Andy Feller
d4262f8183
Mention GitHub CLI team on discussion issues
2024-11-14 10:31:36 -05:00
dependabot[bot]
2318fde15f
Bump actions/attest-build-provenance from 1.4.3 to 1.4.4
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](1c608d11d6...ef244123eb
2024-11-06 14:14:48 +00:00
Yukai Chou
fdfd4b30bb
Rewrite a sentence in CONTRIBUTING.md
2024-10-17 01:13:47 +08:00
Kynan Ware
dae074049a
Merge pull request #9687 from cli/kw/improve-security.md-encourage-pocs-and-investigation
...
Improve `SECURITY.md` with expectations for privately reported vulnerabilities
2024-10-02 12:33:43 -06:00
Kynan Ware
289b9bc712
Apply suggestions from code review
...
Co-authored-by: Tyler McGoffin <jtmcg@github.com>
2024-10-01 17:24:23 -06:00
Kynan Ware
023a44904a
Update SECURITY.md
2024-10-01 12:02:54 -06:00
bagtoad
efe9841caf
Fix typo and wordsmithing
2024-09-30 15:14:59 -06:00
bagtoad
7b8e8be7d4
Remove trailing space from heading
2024-09-30 15:13:19 -06:00
bagtoad
aef01e22d7
Revise wording
2024-09-30 15:03:50 -06:00
bagtoad
0b29beacf4
Update docs to allow community submitted designs
2024-09-30 14:47:24 -06:00
dependabot[bot]
a21e78bf0d
build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](6149ea5740...1c608d11d6
2024-09-06 14:31:25 +00:00
dependabot[bot]
b8db372d71
build(deps): bump actions/attest-build-provenance from 1.4.1 to 1.4.2 ( #9518 )
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](310b0a4a3b...6149ea5740
2024-08-26 10:26:42 -07:00
dependabot[bot]
da43f6e476
build(deps): bump actions/attest-build-provenance from 1.4.0 to 1.4.1
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](210c191353...310b0a4a3b
2024-08-12 15:00:14 +00:00
dependabot[bot]
ad96ad3580
build(deps): bump actions/attest-build-provenance from 1.3.3 to 1.4.0
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 1.3.3 to 1.4.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](5e9cb68e95...210c191353
2024-07-31 14:55:39 +00:00
Zach Steindler
658f125ab3
Update sigstore-go in gh CLI to v0.5.1 ( #9366 )
...
Signed-off-by: Zach Steindler <steiza@github.com>
2024-07-25 20:59:39 +02:00
dependabot[bot]
4511a8b4c4
build(deps): bump actions/attest-build-provenance from 1.3.2 to 1.3.3
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 1.3.2 to 1.3.3.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](bdd51370e0...5e9cb68e95
2024-07-10 14:21:15 +00:00
Andy Feller
70c3ca3236
Merge pull request #9167 from TWiStErRob/patch-1
...
Add GH_DEBUG to issue template
2024-06-25 10:46:14 -04:00
Andy Feller
85387fdc67
Update .github/ISSUE_TEMPLATE/bug_report.md
...
Co-authored-by: Róbert Papp <papp.robert.s@gmail.com>
2024-06-25 10:35:31 -04:00
dependabot[bot]
651d7135dc
build(deps): bump actions/attest-build-provenance from 1.2.0 to 1.3.2
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 1.2.0 to 1.3.2.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](49df96e17e...bdd51370e0
2024-06-18 14:40:06 +00:00
Róbert Papp
307d07ebfd
Update .github/ISSUE_TEMPLATE/bug_report.md
...
