0
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](977bb373ed...00014ed6ed
2025-12-19 19:13:50 +00:00
Babak K. Shandiz
dd6783868b
ci: fix binary artifact dir paths used in Windows job
...
Signed-off-by: Babak K. Shandiz <babakks@github.com>
2025-12-15 18:56:07 +00:00
Babak K. Shandiz
a777a95e9a
ci: upgrade to GoReleaser v2
...
Signed-off-by: Babak K. Shandiz <babakks@github.com>
2025-12-15 18:44:25 +00:00
dependabot[bot]
aba49aab39
chore(deps): bump actions/upload-artifact from 5 to 6
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-12-15 14:03:27 +00:00
dependabot[bot]
58534228a9
chore(deps): bump actions/download-artifact from 6 to 7
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-12-15 14:03:19 +00:00
dependabot[bot]
13d9ab631d
chore(deps): bump actions/checkout from 5 to 6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-12-01 16:24:05 +01:00
Kynan Ware
eb79e4a2f2
Merge pull request #12032 from cli/dependabot/github_actions/actions/download-artifact-6
...
chore(deps): bump actions/download-artifact from 5 to 6
2025-10-27 09:33:52 -06:00
dependabot[bot]
ac8eafd51e
chore(deps): bump actions/download-artifact from 5 to 6
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-27 15:10:59 +00:00
dependabot[bot]
366169500f
chore(deps): bump actions/upload-artifact from 4 to 5
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-27 15:01:02 +00:00
Kynan Ware
a30277b9d0
Merge pull request #11750 from cli/dependabot/github_actions/mislav/bump-homebrew-formula-action-3.6
...
chore(deps): bump mislav/bump-homebrew-formula-action from 3.4 to 3.6
2025-10-22 10:17:14 -06:00
dependabot[bot]
3b4d6e9f1e
chore(deps): bump mislav/bump-homebrew-formula-action from 3.4 to 3.6
...
Bumps [mislav/bump-homebrew-formula-action](https://github.com/mislav/bump-homebrew-formula-action ) from 3.4 to 3.6.
- [Release notes](https://github.com/mislav/bump-homebrew-formula-action/releases )
- [Commits](8e2baa47da...56a283fa15
2025-10-22 16:06:26 +00:00
dependabot[bot]
c7bf1b0a18
chore(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](9c156ee8a1...e435ccd777
2025-10-22 16:01:40 +00:00
Kynan Ware
e627f0132e
Merge pull request #11612 from cli/dependabot/github_actions/actions/attest-build-provenance-3.0.0
...
chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0
2025-10-17 14:51:03 -06:00
Babak K. Shandiz
986b952aaa
ci: pin release runner to Windows 2022
...
Signed-off-by: Babak K. Shandiz <babakks@github.com>
2025-09-23 17:31:35 +01:00
dependabot[bot]
4f37579efa
chore(deps): bump actions/setup-go from 5 to 6
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-09-04 14:48:13 +00:00
dependabot[bot]
325743e78b
chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 2.4.0 to 3.0.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](e8998f9491...977bb373ed
2025-08-29 14:02:11 +00:00
dependabot[bot]
6710bbc2be
chore(deps): bump actions/checkout from 4 to 5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-08-14 15:35:09 +00:00
dependabot[bot]
ce527971d1
chore(deps): bump actions/download-artifact from 4 to 5
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-08-06 14:35:09 +00:00
dependabot[bot]
f8a3133003
chore(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](db473fddc0...e8998f9491
2025-06-12 14:33:02 +00:00
dependabot[bot]
2266c7a5b5
chore(deps): bump mislav/bump-homebrew-formula-action from 3.2 to 3.4
...
Bumps [mislav/bump-homebrew-formula-action](https://github.com/mislav/bump-homebrew-formula-action ) from 3.2 to 3.4.
- [Release notes](https://github.com/mislav/bump-homebrew-formula-action/releases )
- [Commits](942e550c63...8e2baa47da
2025-06-03 14:57:13 +00:00
dependabot[bot]
9bb89de87c
chore(deps): bump actions/attest-build-provenance from 2.2.2 to 2.3.0
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 2.2.2 to 2.3.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](bd77c07785...db473fddc0
2025-04-28 15:44:19 +00:00
Kynan Ware
e21243fe9b
ci: pin third party actions to commit sha
2025-04-04 21:45:54 -06:00
Kynan Ware
601c3e448c
Fix(ci): base64 decode GPG passphrase
2025-03-05 12:43:44 -07:00
