[PR #251] [CLOSED] Update slsa-framework/slsa-github-generator action to v1.5.0 - autoclosed #272

New issue

Closed

opened 2026-03-03 14:30:27 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 14:30:27 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/251
Author: @renovate[bot]
Created: 2/28/2023
Status: ❌ Closed

Base: master ← Head: renovate/slsa-framework-slsa-github-generator-1.x

---

📝 Commits (1)

• cd9c51f Update slsa-framework/slsa-github-generator action to v1.5.0

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/slsa.yml (+1 -1)

📄 Description

This PR contains the following updates:

Package	Type	Update	Change
slsa-framework/slsa-github-generator	action	minor	v1.4.0 -> v1.5.0

---

Release Notes

slsa-framework/slsa-github-generator

v1.5.0

Compare Source

Summary of changes

Go builder

New Features

• A new upload-tag-name input was added to allow users to specify the tag name for the release when upload-assets is set to true.
• The environment variables included in provenance output were changed to include only those variables that are specified by the user in the slsa-goreleaser.yml configuration file in order to improve reproducibility. See #​822 for more information and background.

Generic generator

New Features

• A new boolean continue-on-error input was added which, when set to true, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the outcome output.
• A new upload-tag-name input was added to allow users to specify the tag name for the release when upload-assets is set to true.

Container generator

New Features

• A new boolean continue-on-error input was added which, when set to true, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the outcome output.
• A new repository-username secret input was added to allow users to pass their repository username that is stored in a Github Actions encrypted secret. This secret input should only be used for high-entropy registry username values such as AWS Access Key.
• Support was added for authenticating with Google Artifact Registry and Google Container Registry using Workload Identity Federation. Users can use this new feature by using the gcp-workload-identity-provider and gcp-service-account inputs

Changelog since v1.4.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/251 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 2/28/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `renovate/slsa-framework-slsa-github-generator-1.x` --- ### 📝 Commits (1) - [`cd9c51f`](https://github.com/konstruktoid/hardening/commit/cd9c51fbae739c7753f7e0a7238c6760b2b81cc7) Update slsa-framework/slsa-github-generator action to v1.5.0 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/slsa.yml` (+1 -1) </details> ### 📄 Description [](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.4.0` -> `v1.5.0` | --- ### Release Notes <details> <summary>slsa-framework/slsa-github-generator</summary> ### [`v1.5.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v150) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0) <!-- Information on the next release will be added here. --> #### Summary of changes ##### Go builder ##### New Features - A new [`upload-tag-name`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`. - The environment variables included in provenance output were changed to include only those variables that are specified by the user in the [slsa-goreleaser.yml configuration file](https://togithub.com/slsa-framework/slsa-github-generator/tree/v1.5.0/internal/builders/go#configuration-file) in order to improve reproducibility. See [#&#8203;822](https://togithub.com/slsa-framework/slsa-github-generator/issues/822) for more information and background. ##### Generic generator ##### New Features - A new boolean [`continue-on-error`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-outputs) output. - A new [`upload-tag-name`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`. ##### Container generator ##### New Features - A new boolean [`continue-on-error`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-outputs) output. - A new [`repository-username`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) secret input was added to allow users to pass their repository username that is stored in a [Github Actions encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets). This secret input should only be used for high-entropy registry username values such as AWS Access Key. - Support was added for authenticating with [Google Artifact Registry](https://cloud.google.com/artifact-registry) and [Google Container Registry](https://cloud.google.com/container-registry) using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). Users can use this new feature by using the [`gcp-workload-identity-provider` and `gcp-service-account` inputs](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) #### Changelog since v1.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/konstruktoid/hardening). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTIuNSIsInVwZGF0ZWRJblZlciI6IjM0LjE1Mi41In0=--> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 14:30:27 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-03-03 14:30:33 +03:00

[PR #272] [MERGED] Update github/codeql-action action to v2.3.0 #295

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/github-codeql-action-4.x

v2.2.0

v2.1.0

v2.0.0

v1.0.0

v1.0

Labels

Clear labels   

Stale

  

bug

  

bug

  

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

Stale

bug

bug

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hardening#272

No description provided.