Releases: theupdateframework/tuf-on-ci
v0.15.2
kommendorkapten
Fredrik Skogman
This point release fixes a bug introduced in 0.14.
- Only return open pull requests (PR) when searching for a signing
event (#518). In cases where the signers rely on a fork to sign and
then create a PR back to the main repository, both PRs will contain
the same git commit at tip, and so multiple PRs would be returned,
now only open PRs are considered.
Updating from 0.14 does not require any changes GitHub workflow files.
v0.15.1
v0.15.0
v0.14.0
kommendorkapten
Fredrik Skogman
v0.13.0
v0.12.0
In addition to dependency updates, this release contains one new (experimental) repository
feature: Online signed targets. Updating to this version does not require any changes to
GitHub workflow files.
The Online signed targets feature (#75) currently has some significant limitations
and may be changed in the future, see DELEGATION-MANUAL.md for details.
v0.11.0
kommendorkapten
Fredrik Skogman
This release contains bug fixes, stability fixes and dependency
updates.
Updating to this version does not require any changes to GitHub
workflow files.
Changes
- Increased the number of root rotations allowed in the client unsed by
the test workflow (#377) - Versioned root metadata file is now created by the signing event (#352)
Fixes
v0.10.0
Release includes several new features. It also fixes an issue with TUF keyids,
see issue #292 (note that existing keyids are not automatically made compliant:
tuf-on-ci-delegate --force-compliant-keyids can be used in a signing event to
make that happen).
GitHub workflows require no changes (but you may want to add a
.github/TUF_ON_CI_TEMPLATE/failure.md file, see below).
Changes
- Artifact directories can now be up to 5 levels deep (#238)
- actions: All action requirements are now version pinned (#248)
- actions:
.github/TUF_ON_CI_TEMPLATE/failure.mdcan now be used to
define custom content for workflow failure issues (#270) build-repositoryaction: A human readable repository description
is generated in index.html in the published metadata dir (#313)
Fixes
- signer: keyid generation was fixed to be specification compliant (#294)
- A feature was added to fix noncompliant keyids in repositories
where they non-compliant keyids already present (#338)
- A feature was added to fix noncompliant keyids in repositories
test-repositoryaction: Use a better default artifact-url (#275),
handle a initial root in more cases (#346)build-repositoryaction: Delegation tree is now used to decide which
metadata to include in published repo (#344)- tuf minimum dependency is now correctly set to 3.1 (#329)
v0.9.0
GitHub Actions users are adviced to upgrade for safer dependency
pinning that should avoid breakage in future.
Changes
- actions: test-repository action has many additional features (#239)
- actions: python package versions are now in logs again (#247)
- signer: Improve signing robustness (#237)
- Dependency updates (including more strictly pinned securesystemslib)
GitHub Actions upgrade instructions
A plain version bump from 0.8 works: Workflows require no changes.
v0.8.0
GitHub Actions upgrade instructions
A plain version bump from 0.7 works: Workflows require no changes.
Changes
- Signer now opens PRs in a browser automatically when in non-maintainer signing flow
- Signer now has runtime version checking: A message is printed out if a new version is available
- Actions have dependency updates