Skip to content

Tags: sigstore/cosign-installer

Tags

v4.1.2

Toggle v4.1.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Bump cosign to 3.0.6 (#232)

v4.1.1

Toggle v4.1.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
chore: update default cosign-release to v3.0.5 (#223)

Aligns the default cosign-release input with the bootstrap version.

Signed-off-by: rsclarke <hey@rsclarke.dev>

v4.1.0

Toggle v4.1.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix: add retry to curl downloads for transient network failures (#210)

Transient network errors during the cosign download can cause the
action to fail. This is particularly problematic when the action runs
after images have been pushed to a registry, resulting in unsigned
images.

Add --retry 3 to all curl calls. By default, curl uses exponential
backoff: it waits 1 second before the first retry, then doubles the
wait time for each subsequent retry up to a maximum of 10 minutes. It
also respects Retry-After headers in the response.

Closes: #209

Signed-off-by: Jose Fernandez <me@jrfernandez.com>

v3.10.1

Toggle v3.10.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
bump to use cosign 2.6.1 (#203)

* bump to use cosign 2.6.1

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* in the cosign installer v3 branch only test cosign v2

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

---------

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

v4.0.0

Toggle v4.0.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
add support for cosign v3 releases (#201)

* add support for cosign v3.0.1 release

Signed-off-by: Bob Callaway <bcallaway@google.com>

* use version num instead

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add cert flags, move key fetch into v2 clause

Signed-off-by: Bob Callaway <bcallaway@google.com>

* update for v3.0.2 release

Signed-off-by: Bob Callaway <bcallaway@google.com>

* use helper function

Signed-off-by: Bob Callaway <bcallaway@google.com>

* temporarily comment out the exit to test kms sig verification

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add another comment - temporary

Signed-off-by: Bob Callaway <bcallaway@google.com>

* remove comments for final mergeable fix

Signed-off-by: Bob Callaway <bcallaway@google.com>

* recommend v2.6.0 or later

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>

v3.10.0

Toggle v3.10.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Bump default Cosign to v2.6.0 (#200)

v3.9.2

Toggle v3.9.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Update default to v2.5.3 (#196)