- anchore/sbom-action to v0.17.0
- docker/build-push-action to v6.5.0
- docker/login-action to v3.3.0
- docker/setup-buildx-action to v3.5.0
- github/codeql-action to v3.25.15
- ossf/scorecard-action to v2.4.0
- softprops/action-gh-release to v2.0.8
- GCR credential helper to v2.1.23
- sigstore/cosign to v2.3.0
- govulncheck to v1.1.3
- alpine base image to v3.20.2
Signed-off-by: Brandon Mitchell <git@bmitch.net>
Make it easier to pull creds from a docker config.json outside of the
standard location, without needing environmental variables. For example,
a mounted K8s Secret of type `kubernetes.io/dockerconfigjson`.
Signed-off-by: Matthew Monaco <matt@monaco.cx>
The `bitIsSet` function was returning the wrong value, forcing nodes to v1.
This also adjusts the automatic appending of the variant to only happen when short values are provided.
This avoids changing `linux/amd64` to `linux/amd64/vx` which would break existing users.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
This didn't increase the cache hit rate and ultimately slowed down the build.
Most likely the GHA cache isn't large enough.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- actions/setup-go to v5.0.2
- anchore/sbom-action to v0.16.1
- github/codeql-action to v3.25.12
- ECR Helper to latest commit
- google/osv-scanner to v1.8.2
- icholy/gomajor to v0.13.1
- anchore/syft to v1.9.0
- project-zot to v 2.1.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Go to 1.22.5
- actions/upload-artifact to v4.3.4
- docker/build-push-action to v6.3.0
- docker/setup-buildx-action to v3.4.0
- github/codeql-action to v3.25.11
- ECR Helper to latest commit
- icholy/gomajor to v0.12.0
- anchore/syft to v1.8.0
- golang.org/x/sys to v0.22.0
- golang.org/x/term to v0.22.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
This was used for test implementations that were better handled with t.TempDir or olareg backed by memory.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- actions/checkout to v4.1.7
- docker/build-push-action to v6.1.0
- github/codeql-action to v3.25.10
- softprops/action-gh-release to v2.0.6
- ECR helper to latest commit
- google-osv-scanner to v1.8.1
- anchore-syft to v1.7.0
- Alpine to 3.20.1
- klauspost/compress to v1.17.9
- spf13/cobra to v1.8.1
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- github/codeql-action to v3.25.8
- ECR credential helper to latest commit
- govulncheck to v1.1.2
- Go to 1.22.4
- golang.org/x/sys to v0.21.0
- golang.org/x/term to v0.21.0
- Fixes CVE-2024-24790
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- docker/login-action to v3.2.0
- github/codeql-action to v3.25.7
- google/osv-scanner to v1.7.4
- icholy/gomajor to v0.11.0
- Go image digest
- anchore/syft to v1.5.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
