Releases: theupdateframework/tuf-on-ci
v0.14.0
v0.13.0
v0.12.0
In addition to dependency updates, this release contains one new (experimental) repository
feature: Online signed targets. Updating to this version does not require any changes to
GitHub workflow files.
The Online signed targets feature (#75) currently has some significant limitations
and may be changed in the future, see DELEGATION-MANUAL.md for details.
v0.11.0
This release contains bug fixes, stability fixes and dependency
updates.
Updating to this version does not require any changes to GitHub
workflow files.
Changes
- Increased the number of root rotations allowed in the client unsed by
the test workflow (#377) - Versioned root metadata file is now created by the signing event (#352)
Fixes
v0.10.0
Release includes several new features. It also fixes an issue with TUF keyids,
see issue #292 (note that existing keyids are not automatically made compliant:
tuf-on-ci-delegate --force-compliant-keyids
can be used in a signing event to
make that happen).
GitHub workflows require no changes (but you may want to add a
.github/TUF_ON_CI_TEMPLATE/failure.md
file, see below).
Changes
- Artifact directories can now be up to 5 levels deep (#238)
- actions: All action requirements are now version pinned (#248)
- actions:
.github/TUF_ON_CI_TEMPLATE/failure.md
can now be used to
define custom content for workflow failure issues (#270) build-repository
action: A human readable repository description
is generated in index.html in the published metadata dir (#313)
Fixes
- signer: keyid generation was fixed to be specification compliant (#294)
- A feature was added to fix noncompliant keyids in repositories
where they non-compliant keyids already present (#338)
- A feature was added to fix noncompliant keyids in repositories
test-repository
action: Use a better default artifact-url (#275),
handle a initial root in more cases (#346)build-repository
action: Delegation tree is now used to decide which
metadata to include in published repo (#344)- tuf minimum dependency is now correctly set to 3.1 (#329)
v0.9.0
GitHub Actions users are adviced to upgrade for safer dependency
pinning that should avoid breakage in future.
Changes
- actions: test-repository action has many additional features (#239)
- actions: python package versions are now in logs again (#247)
- signer: Improve signing robustness (#237)
- Dependency updates (including more strictly pinned securesystemslib)
GitHub Actions upgrade instructions
A plain version bump from 0.8 works: Workflows require no changes.
v0.8.0
GitHub Actions upgrade instructions
A plain version bump from 0.7 works: Workflows require no changes.
Changes
- Signer now opens PRs in a browser automatically when in non-maintainer signing flow
- Signer now has runtime version checking: A message is printed out if a new version is available
- Actions have dependency updates
v0.7.0
Changes
- Signer has improved signing error handling
- Custom fields in TargetFile metadata are now preserved during target update
(this is a workaround mostly for sigstore root-signing legacy artifacts)
Upgrade instructions
A plain version bump from 0.6 works: Workflows require no changes.
v0.6.0
NOTE: please see upgrade instructions below.
Changes
- Signing events now happen in GitHub pull requests
- Signer now probes for PKCS11 module: configuring that is no longer required, as long as as the module is in one of the expected locations.
Upgrade instructions
- As usual we recommend copying your workflows from https://github.com/theupdateframework/tuf-on-ci-template/.
- signing event action no longer needs
issues: write
permission but instead requirespull-requests: write
- signing event action no longer needs
- Custom token users need to create a new token with an additional permission
Pull requests: write
- Settings->Actions->General->Allow GitHub Actions to create and approve pull requests needs to be enabled in repository settings
(not required if a custom token is used)
v0.5.0
NOTE: Do not accept a dependabot upgrade, please see upgrade
instructions.
This release contains improved failure handling and testing.
Changes
- New action test-repository: This new action enables smoke testing
every published repository with a TUF client. - New action update-issue: This action enables automated filing of
issues when a TUF-on-CI workflow fails
Upgrade instructions
As usual we recommend copying your workflows from
https://github.com/theupdateframework/tuf-on-ci-template/ as there
are a number of changes, including a new reusable workflow.