diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index da46da28d..b92c84585 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -36,13 +36,12 @@ jobs: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - # TODO: uncomment when we bump to go1.22 in go.mod - # - name: Extract version of Go to use - # run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV + - name: Extract version of Go to use + run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: '1.22' + go-version: '${{ env.GOVERSION }}' check-latest: true - name: deps diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a3288cae0..fe81d04e7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -31,13 +31,12 @@ jobs: steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - # TODO: uncomment when we bump to go1.22 in go.mod - # - name: Extract version of Go to use - # run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV + - name: Extract version of Go to use + run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: '1.22' + go-version: ${{ env.GOVERSION }} check-latest: true - uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index cadb2a1ed..64a29be4b 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -28,14 +28,14 @@ jobs: check-signature: runs-on: ubuntu-latest container: - image: ghcr.io/sigstore/cosign/cosign:v2.4.0-dev@sha256:a97b592b9f73390edcd6ceb5799a62513a906cbdffcdc63f53585910c71b0708 + image: ghcr.io/sigstore/cosign/cosign:v2.4.1-dev@sha256:a1bb112f1758703aa1d222bf30b9655d04cf196c0b7feaf3479d1222c2283590 steps: - name: Check Signature run: | - cosign verify ghcr.io/gythialy/golang-cross:v1.23.1-0@sha256:08c0c74e318141737b9da97e3b110417a5d898eef617802706b725ef926497ff \ + cosign verify ghcr.io/gythialy/golang-cross:v1.23.2-0@sha256:8feb33a131baabdef112d924a4379ff6b0a4f00a4854f97b0dc73742198638bd \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ - --certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.23.1-0" + --certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.23.2-0" env: TUF_ROOT: /tmp @@ -44,7 +44,7 @@ jobs: needs: - check-signature container: - image: ghcr.io/gythialy/golang-cross:v1.23.1-0@sha256:08c0c74e318141737b9da97e3b110417a5d898eef617802706b725ef926497ff + image: ghcr.io/gythialy/golang-cross:v1.23.2-0@sha256:8feb33a131baabdef112d924a4379ff6b0a4f00a4854f97b0dc73742198638bd steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 diff --git a/.github/workflows/verify-k8s.yml b/.github/workflows/verify-k8s.yml index dccc78b92..a4dba285c 100644 --- a/.github/workflows/verify-k8s.yml +++ b/.github/workflows/verify-k8s.yml @@ -27,13 +27,12 @@ jobs: steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - # TODO: uncomment when we bump to go1.22 in go.mod - # - name: Extract version of Go to use - # run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV + - name: Extract version of Go to use + run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: ${{ env.GOVERSION }} + go-version: '${{ env.GOVERSION }}' check-latest: true - name: Install kubeval @@ -70,13 +69,12 @@ jobs: steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - # TODO: uncomment when we bump to go1.22 in go.mod - # - name: Extract version of Go to use - # run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV + - name: Extract version of Go to use + run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: '1.22' + go-version: '${{ env.GOVERSION }}' check-latest: true - uses: ko-build/setup-ko@3aebd0597dc1e9d1a26bcfdb7cbeb19c131d3037 # v0.7 diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 7ca4cc24a..c6e00082a 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -31,13 +31,12 @@ jobs: steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - # TODO: uncomment when we bump to go1.22 in go.mod - # - name: Extract version of Go to use - # run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV + - name: Extract version of Go to use + run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: '1.22' + go-version: '${{ env.GOVERSION }}' check-latest: true - name: Install addlicense @@ -58,19 +57,18 @@ jobs: - name: deps run: sudo apt-get update && sudo apt-get install -yq libpcsclite-dev - # TODO: uncomment when we bump to go1.22 in go.mod - # - name: Extract version of Go to use - # run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV + - name: Extract version of Go to use + run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: '1.22' + go-version: '${{ env.GOVERSION }}' check-latest: true - name: golangci-lint uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: - version: v1.60 + version: v1.61 oidc-config: name: oidc-config @@ -78,13 +76,12 @@ jobs: steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - # TODO: uncomment when we bump to go1.22 in go.mod - # - name: Extract version of Go to use - # run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV + - name: Extract version of Go to use + run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: '1.22' + go-version: '${{ env.GOVERSION }}' check-latest: true - name: check-config diff --git a/go.mod b/go.mod index b42610184..d7ad6b165 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sigstore/fulcio -go 1.23.1 +go 1.23.2 require ( chainguard.dev/go-grpc-kit v0.17.6 diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml index 4577617ff..6d90a7df9 100644 --- a/release/cloudbuild.yaml +++ b/release/cloudbuild.yaml @@ -32,19 +32,19 @@ steps: echo "Checking out ${_GIT_TAG}" git checkout ${_GIT_TAG} - - name: 'ghcr.io/sigstore/cosign/cosign:v2.4.0-dev@sha256:a97b592b9f73390edcd6ceb5799a62513a906cbdffcdc63f53585910c71b0708' + - name: 'ghcr.io/sigstore/cosign/cosign:v2.4.1-dev@sha256:a1bb112f1758703aa1d222bf30b9655d04cf196c0b7feaf3479d1222c2283590' dir: "go/src/sigstore/fulcio" env: - TUF_ROOT=/tmp args: - 'verify' - - 'ghcr.io/gythialy/golang-cross:v1.23.1-0@sha256:08c0c74e318141737b9da97e3b110417a5d898eef617802706b725ef926497ff' + - 'ghcr.io/gythialy/golang-cross:v1.23.2-0@sha256:8feb33a131baabdef112d924a4379ff6b0a4f00a4854f97b0dc73742198638bd' - '--certificate-oidc-issuer' - "https://token.actions.githubusercontent.com" - '--certificate-identity' - - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.23.1-0" + - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.23.2-0" - - name: ghcr.io/gythialy/golang-cross:v1.23.1-0@sha256:08c0c74e318141737b9da97e3b110417a5d898eef617802706b725ef926497ff + - name: ghcr.io/gythialy/golang-cross:v1.23.2-0@sha256:8feb33a131baabdef112d924a4379ff6b0a4f00a4854f97b0dc73742198638bd entrypoint: /bin/sh dir: "go/src/sigstore/fulcio" env: @@ -67,7 +67,7 @@ steps: gcloud auth configure-docker \ && make release - - name: ghcr.io/gythialy/golang-cross:v1.23.1-0@sha256:08c0c74e318141737b9da97e3b110417a5d898eef617802706b725ef926497ff + - name: ghcr.io/gythialy/golang-cross:v1.23.2-0@sha256:8feb33a131baabdef112d924a4379ff6b0a4f00a4854f97b0dc73742198638bd entrypoint: 'bash' dir: "go/src/sigstore/fulcio" env: