starred/hardening
1
0
Fork 0
mirror of https://github.com/konstruktoid/hardening.git synced 2026-04-26 09:15:55 +03:00
Code Issues 6 Projects Releases 4 Packages Wiki Activity

[PR #279] [MERGED] Update slsa-framework/slsa-github-generator action to v1.6.0 #300

New issue
Closed
opened 2026-03-03 14:30:34 +03:00 by kerem · 0 comments
kerem commented 2026-03-03 14:30:34 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/279
Author: @renovate[bot]
Created: 5/12/2023
Status: Merged
Merged: 5/14/2023
Merged by: @konstruktoid

Base: masterHead: renovate/slsa-framework-slsa-github-generator-1.x

📝 Commits (1)

  • 08162d1 Update slsa-framework/slsa-github-generator action to v1.6.0

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/slsa.yml (+1 -1)

📄 Description

Mend Renovate

This PR contains the following updates:

Package Type Update Change
slsa-framework/slsa-github-generator action minor v1.5.0 -> v1.6.0

Release Notes

slsa-framework/slsa-github-generator

v1.6.0

Compare Source

This release includes the first beta release of the
Node.js builder.
The Node.js builder provides a GitHub Actions reusable workflow that can be
called to build a Node.js package, generate SLSA Build L3 compliant provenance,
and publish it to the npm registry along with the package.

Summary of changes
Go builder
New Features
  • A new
    prerelease
    input was added to allow users to create releases marked as prerelease when
    upload-assets is set to true.
  • A new input draft-release was added to allow users to create releases marked
    as draft when upload-assets is set to true.
  • A new output go-provenance-name added which can be used to retrieve the name
    of the provenance file generated by the builder.
Generic generator
New Features
  • A new input draft-release was added to allow users to create releases marked
    as draft when upload-assets is set to true.
Container generator

The Container Generator was updated to use cosign v2.0.0. No changes to the
workflow's inputs or outputs were made.

Changelog since v1.5.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/279 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 5/12/2023 **Status:** ✅ Merged **Merged:** 5/14/2023 **Merged by:** [@konstruktoid](https://github.com/konstruktoid) **Base:** `master` ← **Head:** `renovate/slsa-framework-slsa-github-generator-1.x` --- ### 📝 Commits (1) - [`08162d1`](https://github.com/konstruktoid/hardening/commit/08162d1a69342313a5bad56db10590e8ed69a3fa) Update slsa-framework/slsa-github-generator action to v1.6.0 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/slsa.yml` (+1 -1) </details> ### 📄 Description [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.5.0` -> `v1.6.0` | --- ### Release Notes <details> <summary>slsa-framework/slsa-github-generator</summary> ### [`v1.6.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v160) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0) This release includes the first beta release of the [Node.js builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/v1.6.0/internal/builders/nodejs). The Node.js builder provides a GitHub Actions reusable workflow that can be called to build a Node.js package, generate SLSA Build L3 compliant provenance, and publish it to the npm registry along with the package. ##### Summary of changes ##### Go builder ##### New Features - A new [`prerelease`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-inputs) input was added to allow users to create releases marked as prerelease when `upload-assets` is set to `true`. - A new input [`draft-release`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-inputs) was added to allow users to create releases marked as draft when `upload-assets` is set to `true`. - A new output [`go-provenance-name`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-outputs) added which can be used to retrieve the name of the provenance file generated by the builder. ##### Generic generator ##### New Features - A new input [`draft-release`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/generic/README.md#workflow-inputs) was added to allow users to create releases marked as draft when `upload-assets` is set to `true`. ##### Container generator The Container Generator was updated to use `cosign` v2.0.0. No changes to the workflow's inputs or outputs were made. ##### Changelog since v1.5.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/konstruktoid/hardening). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS43OS4xIiwidXBkYXRlZEluVmVyIjoiMzUuNzkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9--> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-03 14:30:34 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/github-codeql-action-4.x
v2.2.0
v2.1.0
v2.0.0
v1.0.0
v1.0
Labels
Clear labels   
Stale

   
bug

   
bug

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
Stale
bug
bug
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hardening#300
No description provided.