Skip to content

Releases: theupdateframework/tuf-on-ci

v0.3.0

22 Nov 11:52
@github-actions github-actions
v0.3.0
This tag was signed with the committer’s verified signature.
kommendorkapten Fredrik Skogman
SSH Key Fingerprint: ekIXhtcETjekHx8y5eNz1afKi10xC6/oH3dz/YbL7GU Learn about vigilant mode.
d5496b4
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.0

NOTE: This is a major API break, users should not just upgrade the action versions but
should replace their publish.yml workflow with the new workflow from tuf-on-ci-template.

Upgrade instructions from v0.2.0:

  • When the Dependabot PR is created, update the PR to include the
    updated publish.yml from tuf-on-ci-template repository. Then the
    PR can be approved and merged without breaking any workflows.

See CHANGELOG.md for details.

Assets 4
Loading

v0.2.0

06 Nov 09:52
@github-actions github-actions
v0.2.0
3491682
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0

Upgrade instructions from v0.1.0:

  • Dependabot version bump can be accepted as is

See CHANGELOG.md for details.

Assets 4
Loading

v0.1.0

06 Oct 13:18
@github-actions github-actions
v0.1.0
6d32b94
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.0

NOTE: This is a major API break, users should not just upgrade the action versions but
should replace their workflows with new workflows from tuf-on-ci-template.

Release contains:

  • Major refactoring of actions: New actions are more logical and enable separating publishing fron online signing. The repository now contains a new branch "publish" that always points to the newest publishable repository version
  • Improved Sigstore signer registration flow
  • Bug fixes

Upgrade instructions:

  • Remove your existing tuf-on-ci workflows and replace them with the ones from current tuf-on-ci-template.
  • In Settings->Environments->github-pages change deployment branch from main to publish
  • If you use the experimental sigstore online signing: After updating run tuf-on-ci-delegate sign/update-online-key timestamp re-select sigstore as the signing system: This creates a new signing event that is required for online signing to work.

Thanks to contributors Radoslav Dimitrov, Meredith Lancaster and lv291.

Assets 4
Loading

0.0.1

25 Jul 09:20
@jku jku
v0.0.1
08eeb65
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.0.1

initial release of TUF-on-CI.

TUF-on-CI is a repository and signer implementation of
https://theupdateframework.io/ that runs on a Continuous Integration platform.

Features include:

  • Threshold signing with hardware keys and Sigstore
  • Automated online signing with multiple KMSs
  • Polished signing user experience
  • No custom code required

The signer is not available from PyPI in this release but will be in future releases.
See README.md for repository and signer setup instructions.

Upgrading an existing repository installation

Assets 2
Loading