🌱 Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools #2742

dependabot · 2023-03-13T09:03:56Z

Bumps github.com/google/ko from 0.12.0 to 0.13.0.

Release notes

Sourced from github.com/google/ko's releases.

v0.13.0

What's Changed

SPDX: Fix package manager label by @puerco in ko-build/ko#801

SPDX 2.3 support by @puerco in ko-build/ko#803

ci: build and test using 1.18 and 1.19 (drop 1.17) by @imjasonh in ko-build/ko#812

removes repo move message by @mchmarny in ko-build/ko#814

feat: write sbom result to disk by @developer-guy in ko-build/ko#822

feat: adding support for using multiple keychain for sending sbom results to a different repository by @developer-guy in ko-build/ko#821

Move docs to ko.build by @imjasonh in ko-build/ko#749

Update setup-ko version by @ianlewis in ko-build/ko#836

Add -- usage in readme by @jwcesign in ko-build/ko#840

add CONTRIBUTING, code of conduct, roadmap by @imjasonh in ko-build/ko#837

attempt to fix GH Pages publishing by @imjasonh in ko-build/ko#843

doc: fix link to Installation page in Getting Started by @antoineco in ko-build/ko#846

.ko.yaml: bump golang 1.18 -> 1.19 by @srenatus in ko-build/ko#848

truncate -image-refs file by @imjasonh in ko-build/ko#855

update docs: fix broken links, align with README by @imjasonh in ko-build/ko#854

Handle KO_DOCKER_REPO=ko.local/repo and --bare correctly by @imjasonh in ko-build/ko#820

another docs update by @imjasonh in ko-build/ko#856

ko.build: support some common shortlinks by @imjasonh in ko-build/ko#872

install: fail with 404 instead of gzip error when url was wrong by @grosser in ko-build/ko#879

feat: deduplicate tags by @bluebrown in ko-build/ko#884

install mkdocs-redirect when publishing site by @imjasonh in ko-build/ko#873

nit: replace one-item slice with const by @imjasonh in ko-build/ko#885

Temp fix for SLSA generators by @laurentsimon in ko-build/ko#886

Fix verifier by @laurentsimon in ko-build/ko#891

Fix link in static-assets.md by @yuryu in ko-build/ko#893

add KO_DEFAULTBASEIMAGE usage to docs by @developer-guy in ko-build/ko#895

Publish an tagged image on release by @vdemeester in ko-build/ko#868

Add option to configure default platforms by @ReToCode in ko-build/ko#897

Fix broken SLSA link by @imjasonh in ko-build/ko#899

add MAINTAINERS.md by @imjasonh in ko-build/ko#905

fix: possible race condition when applying templates to flags/ldflags by @caarlos0 in ko-build/ko#913

update docs to reflect actual default base image by @imjasonh in ko-build/ko#903

remove repeated error message on failure by @imjasonh in ko-build/ko#921

website: update CNCF announcement by @imjasonh in ko-build/ko#920

fix KO_CONFIG_PATH pointing to a file by @imjasonh in ko-build/ko#923

upgrade to cosign v2.0.0-rc.0 by @imjasonh in ko-build/ko#933

Feature: Add ECR presubmit testing. by @mattmoor in ko-build/ko#934

remove 'ko deps' by @imjasonh in ko-build/ko#937

feat: Add KO_GO_PATH env var by @embano1 in ko-build/ko#930

add ko.build/slack short link by @imjasonh in ko-build/ko#945

update link to ko goreleaser docs by @imjasonh in ko-build/ko#936

add ko community meeting details by @developer-guy in ko-build/ko#938

fix cosign by adding --yes by @imjasonh in ko-build/ko#973

fix: handle docker's unknown/unknown platform in index manifests by @imjasonh in ko-build/ko#975

fix file extension for cyclonedx by @developer-guy in ko-build/ko#974

New Contributors

@ianlewis made their first contribution in ko-build/ko#836

... (truncated)

