chore(dependabot): bump ocm.software/ocm from 0.17.0 to 0.18.0

[dependabot]

Bumps ocm.software/ocm from 0.17.0 to 0.18.0.

Release notes

Sourced from ocm.software/ocm's releases.

v0.18.0

Release v0.18.0

• change short text for help topic (#1058)
• bug: allow http protocol for oci access (#1060)
• bug: fix unmarshal consumer identity with empty value (#1057)
• fix artifact set tagging (#1033)
• component constructor with references field (#1054)
• priority for CLI registration options (#1045)
• chore: update 'flake.nix' (#1049)
• add action doc (#1032)
• chore: update 'flake.nix' (#1040)
• chore: update 'flake.nix' (#1039)
• fix downloader handling (#1031)
• Adjust README with rotated GPG key (#1025)

🐛 Bug Fixes

• [release-v0.18.0] fix: version info for OCI refs (#1080)
• fix: set tlskyber=0 (#1047)
• fix: remove ocm release key if present (#1024)
• chore: release fallout corrections (#1023)

🧰 Maintenance

• chore: force bump to 0.18.0-dev (#1061)
• chore: reuse aggregation from ctf during component build (#1044)
• chore: disable runner cache for release note drafter (#1051)
• chore: enhance the publishing to other repositories then github (#1028)
• chore: migrate all component builds: ca => ctf (#1043)
• chore(ci): various optimizations for build processing, caching and concurrency (#996)
• fix: remove ocm release key if present (#1024)
• chore: release fallout corrections (#1023)

⬆️ Dependencies

• chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in the go_modules group (#1048)
• chore(deps): bump github.com/containerd/errdefs from 0.3.0 to 1.0.0 (#1037)
• chore(deps): bump the ci group with 2 updates (#1038)
• chore(deps): bump the go group with 8 updates (#1036)

v0.18.0-rc.2

... (truncated)

Changelog

Sourced from ocm.software/ocm's changelog.

Release Process

General Information

In the Open Component Model organization, the main development is done on the main branch. Thus, the main branch is used to develop on the latest minor version.

The release process focuses on the creation of release/<major>.<minor> release branches and the generation of release tags based on these branches. Every release branch is used to permanently track the development of a specific minor release of the OCM project. Whenever there is a critical issue for a specific minor release, a patch is cherry-picked into the release branch and a new patch release for that given minor version is created.

The release branches are initially created from the main branch via the GitHub action Release Branch Creation.

A release is generated by calling a specific release GitHub Action. It is executed on the branch which should be released - regardless whether it is a patch or a minor release.

In any case, a pre-release may be created by specifying a pre-release suffix for the release action execution. This will lead (for most use cases) to the creation of a "Release Candidate" which can be tested and delivered to end users willing to test the new release.

Release Workflow

Diagram

gitGraph TB:
    commit id: "VERSION 0.17.0-dev"
    commit id: "feat: some feature"
    branch "releases/v0.17"
    commit tag: "v0.17.0-rc.1" type: REVERSE
    checkout main
    commit id: "fix: hotfix bug" type: HIGHLIGHT
    checkout releases/v0.17
    cherry-pick id: "fix: hotfix bug"
    commit tag: "v0.17.0-rc.2"
    branch "releases/v0.17.0"
    checkout "releases/v0.17.0"
    commit id: "VERSION 0.17.0" tag:"v0.17.0"
    checkout main
    commit id: "VERSION 0.18.0-dev"
</tr></table> 

Loading

... (truncated)

Commits

• 4c43839 Release v0.18.0
• 08a2837 ReleaseNotes for v0.18.0
• 0117891 [release-v0.18.0] fix: version info for OCI refs (#1080)
• efae7d1 ReleaseNotes for v0.18.0-rc.1
• 2ea69c7 change short text for help topic (#1058)
• beabf65 chore: force bump to 0.18.0-dev (#1061)
• 3577e7e bug: allow http protocol for oci access (#1060)
• 37c6514 bug: fix unmarshal consumer identity with empty value (#1057)
• 2188c1c chore: reuse aggregation from ctf during component build (#1044)
• d6a5994 fix artifact set tagging (#1033)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)