Skip to content

Tags: github/ospo-reusable-workflows

Tags

v0.4.6

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
chore(deps): bump docker/build-push-action in the dependencies group (#…

…49)

Bumps the dependencies group with 1 update: [docker/build-push-action](https://github.com/docker/build-push-action).


Updates `docker/build-push-action` from 6.13.0 to 6.14.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@ca877d9...0adf995)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

v0.4.5

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
feat: ensure contents of container image changes (#46)

I got confused when the release tagging was being applied
to the same release package (container image).  This was because
the container image was not changing.

With this change, we put the contents of the repo into the
container image, ensuring there is change and a new image and digest
is created.  This will also cause new attestation to be created.

- [x] remove .github folder from .dockerignore to ensure the folder is put into the container image
- [x] update README explaining what the image contents are and why

Signed-off-by: jmeridth <[email protected]>

v0.4.4

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix: put argument in correct section, config, not secrets (#44)

Signed-off-by: jmeridth <[email protected]>

v0.4.3

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
ci: remove attestations temporarily (#41)

Unfortunately attestations are causing confusion in the image registry.  Need
to resolve that before putting it back.

Signed-off-by: jmeridth <[email protected]>

v0.4.2

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
ci: reduce permissions on auto-labeler and set to not release (#38)

We were seeing random draft releases after a release occurred. I
realized the auto-labeler workflow (also using draft-release action)
was still doing a draft release.  This was the culprit.  By adding
`disable-releaser: true`, we prevent this.  Since this workflow no
longer needs to create a release we can remove the `contents: write`
permissions also.

- [x] change image-name from hard-coded to github.repository in test-release

Signed-off-by: jmeridth <[email protected]>

v0.4.1

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix: test release-image permissions (#36)

- [x] add permissions needed to each doc for each reusable workflow

Signed-off-by: jmeridth <[email protected]>

v0.4.0

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
feat: Add attestation option to release-image (#32)

* feat: Add attestation option to release-image

This change adds an option input `create-attestion` which will push a cryptographically strong build attestation to GitHub's sigstore instance, to enable consumers to verify the built container's contents matched the build.

For more on attestations see : https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds

* fix: use correct variables and add new attestation to test

Signed-off-by: jmeridth <[email protected]>

---------

Signed-off-by: jmeridth <[email protected]>
Co-authored-by: jmeridth <[email protected]>

v0.3.6

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
chore(deps): bump the dependencies group across 1 directory with 2 up…

…dates (#30)

Bumps the dependencies group with 2 updates in the / directory: [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) and [actions/stale](https://github.com/actions/stale).


Updates `release-drafter/release-drafter` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](release-drafter/release-drafter@3f0f870...b1476f6)

Updates `actions/stale` from 9.0.0 to 9.1.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v9.0.0...v9.1.0)

---
updated-dependencies:
- dependency-name: release-drafter/release-drafter
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

v0.3.5

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
feat(ci): add scopes to pr-title reusable workflow (#20)

Signed-off-by: jmeridth <[email protected]>

v0.3.4

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
feat: allow types list to be input to reusable pr-title workflow (#15)

Signed-off-by: jmeridth <[email protected]>