Commits

e22e7a1 bump ggcr dep to @main (#976)
8e075ae fix file extension for cyclonedx (#974)
11670b7 fix: handle docker's unknown/unknown platform in index manifests (#975)
7ce9478 fix cosign by adding --yes (#973)
9302da7 Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 (#972)
a158883 Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#971)
86b6c28 Bump actions/checkout from 2 to 3 (#966)
0bd12fb Bump slsa-framework/slsa-github-generator from 1.2.1 to 1.5.0 (#967)
d5125da Bump github.com/sigstore/cosign/v2 from 2.0.0-rc.2 to 2.0.0 (#965)
03f4aed add ko community meeting details (#938)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @spencerschrock.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

spencerschrock · 2023-03-14T16:49:02Z

@dependabot rebase

Bumps [github.com/google/ko](https://github.com/google/ko) from 0.12.0 to 0.13.0. - [Release notes](https://github.com/google/ko/releases) - [Changelog](https://github.com/ko-build/ko/blob/main/.goreleaser.yml) - [Commits](ko-build/ko@v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: github.com/google/ko dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

spencerschrock · 2023-03-14T16:51:59Z

@dependabot squash and merge

commit 00da7a8be965c09d044f978d6b9eafee1350bd30 Author: Azeem Shaikh <azeemshaikh38@gmail.com> Date: Tue Mar 14 23:07:19 2023 +0000 Pr comments commit 1127dd9 Merge: 274448f 23bd295 Author: Azeem Shaikh <azeemshaikh38@gmail.com> Date: Wed Mar 15 04:23:32 2023 +0530 Merge branch 'main' into go-git commit 274448f Author: Azeem Shaikh <azeemshaikh38@gmail.com> Date: Tue Mar 14 22:52:30 2023 +0000 Initial implementation of go-git client Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com> commit 23bd295 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Mar 14 20:28:41 2023 +0000 :seedling: Bump github/codeql-action from 2.2.4 to 2.2.6 (ossf#2741) commit fc026ef Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Mar 14 17:04:31 2023 +0000 :seedling: Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools (ossf#2742) commit 2e04214 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Mar 14 14:02:34 2023 +0000 :seedling: Bump tj-actions/changed-files from 35.6.2 to 35.7.0 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.6.2 to 35.7.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@5ce975c...bd376fb) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit e36b590 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Mar 14 08:59:20 2023 -0500 :seedling: Bump actions/cache from 3.3.0 to 3.3.1 (ossf#2740) Bumps [actions/cache](https://github.com/actions/cache) from 3.3.0 to 3.3.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@940f3d7...88522ab) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 6ff94eb Author: Gabriela Gutierrez <gabigutierrez@google.com> Date: Mon Mar 13 19:42:37 2023 +0000 :bug: Handle editable pip installs (ossf#2731) * fix: Handle editable pip install Editable pip installs (-e) should be considered secure if the package is installed from a local source or a remote source (VCS install) but pinned by commit hash. To keep the behaviour we have for normal pip installs, we need to guarantee the package dependencies are pinned by hash too. For normal pip installs, we verify that by using --require-hashes flag. Unfortunately, --require-hashes flag is not compatible with editable installs, so we use --no-deps flag to verify the dependencies are not installed since we can't verify if they are pinned. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Editable pip install in GHA Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Editable pip install in Dockerfile Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Editable pip install in shell script Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Code complexity increase Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Simplify boolean return Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * docs: Add pip editable install references in comments Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Handle multiple packages in editable pip install Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Multi editable pip install in GHA Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Multi editable pip install in Dockerfile Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Multi editable pip install in shell script Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> --------- Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> commit 110e352 Author: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Mon Mar 13 11:13:50 2023 -0400 ✨ Gitlab support: RepoClient (ossf#2655) * Add make targets and E2E test target for GitLab only Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add GitLab support to RepoClient Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Build * Make target for e2e-gitlab-token * Only run Gitlab tests in CI that don't require a token Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add tests Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Remove spurious printf Signed-off-by: Raghav Kaul <raghavkaul@google.com> * 🐛 Check OSS Fuzz build file for Fuzzing check (ossf#2719) * Check OSS-Fuzz using project list Signed-off-by: Spencer Schrock <sschrock@google.com> * Use clients.RepoClient interface to perform the new OSS Fuzz check Signed-off-by: Spencer Schrock <sschrock@google.com> * wip: add eager client for better repeated lookup of projects Signed-off-by: Spencer Schrock <sschrock@google.com> * Split lazy and eager behavior into different implementations. Signed-off-by: Spencer Schrock <sschrock@google.com> * Add tests and benchmarks Signed-off-by: Spencer Schrock <sschrock@google.com> * Switch to always parsing JSON to determine if a project is present. The other approach of looking for a substring match would lead to false positives. Signed-off-by: Spencer Schrock <sschrock@google.com> * Add eager constructor to surface status file errors sooner. Signed-off-by: Spencer Schrock <sschrock@google.com> * Switch existing users to new OSS Fuzz client Signed-off-by: Spencer Schrock <sschrock@google.com> * Mark old method as deprecated in the godoc Signed-off-by: Spencer Schrock <sschrock@google.com> * remove unused comment. Signed-off-by: Spencer Schrock <sschrock@google.com> * Use new OSS Fuzz client in e2e test. Signed-off-by: Spencer Schrock <sschrock@google.com> * fix typo. Signed-off-by: Spencer Schrock <sschrock@google.com> * Fix potential path bug with test server. Signed-off-by: Spencer Schrock <sschrock@google.com> * Force include the two JSON files which were being ignored by .gitignore Signed-off-by: Spencer Schrock <sschrock@google.com> * trim the status json file Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Co-authored-by: Spencer Schrock <sschrock@google.com> commit 5625dda Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Mar 11 17:14:42 2023 +0000 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.8.3 to 2.9.0 in /tools Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.8.3 to 2.9.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.8.3...v2.9.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit d591e38 Author: Spencer Schrock <sschrock@google.com> Date: Fri Mar 10 16:02:05 2023 -0800 🌱 Add RepoClient re-use E2E tests. (ossf#2625) * Add e2e test for re-used repoclient. Signed-off-by: Spencer Schrock <sschrock@google.com> * Improve diff logging Signed-off-by: Spencer Schrock <sschrock@google.com> * Skip scorecard e2e test during unit tests. Signed-off-by: Spencer Schrock <sschrock@google.com> * Fix linter. Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com> commit a7e81bb Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Mar 10 08:20:28 2023 -0600 :seedling: Bump actions/cache from 3.2.6 to 3.3.0 (ossf#2738) Bumps [actions/cache](https://github.com/actions/cache) from 3.2.6 to 3.3.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@69d9d44...940f3d7) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot requested review from azeemshaikh38, justaugustus, laurentsimon, naveensrinivasan, spencerschrock and raghavkaul as code owners March 13, 2023 09:03