Co-authored-by: Andy Feller <andyfeller@github.com>
2024-06-13 19:47:30 +01:00
Andy Feller
7cd4a15e7c
Merge pull request #9175 from cli/dependabot/github_actions/goreleaser/goreleaser-action-6
...
build(deps): bump goreleaser/goreleaser-action from 5 to 6
2024-06-12 10:55:12 -04:00
dependabot[bot]
d666248104
build(deps): bump goreleaser/goreleaser-action from 5 to 6
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5 to 6.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-05 14:34:35 +00:00
dependabot[bot]
215456e8ae
build(deps): bump actions/attest-build-provenance from 1.1.2 to 1.2.0
...
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](173725a120...49df96e17e
2024-06-04 14:47:16 +00:00
Róbert Papp
3a1f3854a4
Add GH_DEBUG to issue template
2024-06-04 10:51:38 +01:00
Andy Feller
fe880a3015
Ensure signed RPMs have attestations
...
Thanks to @malancas for highlighting issue ordering of RPM signing and attestations! Now, all artifacts should have attestations appropriately generated
2024-05-29 16:18:18 -04:00
Meredith Lancaster
e55093347c
Add build provenance for gh CLI releases ( #9087 )
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-05-28 18:10:50 +02:00
Paul
630ab13461
Merge branch 'trunk' into feature-macos-pkg-installer
2024-05-20 17:05:23 +02:00
Meredith Lancaster
6f350827d2
Run attestation command set integration tests separately ( #9035 )
...
* rename and add integration build tag
Signed-off-by: Meredith Lancaster <malancas@github.com>
* run tests that include integration build tag in workflow
Signed-off-by: Meredith Lancaster <malancas@github.com>
---------
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-05-02 08:07:44 -06:00
Meredith Lancaster
c465d465a5
Update sigstore-go dependency to v0.3.0 ( #8977 )
...
* update sigstore-go dep to v0.3.0
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add integration test to verify newer sigstore bundle versions
Signed-off-by: Meredith Lancaster <malancas@github.com>
* Fix shellcheck issues
Signed-off-by: Meredith Lancaster <malancas@github.com>
* Give the cli/package-security team ownership over gh attestation cmd integration tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fetch attestation file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* clean up new integration test
Signed-off-by: Meredith Lancaster <malancas@github.com>
* try pulling other attestation file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* cleanup new attestation verify integration test
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add new gh atestation integration test to workflow
Signed-off-by: Meredith Lancaster <malancas@github.com>
* mark script as executable
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename the integration test file
Signed-off-by: Meredith Lancaster <malancas@github.com>
---------
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-04-23 07:07:23 -06:00
Matthew Hughes
0d6bd6d53c
Fix cache contention in Go CI jobs
...
Fix the `Set up go` and `Restore Go modules cache` steps both trying to
read/write the same contents. Since the `setup-go` step runs first this
results in the "restore cache" step trying to write the same contents
under `~/go/pkg/mod` which results in errors like (e.g. random
example[1]):
/usr/bin/tar -xf /home/runner/work/_temp/6d12957f-f226-455e-b99c-fa7ee8c962cb/cache.tzst -P -C /home/runner/work/cli/cli --use-compress-program unzstd
/usr/bin/tar: ../../../go/pkg/mod/golang.org/x/net@v0.21.0/go.sum: Cannot open: File exists
Error: /usr/bin/tar: ../../../go/pkg/mod/golang.org/x/net@v0.21.0/proxy/proxy.go: Cannot open: File exists
Error: /usr/bin/tar: ../../../go/pkg/mod/golang.org/x/net@v0.21.0/proxy/socks5.go: Cannot open: File exists
Error: /usr/bin/tar: ../../../go/pkg/mod/golang.org/x/net@v0.21.0/proxy/dial_test.go: Cannot open: File exists
Since restoring fails, the cache job thinks no cache hit was made and
proceeds to try and save, but since it may well have fetched a valid
cache this can also error (again, see[1]):
Post job cleanup.
