feat: add workdflow to update dists #7
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#label:release v2.0.0 Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
# Summary slsa-framework#3576 followup to slsa-framework#3578 next step in https://github.com/slsa-framework/slsa-github-generator/blob/main/RELEASE.md#reference-actions-at-main Changing all the actions to point back to main. ## Testing Process pre-submit workflows ## Checklist - [ ] Review the contributing [guidelines](./../CONTRIBUTING.md) - [ ] Add a reference to related issues in the PR description. - [ ] Update documentation if applicable. - [ ] Add unit tests if applicable. - [ ] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
…amework#3572) # Summary Addresses slsa-framework#3002 Fixes the .github/workflows/e2e.sign-attestations.schedule.yml workflow. sigstore-js now has its cli tools in a separate package, to be installed with `install -g @sigstore/cli`. ## Testing Process Invoked the workflow from my personal fork - https://github.com/ramonpetgrave64/slsa-github-generator/actions/runs/8757196289/job/24035331070#step:6:11 ``` Verification succeeded Verification succeeded ``` We can't add this to a pre-submit, because it requires token permissions that are not available to forks' PR runs. ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [ ] Update documentation if applicable. - [ ] Add unit tests if applicable. - [ ] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
# Summary Fix broken links. Not found. https://github.com/slsa-framework/slsa-github-generator/CONTRIBUTING.md https://github.com/slsa-framework/slsa-github-generator/CHANGELOG.md https://github.com/actions/starter-workflows/blob/main/ci/generic-generator-ossf-slsa3-publish.yml ## Testing Process ## Checklist - [ ] Review the contributing [guidelines](./../CONTRIBUTING.md) - [ ] Add a reference to related issues in the PR description. - [ ] Update documentation if applicable. - [ ] Add unit tests if applicable. - [ ] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
…-framework#3604) # Summary Update actions/setup-go to v5.0.0 to resolve the warning. ``` Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/setup-go@93397be. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/. ``` https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/ https://github.com/actions/setup-go/releases/tag/v5.0.0 > In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). ## Testing Process ... ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [ ] Add a reference to related issues in the PR description. - [ ] Update documentation if applicable. - [ ] Add unit tests if applicable. - [ ] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. --------- Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
# Summary A few fixes and additions to the release docs. - fix the `sed` commands - add Github container registry auth instructions related PR slsa-framework/slsa-verifier#761 ## Testing Process Manual testing locally. ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [ ] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [ ] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com> Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
…rk#3616) # Summary We're using generators for our Dart and Python release artifacts e.g. https://github.com/atsign-foundation/noports/releases/tag/v5.2.1-rc1 https://github.com/atsign-foundation/noports/releases/tag/p0.4.9 ## Testing Process N/A - docs update ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [ ] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [ ] Add unit tests if applicable. - [ ] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. --------- Signed-off-by: Chris Swan <478926+cpswan@users.noreply.github.com>
# Summary Updating SECURITY.md has been missed for the last several releases. This PR adds v2.0.x to SECURITY.md as supported versions. v1.10.x is still included as a version that will receive security updates for now. NOTE: should have approval from someone listed in the [Security Team](https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md#security-team) (@laurentsimon, @kpk47, @joshuagl) ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. --------- Signed-off-by: Ian Lewis <ianlewis@google.com> Co-authored-by: Joshua Lock <joshuagloe@gmail.com>
# Summary Adds links to issues referenced in the CHANGELOG ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. Signed-off-by: Ian Lewis <ianlewis@google.com>
# Summary Updates `thehanimo/pr-title-checker` to v1.4.2 and fixes the version comment. This should allow renovate to create PRs to update dependencies again since it's been broken since early Dec 2023. Fixes slsa-framework#3022 ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. Signed-off-by: Ian Lewis <ianlewis@google.com>
# Summary Adds a new workflow to run [`ianlewis/todo-issue-reopener`](https://github.com/ianlewis/todo-issue-reopener) to reopen issues that are still referenced by TODO comments. ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. --------- Signed-off-by: Ian Lewis <ianlewis@google.com>
# Summary To resolve the deprecation warning of Node.js v16. softprops/action-gh-release updated Node.js to v20 at v2.0.0. https://github.com/softprops/action-gh-release/releases/tag/v2.0.0 Node.js 16 was deprecated. https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/ So we need to update softprops/action-gh-release to v2.0.0 or newer. Currently, slsa-framework/slsa-github-generator outputs the following warning. ``` Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: softprops/action-gh-release@de2c0eb. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/. ``` ## Testing Process ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [ ] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [ ] Add unit tests if applicable. - [ ] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
# Summary Change Renovate schedule to cron syntax. Fixes slsa-framework#404 ## Testing Process Code inspection only ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. Signed-off-by: Rhys Arkins <rhys@arkins.net>
# Summary Fixes renovate config to use the [`config:best-practices`](https://docs.renovatebot.com/presets-config/#configbest-practices) preset rather than the `config:base` preset since `config:base` seems to have gone away at some point. Also fixes the `schedule` config by using the [`schedule:monthly`](https://docs.renovatebot.com/presets-schedule/#schedulemonthly) preset. The previous `schedule` config seems to have been invalid because "4 am" had space between "4" and "am" (this was fixed in the `slsa-verifier` repo on slsa-framework/slsa-verifier#727 but was never fixed here). Also adds a pre-submit to run the [`renovate-config-validator`](https://docs.renovatebot.com/config-validation/) to ensure that renovate config is valid. This pre-submit will need to be made required in the repository branch protection rule for `main` in the repository settings after this PR is merged. Fixes slsa-framework#3634 slsa-framework#404 ## Testing Process - Run `make renovate-config-validator` to check that the config is valid. ## Checklist - [x] Review the contributing [guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) if applicable. --------- Signed-off-by: Ian Lewis <ianlewis@google.com> Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Similar to slsa-framework/slsa-verifier#760
This manually-invoked workflow runs against PRs to find all folders with node packages, and run
make package, so that renovate-bot PRs can have updated /dist folders.Testing Process
Checklist