Releases · sigstore/policy-controller

Thanks to all contributors!

What's Changed

Remove unnecessary files as part of the migration from sigstore/cosign by @vaikas in #11
Remove unnecessary tests, update Makefile. by @vaikas in #12
update ko configuration by @cpanato in #13
clean up makefile by @cpanato in #14
Fix import paths, update go.mod to be policy-controller. by @vaikas in #15
Fix build job and more cleanup by @cpanato in #16
Bump github.com/aws/aws-sdk-go-v2 from 1.16.4 to 1.16.5 by @dependabot in #9
update gcp service account by @cpanato in #17
Bump google.golang.org/api from 0.82.0 to 0.83.0 by @dependabot in #5
Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 by @dependabot in #19
Just chop chop chopping... by @vaikas in #20
Rejigger directories, drop cosign by @vaikas in #21
Remove cosign pkg, take a dep on it. by @vaikas in #23
Update release job by @cpanato in #22
Bump some vulnerable dependencies; base on distroless/static by @imjasonh in #27
Add spdxjson and cyclonedx as supported predicate types by @jdolitsky in #25
Point fulcio roots to sigstore/sigstore. Fix #24 by @vaikas in #30
Fix #28. Treat multiple authorities as OR instead of AND. by @vaikas in #29
fix: solve vuln from our opa version by @hectorj2f in #32
fix: add missing conversion to CRD by @hectorj2f in #36
Bump actions/dependency-review-action from 1.0.2 to 2.0.1 by @dependabot in #39
Bump actions/dependency-review-action from 2.0.1 to 2.0.2 by @dependabot in #40
Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 by @dependabot in #50
Bump github/codeql-action from 2.1.12 to 2.1.13 by @dependabot in #49
Bump github.com/google/go-containerregistry from 0.9.0 to 0.10.0 by @dependabot in #51
Bump mikefarah/yq from 4.25.2 to 4.25.3 by @dependabot in #54
Bump github/codeql-action from 2.1.13 to 2.1.14 by @dependabot in #53
Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 by @dependabot in #55
Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #57
chore: skip secret not found by @hectorj2f in #56
Validate globs at admission time. by @mattmoor in #60
Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #61
Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 by @dependabot in #62
Allow for @ symbol on globs to support image refs with digest by @jdolitsky in #63
Bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 by @dependabot in #58
Bump github.com/aws/aws-sdk-go-v2 from 1.16.5 to 1.16.6 by @dependabot in #64
Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 by @dependabot in #65
Add policy-tester CLI for testing ClusterImagePolicies by @jdolitsky in #67
Bump github.com/aws/aws-sdk-go-v2 from 1.16.6 to 1.16.7 by @dependabot in #68
Add static field to authority that allows for block/allow behaviour. by @vaikas in #69
Update k8s clusters test by @cpanato in #70
Avoid test race condition. by @mattmoor in #72
Validate CIP before using it. by @vaikas in #74
Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #75
Set reinvocationPolicy to 'IfNeeded' for the tag resolver webhook by @vpnachev in #76
Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #79
Bump actions/cache from 3.0.4 to 3.0.5 by @dependabot in #77
Bump github/codeql-action from 2.1.15 to 2.1.16 by @dependabot in #78
Refactor entire policy validation into ValidatePolicy. by @vaikas in #81
Bump actions/dependency-review-action from 2.0.2 to 2.0.4 by @dependabot in #82
Fix #38 , do not block status updates. by @vaikas in #88
Bump mikefarah/yq from 4.25.3 to 4.26.1 by @dependabot in #89
Update CHANGELOG to reflect changes since creating the repository. by @vaikas in #91
Fixes numerous validating and defaulting. Improve tests by @vaikas in #93
Bump github.com/google/go-containerregistry from 0.10.0 to 0.11.0 by @dependabot in #95
Bump github.com/hashicorp/vault/sdk from 0.5.1 to 0.5.3 by @dependabot in #94
update go builder and cosign by @cpanato in #96