From c70382a07b73bd2aaddf5fcfcbdf43e43d496530 Mon Sep 17 00:00:00 2001
From: Bob Callaway <bcallaway@google.com>
Date: Wed, 18 Dec 2024 09:42:01 -0500
Subject: [PATCH 1/4] bump k8s versions and knative too

Signed-off-by: Bob Callaway <bcallaway@google.com>
---
 .github/workflows/add-remove-new-fulcio.yaml | 7 ++++---
 .github/workflows/fulcio-rekor-kind.yaml     | 7 ++++---
 .github/workflows/test-action-tuf.yaml       | 4 ++--
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/add-remove-new-fulcio.yaml b/.github/workflows/add-remove-new-fulcio.yaml
index 44646ef8c..b23e661d8 100644
--- a/.github/workflows/add-remove-new-fulcio.yaml
+++ b/.github/workflows/add-remove-new-fulcio.yaml
@@ -26,10 +26,10 @@ jobs:
       fail-fast: false # Keep running if one leg fails.
       matrix:
         k8s-version:
-          - v1.27.x
-          - v1.28.x
           - v1.29.x
           - v1.30.x
+          - v1.31.x
+          - v1.32.x
 
         leg:
           - fulcio-key-rotation
@@ -58,6 +58,7 @@ jobs:
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         path: ./src/github.com/sigstore/scaffolding
+        persist-credentials: false
 
     - uses: actions/cache@v4
       with:
@@ -88,7 +89,7 @@ jobs:
     - name: Setup Knative
       uses: chainguard-dev/actions/setup-knative@main
       with:
-        version: "1.11.x"
+        version: "1.16.x"
         serving-features: >
           {
             "kubernetes.podspec-fieldref": "enabled"
diff --git a/.github/workflows/fulcio-rekor-kind.yaml b/.github/workflows/fulcio-rekor-kind.yaml
index 506320156..f34cf02a6 100644
--- a/.github/workflows/fulcio-rekor-kind.yaml
+++ b/.github/workflows/fulcio-rekor-kind.yaml
@@ -26,10 +26,10 @@ jobs:
       fail-fast: false # Keep running if one leg fails.
       matrix:
         k8s-version:
-          - v1.27.x
-          - v1.28.x
           - v1.29.x
           - v1.30.x
+          - v1.31.x
+          - v1.32.x
 
         leg:
           - fulcio rekor ctlog e2e
@@ -49,6 +49,7 @@ jobs:
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         path: ./src/github.com/sigstore/scaffolding
+        persist-credentials: false
 
     - uses: chainguard-dev/actions/setup-mirror@main
     # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
@@ -88,7 +89,7 @@ jobs:
     - name: Setup Knative
       uses: chainguard-dev/actions/setup-knative@main
       with:
-        version: "1.11.x"
+        version: "1.16.x"
         serving-features: >
           {
             "kubernetes.podspec-fieldref": "enabled"
diff --git a/.github/workflows/test-action-tuf.yaml b/.github/workflows/test-action-tuf.yaml
index deb8109b6..3175381d0 100644
--- a/.github/workflows/test-action-tuf.yaml
+++ b/.github/workflows/test-action-tuf.yaml
@@ -23,10 +23,10 @@ jobs:
       fail-fast: false # Keep running if one leg fails.
       matrix:
         k8s-version:
-          - v1.27.x
-          - v1.28.x
           - v1.29.x
           - v1.30.x
+          - v1.31.x
+          - v1.32.x
         release-version:
           - "main" # Test explicitly with latest
         go-version:

From 8edeb6b3e339117b9d5ea150afcac9e161b06465 Mon Sep 17 00:00:00 2001
From: Bob Callaway <bcallaway@google.com>
Date: Wed, 18 Dec 2024 09:47:59 -0500
Subject: [PATCH 2/4] fix setup-kind.sh

Signed-off-by: Bob Callaway <bcallaway@google.com>
---
 actions/setup/action.yml |  4 ++--
 hack/setup-kind.sh       | 34 +++++++++++++++++-----------------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/actions/setup/action.yml b/actions/setup/action.yml
index fe53c847c..aa6d11f3c 100644
--- a/actions/setup/action.yml
+++ b/actions/setup/action.yml
@@ -45,9 +45,9 @@ inputs:
     required: true
     default: 'cluster.local'
   k8s-version:
-    description: 'kubernetes version to install (v1.27.x, v1.28.x, v1.29.x, v1.30.x), default: v1.27.x'
+    description: 'kubernetes version to install (v1.29.x, v1.30.x, v1.31.x, v1.32.x), default: v1.29.x'
     required: true
-    default: 'v1.27.x'
+    default: 'v1.29.x'
 runs:
   using: "composite"
   steps:
diff --git a/hack/setup-kind.sh b/hack/setup-kind.sh
index a128fba48..ff3f215f5 100755
--- a/hack/setup-kind.sh
+++ b/hack/setup-kind.sh
@@ -65,30 +65,30 @@ done
 