/usr/bin/tar --posix -cf cache.tzst --exclude cache.tzst -P -C /home/runner/work/cli/cli --files-from manifest.txt --use-compress-program zstdmt
Failed to save: Unable to reserve cache with key go-Linux-1b4ae53bfd76c3b70f62d419e17f36544d0a1331f04b13d2a942e7752e3789c3, another job may be creating this cache. More details: Cache already exists. Scope: refs/heads/trunk, Key: go-Linux-1b4ae53bfd76c3b70f62d419e17f36544d0a1331f04b13d2a942e7752e3789c3, Version: 2a8d0f2be1a88abb057cd9fcea9832bd16e7ab71798dbf93cd890eb9add83cf6
To avoid this, just rely on the caching functionality of the `seutp-go`
action.
For some context, It appears this cache behaviour was added with
cb7315c85dhttps://github.com/cli/cli/actions/runs/8654869114/job/23732868571
[2] https://github.com/actions/setup-go/releases/tag/v3.2.0
2024-04-12 17:36:45 +01:00
Meredith Lancaster
2c53d7c9a8
Add codeowners entry for the GitHub TUF root included in the attestation command set ( #8919 )
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-04-05 09:41:34 +02:00
William Martin
200c95e5b2
Rely on go.mod go version in all workflows ( #8911 )
2024-04-02 13:22:31 +00:00
Naoya Yasuda
5d79a95a32
Upgrade to Go 1.22 ( #8836 )
2024-04-02 14:34:59 +02:00
Meredith Lancaster
90b7bf97c5
gh-attestation cmd integration ( #8698 )
...
* add attestation cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add codeowners
Signed-off-by: Meredith Lancaster <malancas@github.com>
* update args passed to the attestation cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use gh-attestation branch for passing iostreams from the root
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add package security team entry to codeowners
Signed-off-by: Meredith Lancaster <malancas@github.com>
* start moving over verify cmd and general verification code
Signed-off-by: Meredith Lancaster <malancas@github.com>
* clean up common and verify specific policy code
Signed-off-by: Meredith Lancaster <malancas@github.com>
* move artifact package over
Signed-off-by: Meredith Lancaster <malancas@github.com>
* start pulling in the github api client wrapper
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix imports
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add logger and test packages
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add additional packages to support verify command
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix mock api client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* clean up mock api client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* include missing fields
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use correct owner
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add more mock api client options
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add download cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add inspect cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* pass factory object to inspect cmd, add inspect sub cmd to attestation cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add verify-tuf-root cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* pass iostream struct from command
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename logger pkg to logger
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix path in codeowners
Signed-off-by: Meredith Lancaster <malancas@github.com>
* formatter
Signed-off-by: Meredith Lancaster <malancas@github.com>
* go mod tidy
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix printf linter issue
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix printf linter issue
Signed-off-by: Meredith Lancaster <malancas@github.com>
* check user's GH host for compatibility
Signed-off-by: Meredith Lancaster <malancas@github.com>
* pass oci client to commands directly
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename command
Signed-off-by: Meredith Lancaster <malancas@github.com>
* mark tuf-root-verify cmd hidden
Signed-off-by: Meredith Lancaster <malancas@github.com>
* move client initialization back to subcommands
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add more verbose options and logging
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add missing logger
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add testing around OCI and API client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add integration test
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix file path
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix command
Signed-off-by: Meredith Lancaster <malancas@github.com>
* build executable before integration test
Signed-off-by: Meredith Lancaster <malancas@github.com>
* split integration tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove integration test steps
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix flag value
Signed-off-by: Meredith Lancaster <malancas@github.com>
* run integration tests on ubuntu for now
Signed-off-by: Meredith Lancaster <malancas@github.com>
* pull over doc updates
Signed-off-by: Meredith Lancaster <malancas@github.com>
* delete unused test data
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove Go patch version
Signed-off-by: Meredith Lancaster <malancas@github.com>
* switch assert to require
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* move integration tests to prexisting test workflow
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use platform matrix for integration tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* simplify build step
