docker/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
348 Commits 1 Branch 35 Tags
v0.6.8
Commit Graph

348 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
b0d6219e34 feat(deps): bump google.golang.org/api from 0.201.0 to 0.202.0 (#210) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.201.0 to 0.202.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.201.0...v0.202.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v0.6.8 		2024-10-23 13:37:33 +01:00
Jonny Stoten
b4a9283ec3 Update go git (#209) 2024-10-22 15:31:55 +01:00
Jonny Stoten
ca97a23d07 Skip DCO requirement for org members (#208) 
Signed-off-by: Jonny Stoten <jonny.stoten@docker.com>
 2024-10-22 14:41:44 +01:00
Jonny Stoten
a078fba81d feat: add internal reproducible git checksum builtin (#203) 
Adds a new rego builtin `attest.internals.reproducible_git_checksum`.
This is needed for verifying DOI provenance, see
https://github.com/docker/doi-image-policy/blob/main/slsa.md#doi-build-reproducible-git-checksum.

We use https://github.com/go-git/go-git for as much of this as possible,
but it doesn't support the actual archive operation, so we shell out to
`git` for that.

There is some similar unexported code in bashbrew, and we should
probably be using the same code in the build process as we are here.
I'll create a follow-up ticket to sort that out.
 2024-10-22 14:30:27 +01:00
Joel Kamp
3cf2d929f7 Merge pull request #206 from docker/feat-add-code-of-conduct 
feat: add code of conduct
 2024-10-21 10:09:26 -05:00
mrjoelkamp
c7b2ebefac feat: add code of conduct 
Signed-off-by: mrjoelkamp <joel.kamp@docker.com>
 2024-10-21 10:00:36 -05:00
Joel Kamp
85cf56de49 Merge pull request #205 from docker/feat-add-pr-issue-templates 
feat: add pr and issue templates
 2024-10-18 10:00:53 -05:00
mrjoelkamp
f426fa367c feat: add pr and issue templates 2024-10-18 09:55:27 -05:00
Joel Kamp
c7c3d23717 Merge pull request #204 from docker/chore-apply-license 
chore: apply license headers
 2024-10-18 09:45:31 -05:00
mrjoelkamp
01a6a2ab7d refactor: remove copyright year; add newline 2024-10-18 09:25:31 -05:00
mrjoelkamp
6fd73fe45d chore: add notice 2024-10-17 14:08:33 -05:00
mrjoelkamp
0215b620cd chore: apply license headers 2024-10-17 13:43:30 -05:00
Joel Kamp
79bbc9b55b Merge pull request #198 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/aws-1.8.10 
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.9 to 1.8.10
v0.6.7 		2024-10-17 08:31:45 -05:00
Joel Kamp
47669993c6 Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/aws-1.8.10 2024-10-17 08:25:14 -05:00
Joel Kamp
7414fb7339 Merge pull request #199 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/gcp-1.8.10 
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.9 to 1.8.10
 2024-10-17 08:24:47 -05:00
dependabot[bot]
0e1005d0f7 feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-17 13:18:42 +00:00
dependabot[bot]
94f69c75d2 feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-17 13:18:39 +00:00
Joel Kamp
b2e8166079 Merge pull request #200 from docker/dependabot/go_modules/github.com/sigstore/sigstore-1.8.10 
feat(deps): bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10
 2024-10-17 08:16:22 -05:00
Joel Kamp
8c4ee60f50 Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10 2024-10-17 08:12:39 -05:00
mrjoelkamp
9b6234f0ae chore: go mod tidy 2024-10-17 08:12:10 -05:00
Joel Kamp
17b0978b44 Merge pull request #201 from docker/feat--add-verifier-version-to-vsa 
feat: add verifier version to vsa
 2024-10-17 08:09:17 -05:00
Joel Kamp
7ff20a9328 Merge branch 'main' into feat--add-verifier-version-to-vsa 2024-10-17 08:03:47 -05:00
James Carnegie
273b61ebd6 Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10 2024-10-17 09:36:58 +01:00
dependabot[bot]
eda0b23910 feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#202) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.43 to 1.28.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.43...v1.28.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-17 09:36:43 +01:00
mrjoelkamp
4a82bb9981 feat: add version checker test 2024-10-16 15:18:34 -05:00
mrjoelkamp
84c0b116a7 feat: add verifier version to vsa 2024-10-16 12:01:31 -05:00
James Carnegie
16f65fefeb Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10 2024-10-16 10:13:44 +01:00
dependabot[bot]
