Skip to content

Commit

Permalink
ci(deps): bump cosign to v2.2.3 to avoid sigstore TUF invalid key issue
Browse files Browse the repository at this point in the history
  • Loading branch information
saisatishkarra committed Mar 20, 2024
1 parent 79d3aac commit e91359b
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
16 changes: 16 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,22 @@ updates:
commit-message:
prefix: "docker"
include: "scope"

- package-ecosystem: "github-actions"
directory: "/security-actions/sign-docker-image"
schedule:
interval: "daily"
commit-message:
prefix: "github-actions"
include: "scope"

- package-ecosystem: docker
directory: "/security-actions/sign-docker-image"
schedule:
interval: "daily"
commit-message:
prefix: "docker"
include: "scope"

- package-ecosystem: "github-actions"
directory: "/code-check-actions/luacheck"
Expand Down
2 changes: 1 addition & 1 deletion security-actions/sign-docker-image/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ runs:
run: $GITHUB_ACTION_PATH/scripts/cosign-metadata.sh

- name: Install Cosign
uses: sigstore/cosign-installer@v3.1.1
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4

- name: Check install!
shell: bash
Expand Down

0 comments on commit e91359b

Please sign in to comment.