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use StringEnumFlag handling
Signed-off-by: Meredith Lancaster <malancas@github.com>
* typo
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use the iostreams.Test helper func
Signed-off-by: Meredith Lancaster <malancas@github.com>
* create interface for oci client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add tests for oci client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename files
Signed-off-by: Meredith Lancaster <malancas@github.com>
* format file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix shellcheck issues
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use testing TempDir method
Signed-off-by: Meredith Lancaster <malancas@github.com>
* cleanup unused tempdir handling
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use table driven tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* check correct cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* support repo option in download sub cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* switch over to using RunE
Signed-off-by: Meredith Lancaster <malancas@github.com>
* unexport top level subcommand funcs
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add comment around keychain option
Signed-off-by: Meredith Lancaster <malancas@github.com>
* update comments
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix inconsistent naming
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add tests for CLI commands
Signed-off-by: Meredith Lancaster <malancas@github.com>
* check for noattestationsfound err
Signed-off-by: Meredith Lancaster <malancas@github.com>
* try out metadata abstraction instead
Signed-off-by: Meredith Lancaster <malancas@github.com>
* switch to using MetadataStore abstraction
Signed-off-by: Meredith Lancaster <malancas@github.com>
* include test case with failing metadata store
Signed-off-by: Meredith Lancaster <malancas@github.com>
* look for err specific to file write
Signed-off-by: Meredith Lancaster <malancas@github.com>
* unexport fields
Signed-off-by: Meredith Lancaster <malancas@github.com>
* return err when an unsupported hash alg is provided
Signed-off-by: Meredith Lancaster <malancas@github.com>
* PrintTableToStdOut returns err when rendering fails
Signed-off-by: Meredith Lancaster <malancas@github.com>
* start adding sigstore verifier unit tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add more sigstore verifier specific tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use cli table printer
Signed-off-by: Meredith Lancaster <malancas@github.com>
* return JSON results in slice instead of table
Signed-off-by: Meredith Lancaster <malancas@github.com>
* move mock client to test file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove unneeded table printer method
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add initial tests for tufrootverify cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* formatting
Signed-off-by: Meredith Lancaster <malancas@github.com>
* cleanup method
Signed-off-by: Meredith Lancaster <malancas@github.com>
* close file in error handling branch
Signed-off-by: Meredith Lancaster <malancas@github.com>
* normalize artifact path
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove unneeded embedded file system
Signed-off-by: Meredith Lancaster <malancas@github.com>
* include image name reference err
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use GH_DEBUG value for io handling
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove quiet and verbose flags
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add more tufrootveriify tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* GitHubTUFOptions no longer needs to return error
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove unneeded slice
Signed-off-by: Meredith Lancaster <malancas@github.com>
* normalize all relative paths
Signed-off-by: Meredith Lancaster <malancas@github.com>
* clean up nil client checks
Signed-off-by: Meredith Lancaster <malancas@github.com>
* set api server based on host
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add comment about http client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use format flag to handle json output in verify cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use format flag to handle json output
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use normalized path for cli test arg
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add tests for json output
Signed-off-by: Meredith Lancaster <malancas@github.com>
* cleanup error wrapping
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use test fixtures correctly by normalizing path
Signed-off-by: Meredith Lancaster <malancas@github.com>
* dont clean
Signed-off-by: Meredith Lancaster <malancas@github.com>
* escape backwards slash for windows files with replace
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use strings.Split func
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use strings.Replace for all command tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use CLI cache dir to store tuf metadata
Signed-off-by: Meredith Lancaster <malancas@github.com>
* Tweaked docstrings for gh attestation download
* Tweaked docstrings for gh attestation verify
* Fix for bug in gh attestation where the wrong hostname was being passed to the API client.
* lets hide tuf-root-verify eh?
* Forgot verify's short str.