e39a4ea9f3 feat(deps): bump google.golang.org/api from 0.200.0 to 0.201.0 (#197) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.200.0 to 0.201.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.200.0...v0.201.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-16 10:13:11 +01:00
dependabot[bot]
2e4f8f79bd feat(deps): bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-16 09:03:50 +00:00
James Carnegie
da667de610 feat: support arbitrary rego input parameters (#196) 
* feat: support arbitrary rego input parameters
v0.6.6 		2024-10-15 16:07:26 +01:00
Joel Kamp
7027d2d054 Merge pull request #188 from docker/dependabot/go_modules/github.com/sigstore/cosign/v2-2.4.1 
feat(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1
 2024-10-15 09:37:02 -05:00
mrjoelkamp
163c1828e3 chore: go mod tidy 2024-10-15 09:28:32 -05:00
dependabot[bot]
168a574c15 feat(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v2.4.0...v2.4.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-15 14:27:14 +00:00
Joel Kamp
ad2f8befa2 Merge pull request #195 from docker/dependabot/go_modules/google.golang.org/api-0.200.0 
feat(deps): bump google.golang.org/api from 0.199.0 to 0.200.0
 2024-10-15 08:53:56 -05:00
dependabot[bot]
8460357880 feat(deps): bump google.golang.org/api from 0.199.0 to 0.200.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.199.0 to 0.200.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.199.0...v0.200.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-15 13:44:46 +00:00
Joel Kamp
994240018e Merge pull request #187 from docker/dependabot/go_modules/github.com/containerd/containerd/v2-2.0.0-rc.5 
feat(deps): bump github.com/containerd/containerd/v2 from 2.0.0-rc.4 to 2.0.0-rc.5
 2024-10-15 08:42:03 -05:00
Joel Kamp
5c51ee7c19 Merge pull request #194 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.43 
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.27.43
 2024-10-15 08:36:49 -05:00
Joel Kamp
8ae43ba5e9 Merge branch 'main' into dependabot/go_modules/github.com/containerd/containerd/v2-2.0.0-rc.5 2024-10-15 08:33:48 -05:00
dependabot[bot]
ec659e62cd feat(deps): bump github.com/aws/aws-sdk-go-v2/config 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.39 to 1.27.43.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.39...config/v1.27.43)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-09 08:42:48 +00:00
Joel Kamp
2d7f6cae3c Merge pull request #191 from docker/feat-vsa-input-attestations 
feat: vsa input attestations
 2024-10-08 08:30:06 -05:00
mrjoelkamp
a686de72fd feat: add input atts to result summary 2024-10-07 15:07:21 -05:00
mrjoelkamp
d58ce0c600 feat: add reference wrapper for envelope 2024-10-07 13:34:04 -05:00
dependabot[bot]
bf33de5b48 feat(deps): bump github.com/theupdateframework/go-tuf/v2 (#186) 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.0.1...v2.0.2)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v0.6.5 		2024-10-02 10:05:46 +01:00
dependabot[bot]
b8ca85152d feat(deps): bump github.com/containerd/containerd/v2 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.0.0-rc.4 to 2.0.0-rc.5.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.0.0-rc.4...v2.0.0-rc.5)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-02 08:36:57 +00:00
Joel Kamp
e06d8736df Merge pull request #182 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.39 
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.38 to 1.27.39
v0.6.4 		2024-10-01 16:02:00 -05:00
Joel Kamp
fcf98ebc3f Merge branch 'main' into dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.39 2024-10-01 15:46:46 -05:00
Joel Kamp
acd8d427a1 Merge pull request #185 from docker/dependabot/go_modules/github.com/open-policy-agent/opa-0.69.0 
feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0
 2024-10-01 15:46:34 -05:00
Joel Kamp
f2f13933df Merge branch 'main' into dependabot/go_modules/github.com/open-policy-agent/opa-0.69.0 2024-10-01 15:42:13 -05:00
Joel Kamp
503410bb7b Merge pull request #184 from docker/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.0.1 
feat(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1
 2024-10-01 15:41:54 -05:00
dependabot[bot]
ac04e8a9ea feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.68.0 to 0.69.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.68.0...v0.69.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 08:30:48 +00:00