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 13, 2023

dependabot bot had a problem deploying to integration-test March 13, 2023 09:04 Failure

dependabot bot force-pushed the dependabot/go_modules/tools/github.com/google/ko-0.13.0 branch from fc3ef2b to 9534152 Compare March 14, 2023 09:04

dependabot bot temporarily deployed to integration-test March 14, 2023 09:05 Inactive

spencerschrock approved these changes Mar 14, 2023

View reviewed changes

dependabot bot force-pushed the dependabot/go_modules/tools/github.com/google/ko-0.13.0 branch from 9534152 to ac2e277 Compare March 14, 2023 16:51

dependabot bot temporarily deployed to integration-test March 14, 2023 16:51 Inactive

dependabot bot merged commit fc026ef into main Mar 14, 2023

dependabot bot deleted the dependabot/go_modules/tools/github.com/google/ko-0.13.0 branch March 14, 2023 17:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🌱 Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools #2742

🌱 Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools #2742

dependabot bot commented on behalf of github Mar 13, 2023 •

edited

spencerschrock commented Mar 14, 2023

spencerschrock commented Mar 14, 2023

🌱 Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools #2742

🌱 Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools #2742

Conversation

dependabot bot commented on behalf of github Mar 13, 2023 • edited

v0.13.0

What's Changed

New Contributors

spencerschrock commented Mar 14, 2023

spencerschrock commented Mar 14, 2023

dependabot bot commented on behalf of github Mar 13, 2023 •

edited