* add remote verification test
Signed-off-by: Meredith Lancaster <malancas@github.com>
* Revert "add remote verification test"
This reverts commit c0ceb99ca8
2024-04-01 11:13:47 -06:00
dependabot[bot]
2bbafc1a09
build(deps): bump microsoft/setup-msbuild from 1.3.2 to 2.0.0
...
Bumps [microsoft/setup-msbuild](https://github.com/microsoft/setup-msbuild ) from 1.3.2 to 2.0.0.
- [Release notes](https://github.com/microsoft/setup-msbuild/releases )
- [Changelog](https://github.com/microsoft/setup-msbuild/blob/main/building-release.md )
- [Commits](https://github.com/microsoft/setup-msbuild/compare/v1.3.2...v2.0.0 )
---
updated-dependencies:
- dependency-name: microsoft/setup-msbuild
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-31 14:37:37 +00:00
dependabot[bot]
8378e83e45
build(deps): bump microsoft/setup-msbuild from 1.3.1 to 1.3.2
...
Bumps [microsoft/setup-msbuild](https://github.com/microsoft/setup-msbuild ) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/microsoft/setup-msbuild/releases )
- [Changelog](https://github.com/microsoft/setup-msbuild/blob/main/building-release.md )
- [Commits](https://github.com/microsoft/setup-msbuild/compare/v1.3.1...v1.3.2 )
---
updated-dependencies:
- dependency-name: microsoft/setup-msbuild
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-26 14:05:45 +00:00
dependabot[bot]
32ab65fd77
build(deps): bump actions/cache from 3 to 4 ( #8594 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-18 07:37:49 -08:00
dependabot[bot]
8cfe7572de
build(deps): bump actions/download-artifact from 3 to 4 ( #8466 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-17 10:04:40 -08:00
dependabot[bot]
44cac16be1
build(deps): bump actions/upload-artifact from 3 to 4 ( #8467 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-17 10:02:54 -08:00
Andy Feller
48f5a15e0d
Update deployment.yml
...
Removed previous deployment step env vars
2024-01-08 08:48:55 -05:00
Andy Feller
541ce0e5b4
Merge pull request #8465 from cli/andyfeller/213-windows-hsm-signing
...
Update deployment workflow for final HSM solution
2023-12-15 11:52:35 -05:00
Andy Feller
5ecdf166fb
Update deployment workflow for final HSM solution
...
This applies the changes from the separate Windows HSM signing prototype development to the official deployment workflow including:
1. Use of Azure Code Signing client
2. Sourcing signtool.exe from runner
3. Moving from batch to PowerShell for Windows signing script
4. Using the same signing process for .exe and .msi
2023-12-14 13:15:38 -05:00
dependabot[bot]
1df8e833c7
build(deps): bump github/codeql-action from 2 to 3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-14 14:24:28 +00:00
Andy Feller
29f409666e
Merge pull request #8457 from cli/andyfeller/213-windows-hsm-signing-testing
...
Enhance HSM deployment prototype to use the same signing process for .exe and .msi
2023-12-14 07:10:13 -05:00
Andy Feller
e01809c075
Unify Windows sign process on signtool
...
- converts the process from using script/sign.bat to script/sign.ps1 for supportability and capability
- resolves signtool on runner in order to run rather than hardcoded path
2023-12-13 10:19:36 -05:00
Andy Feller
f0f09bda57
Merge pull request #8421 from cli/andyfeller/213-windows-hsm-signing-testing
...
Create HSM testing workflow
2023-12-12 10:19:51 -05:00
Andy Feller
35f99ee426
Final fixes
2023-12-12 10:09:47 -05:00
Andy Feller
783dbf999a
Remove fugue artifact
2023-12-12 09:56:35 -05:00
Andy Feller
bcbd848bfe
Remove unnecessary copying, fix secrets part deux
2023-12-12 09:54:55 -05:00
Andy Feller
1fff21a63e
Fixes based on actual secret names and signtool insights
2023-12-12 09:48:16 -05:00
