Skip to content

v0.6.0
Compare
Choose a tag to compare
@wlynch wlynch released this 11 Apr 16:19
· 197 commits to main since this release
v0.6.0
31608c0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Highlights

  • Added gitsign.matchCommitter option to verify certificate identity matches expected committer identity.
  • Added gitsign verify to verify commits with certificate verification options to match cosign (--certificate-identity, --certificate-oidc-issuer)
  • Added support for Buildkite and Environment Variable OIDC credential detection.

What's Changed

  • Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #228
  • Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 by @dependabot in #227
  • Bump anchore/sbom-action from 0.13.1 to 0.13.3 by @dependabot in #226
  • Bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.6.0 by @dependabot in #233
  • Bump github.com/go-git/go-billy/v5 from 5.4.0 to 5.4.1 by @dependabot in #232
  • Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 by @dependabot in #231
  • Bump actions/cache from 3.2.3 to 3.2.4 by @dependabot in #230
  • Bump golang.org/x/oauth2 from 0.4.0 to 0.5.0 by @dependabot in #237
  • Bump actions/cache from 3.2.4 to 3.2.5 by @dependabot in #235
  • upgrade go to 1.20 by @cpanato in #234
  • Bump golang.org/x/crypto from 0.5.0 to 0.6.0 by @dependabot in #236
  • Update README.md by @y12studio in #239
  • Handle spaces in git config values by @adityasaky in #240
  • Bump github.com/sigstore/fulcio from 1.0.0 to 1.1.0 by @dependabot in #243
  • Bump golang.org/x/net from 0.6.0 to 0.7.0 by @dependabot in #245
  • Update --detached-sign to --detach-sign, remove "auto generated" line from docs by @adityasaky in #242
  • Add support for checking cert email against user config before signing. by @wlynch in #246
  • Bump sigstore cosign to v2, dep and workflows by @k4leung4 in #247
  • Bump actions/cache from 3.2.5 to 3.2.6 by @dependabot in #248
  • Bump golang.org/x/oauth2 from 0.5.0 to 0.6.0 by @dependabot in #255
  • Bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.0 by @dependabot in #252
  • Bump golang.org/x/crypto from 0.6.0 to 0.7.0 by @dependabot in #253
  • Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 by @dependabot in #251
  • enable auto merge/approval for dependencies by @cpanato in #229
  • update some dependencies and use head of cosign for now by @cpanato in #250
  • Bump actions/cache from 3.2.6 to 3.3.1 by @dependabot in #256
  • Add matchCommitter to top level README table. by @wlynch in #257
  • Bump github.com/go-openapi/strfmt from 0.21.3 to 0.21.5 by @dependabot in #260
  • Bump github.com/go-git/go-git/v5 from 5.6.0 to 5.6.1 by @dependabot in #261
  • Bump actions/setup-go from 3.5.0 to 4.0.0 by @dependabot in #259
  • Bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #258
  • Add gitsign verify by @wlynch in #262
  • Bump anchore/sbom-action from 0.13.3 to 0.13.4 by @dependabot in #266
  • Fix e2e tests by including --certificate-identity flag. by @wlynch in #264
  • Initialize staging TUF root for sigstage.dev. by @wlynch in #267
  • Add cosign to e2e tests, generalize e2e tests for forked repos. by @wlynch in #268
  • Fix verify flags in README by @wlynch in #263
  • Bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #265
  • Bump github.com/go-openapi/strfmt from 0.21.5 to 0.21.7 by @dependabot in #272
  • Bump github.com/sigstore/fulcio from 1.1.0 to 1.2.0 by @dependabot in #273
  • Bump anchore/sbom-action from 0.13.4 to 0.14.1 by @dependabot in #269
  • Bump github.com/sigstore/rekor from 1.0.1 to 1.1.0 by @dependabot in #270
  • Update logo URL by @wlynch in #274
  • Bump github.com/docker/docker from 20.10.23+incompatible to 20.10.24+incompatible by @dependabot in #275
  • bump cosign dependency to pick up buildkite OIDC provider by @imjasonh in #276
  • Bump github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible by @dependabot in #277
  • Revert change in Gitsign logo URL path by @sandipanpanda in #278
  • Bump github.com/sigstore/sigstore from 1.6.0 to 1.6.1 by @dependabot in #281
  • Bump github.com/in-toto/in-toto-golang from 0.7.0 to 0.7.1 by @dependabot in #280
  • Bump github.com/sigstore/cosign/v2 from 2.0.1-0.20230404223517-fdeea9fd1574 to 2.0.1 by @dependabot in #279
  • Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 by @dependabot in #282
  • Bump golang.org/x/oauth2 from 0.6.0 to 0.7.0 by @dependabot in #284

New Contributors

Full Changelog: v0.5.2...v0.6.0

Contributors

imjasonh, y12studio, and 6 other contributors
Assets 72