 # The version map correlated with this version of KinD
 # KNATIVE versions are set from https://github.com/knative/community/blob/main/mechanics/RELEASE-SCHEDULE.md
-KIND_VERSION="v0.22.0"
+KIND_VERSION="v0.26.0"
 case ${K8S_VERSION} in
-  v1.27.x)
-    K8S_VERSION="1.27.11"
-    KNATIVE_VERSION="1.12.0"
-    KIND_IMAGE_SHA="sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843"
+  v1.29.x)
+    K8S_VERSION="1.29.12"
+    KNATIVE_VERSION="1.16.0"
+    KIND_IMAGE_SHA="sha256:62c0672ba99a4afd7396512848d6fc382906b8f33349ae68fb1dbfe549f70dec"
     KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}
     ;;
-  v1.28.x)
-    K8S_VERSION="1.28.7"
-    KNATIVE_VERSION="1.12.0"
-    KIND_IMAGE_SHA="sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58"
+  v1.30.x)
+    K8S_VERSION="1.30.8"
+    KNATIVE_VERSION="1.16.0"
+    KIND_IMAGE_SHA="sha256:17cd608b3971338d9180b00776cb766c50d0a0b6b904ab4ff52fd3fc5c6369bf"
     KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}
     ;;
-  v1.29.x)
-    K8S_VERSION="1.29.2"
-    KNATIVE_VERSION="1.12.0"
-    KIND_IMAGE_SHA="sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245"
+  v1.31.x)
+    K8S_VERSION="1.31.4"
+    KNATIVE_VERSION="1.16.0"
+    KIND_IMAGE_SHA="sha256:2cb39f7295fe7eafee0842b1052a599a4fb0f8bcf3f83d96c7f4864c357c6c30"
     KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}
     ;;
-  v1.30.x)
-    K8S_VERSION="1.30.0"
-    KNATIVE_VERSION="1.12.0"
-    KIND_IMAGE_SHA="sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e"
+  v1.32.x)
+    K8S_VERSION="1.32.0"
+    KNATIVE_VERSION="1.16.0"
+    KIND_IMAGE_SHA="sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027"
     KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}
     ;;
   *) echo "Unsupported version: ${K8S_VERSION}"; exit 1 ;;

From 957fbb196986319bc663455a0699f246d9f00476 Mon Sep 17 00:00:00 2001
From: Bob Callaway <bcallaway@google.com>
Date: Wed, 18 Dec 2024 09:49:57 -0500
Subject: [PATCH 3/4] fix other action too

Signed-off-by: Bob Callaway <bcallaway@google.com>
---
 .github/workflows/test-release.yaml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test-release.yaml b/.github/workflows/test-release.yaml
index 654e2e34c..2aaa92a43 100644
--- a/.github/workflows/test-release.yaml
+++ b/.github/workflows/test-release.yaml
@@ -23,17 +23,17 @@ jobs:
       fail-fast: false # Keep running if one leg fails.
       matrix:
         k8s-version:
-          - v1.27.x
-          - v1.28.x
           - v1.29.x
           - v1.30.x
+          - v1.31.x
+          - v1.32.x
         leg:
           - fulcio rekor ctlog e2e
         go-version:
           - 1.23.x
 
     env:
-      RELEASE_VERSION: "v0.7.1"
+      RELEASE_VERSION: "v0.7.17"
       KO_DOCKER_REPO: registry.local:5000/knative
       KOCACHE: ~/ko
 
@@ -63,7 +63,7 @@ jobs:
     - name: Setup Knative
       uses: chainguard-dev/actions/setup-knative@main
       with:
-        version: "1.11.x"
+        version: "1.16.x"
         serving-features: >
           {
             "kubernetes.podspec-fieldref": "enabled"
@@ -143,6 +143,7 @@ jobs:
       with:
         repository: sigstore/timestamp-authority
         path: ./src/github.com/sigstore/timestamp-authority
+        persist-credentials: false
     - name: Build timestamp-cli
       working-directory: ./src/github.com/sigstore/timestamp-authority
       run: |

From 5ee286d944d81c65e8007a55c3f15135c5892103 Mon Sep 17 00:00:00 2001
From: Bob Callaway <bcallaway@google.com>
Date: Wed, 18 Dec 2024 10:02:37 -0500
Subject: [PATCH 4/4] bump pointer to latest scaffolding release

Signed-off-by: Bob Callaway <bcallaway@google.com>
---
 getting-started.md                     | 4 ++--
 hack/setup-scaffolding-from-release.sh | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/getting-started.md b/getting-started.md
index 28bacfda9..1be53e5e0 100644
--- a/getting-started.md
+++ b/getting-started.md
@@ -41,7 +41,7 @@ cloning the repo):
 Or by downloading a release version of the script
 
 ```shell
-curl -fLo /tmp/setup-kind.sh https://github.com/sigstore/scaffolding/releases/download/v0.7.1/setup-kind.sh
+curl -fLo /tmp/setup-kind.sh https://github.com/sigstore/scaffolding/releases/download/v0.7.17/setup-kind.sh
 chmod u+x /tmp/setup-kind.sh
 /tmp/setup-kind.sh
 ```
@@ -76,7 +76,7 @@ docker rm -f b1e3f3238f7a
 ## From the release
 
 ```shell
-curl -Lo /tmp/setup-scaffolding-from-release.sh https://github.com/sigstore/scaffolding/releases/download/v0.7.1/setup-scaffolding-from-release.sh
+curl -Lo /tmp/setup-scaffolding-from-release.sh https://github.com/sigstore/scaffolding/releases/download/v0.7.17/setup-scaffolding-from-release.sh
 chmod u+x /tmp/setup-scaffolding-from-release.sh
 /tmp/setup-scaffolding-from-release.sh
 ```
diff --git a/hack/setup-scaffolding-from-release.sh b/hack/setup-scaffolding-from-release.sh
index e031d1109..d7fbb40f4 100755
--- a/hack/setup-scaffolding-from-release.sh
+++ b/hack/setup-scaffolding-from-release.sh
@@ -19,7 +19,7 @@ set -o pipefail
 set -o xtrace
 
 # Default
-RELEASE_VERSION="v0.7.1"
+RELEASE_VERSION="v0.7.17"
 
 while [[ $# -ne 0 ]]; do
   parameter="$1"