Tags: github/ospo-reusable-workflows
Tags
chore(deps): bump docker/build-push-action in the dependencies group (#… …49) Bumps the dependencies group with 1 update: [docker/build-push-action](https://github.com/docker/build-push-action). Updates `docker/build-push-action` from 6.13.0 to 6.14.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@ca877d9...0adf995) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
feat: ensure contents of container image changes (#46) I got confused when the release tagging was being applied to the same release package (container image). This was because the container image was not changing. With this change, we put the contents of the repo into the container image, ensuring there is change and a new image and digest is created. This will also cause new attestation to be created. - [x] remove .github folder from .dockerignore to ensure the folder is put into the container image - [x] update README explaining what the image contents are and why Signed-off-by: jmeridth <[email protected]>
ci: reduce permissions on auto-labeler and set to not release (#38) We were seeing random draft releases after a release occurred. I realized the auto-labeler workflow (also using draft-release action) was still doing a draft release. This was the culprit. By adding `disable-releaser: true`, we prevent this. Since this workflow no longer needs to create a release we can remove the `contents: write` permissions also. - [x] change image-name from hard-coded to github.repository in test-release Signed-off-by: jmeridth <[email protected]>
feat: Add attestation option to release-image (#32) * feat: Add attestation option to release-image This change adds an option input `create-attestion` which will push a cryptographically strong build attestation to GitHub's sigstore instance, to enable consumers to verify the built container's contents matched the build. For more on attestations see : https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds * fix: use correct variables and add new attestation to test Signed-off-by: jmeridth <[email protected]> --------- Signed-off-by: jmeridth <[email protected]> Co-authored-by: jmeridth <[email protected]>
chore(deps): bump the dependencies group across 1 directory with 2 up… …dates (#30) Bumps the dependencies group with 2 updates in the / directory: [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) and [actions/stale](https://github.com/actions/stale). Updates `release-drafter/release-drafter` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](release-drafter/release-drafter@3f0f870...b1476f6) Updates `actions/stale` from 9.0.0 to 9.1.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v9.0.0...v9.1.0) --- updated-dependencies: - dependency-name: release-drafter/release-drafter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
PreviousNext