actions/attest-sbom
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: actions:v4.0.0
Branches Tags
actions:main
actions:v4 actions:v4.1.0 actions:v4.0.0 actions:v3 actions:v3.0.0 actions:predicate@2.0.0 actions:v2 actions:v2.4.0 actions:v2.2.0 actions:v2.1.0 actions:v2.0.1 actions:v2.0.0 actions:v1 actions:v1.4.1 actions:v1.4.0 actions:v1.3.3 actions:v1.3.2 actions:v1.3.1 actions:v1.3.0 actions:v1.2.0 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.0 actions:predicate@1.0.0 actions:v0.1.1 actions:v0.1.0 actions:predicate@0.1.0
...
compare: actions:v4.1.0
Branches Tags
actions:main
actions:v4 actions:v4.1.0 actions:v4.0.0 actions:v3 actions:v3.0.0 actions:predicate@2.0.0 actions:v2 actions:v2.4.0 actions:v2.2.0 actions:v2.1.0 actions:v2.0.1 actions:v2.0.0 actions:v1 actions:v1.4.1 actions:v1.4.0 actions:v1.3.3 actions:v1.3.2 actions:v1.3.1 actions:v1.3.0 actions:v1.2.0 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.0 actions:predicate@1.0.0 actions:v0.1.1 actions:v0.1.0 actions:predicate@0.1.0

2 Commits
v4.0.0 ... v4.1.0

Author SHA1 Message Date
dependabot[bot]
c604332985 Bump actions/attest from 4.0.0 to 4.1.0 in the actions-minor group (#255)
Some checks failed
Continuous Integration / Test attest-sbom action with local sbom file (push) Has been cancelled
Details 
Bumps the actions-minor group with 1 update: [actions/attest](https://github.com/actions/attest).


Updates `actions/attest` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/attest/releases)
- [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md)
- [Commits](c32b4b8b19...59d89421af)

---
updated-dependencies:
- dependency-name: actions/attest
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-02 17:24:35 -08:00
Brian DeHamer
f18f83ae6b update RELEASE.md docs (#254) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2026-02-25 16:02:29 -08:00
2 changed files with 1 additions and 19 deletions
Expand all files Collapse all files

18
RELEASE.md
View File

@@ -3,24 +3,6 @@
Follow the steps below to tag a new release for the `actions/attest-sbom`
action.
If changes were made to the internal `actions/attest-sbom/predicate` action (any
updates to [`./predicate/action.yaml`](./predicate/action.yml) or any of the
code in the [`./src`](./src) directory), start with step #1; otherwise, skip
directly to step #5.
1. Merge the latest changes to the `main` branch.
1. Create and push a new predicate tag of the form `predicate@X.X.X` following
SemVer conventions:
```shell
git tag -a "predicate@X.X.X" -m "predicate@X.X.X Release"
git push --tags
```
1. Update the reference to the `actions/attest-sbom/predicate` action in
[`action.yml`](./action.yml) to point to the SHA of the newly created tag.
1. Push the `action.yml` change and open a PR. Once it has been reviewed, merge
the PR and proceed with the release instructions.
1. Create a new release for the top-level action using a tag of the form
`vX.X.X` following SemVer conventions:

2
action.yml
View File

@@ -71,7 +71,7 @@ runs:
run: |
echo "::warning::actions/attest-sbom has been deprecated, please use actions/attest instead"
- uses: actions/attest@c32b4b8b198b65d0bd9d63490e847ff7b53989d4 # v4.0.0
- uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
id: attest
env:
NODE_OPTIONS: '--max-http-header-size=32768'