Skip to content

v3.0.0

Latest
Latest
Compare
Choose a tag to compare
@woodruffw woodruffw released this 15 Jul 15:19
· 3 commits to main since this release
v3.0.0
f514d46
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Added

  • inputs now allows recursive globbing with **
    (#106)

Removed

  • The following settings have been removed: fulcio-url, rekor-url,
    ctfe, rekor-root-pubkey
    (#140)
  • The following output settings have been removed: signature,
    certificate, bundle
    (#146)

Changed

  • inputs is now parsed according to POSIX shell lexing rules, improving
    the action's consistency when used with filenames containing whitespace
    or other significant characters
    (#104)

  • inputs is now optional if release-signing-artifacts is true
    and the action's event is a release event. In this case, the action
    takes no explicit inputs, but signs the source archives already attached
    to the associated release
    (#110)

  • The default suffix has changed from .sigstore to .sigstore.json,
    per Sigstore's client specification
    (#140)

  • release-signing-artifacts now defaults to true
    (#142)

Fixed

  • The release-signing-artifacts setting no longer causes a hard error
    when used under the incorrect event
    (#103)

  • Various deprecations present in sigstore-python's 2.x series have been
    resolved
    (#140)

  • This workflow now supports CI runners that use PEP 668 to constrain global
    package prefixes
    (#145)

Assets 10
Loading