From 492fb54473dd3e4c4a2bb274c7929efdd0cd5c45 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 09:39:40 +0000 Subject: [PATCH] chore(deps): update dependency carvel-dev/vendir to v0.39.0 (#224) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [carvel-dev/vendir](https://togithub.com/carvel-dev/vendir) | minor | `v0.38.0` -> `v0.39.0` | --- ### Release Notes
carvel-dev/vendir (carvel-dev/vendir) ### [`v0.39.0`](https://togithub.com/carvel-dev/vendir/releases/tag/v0.39.0) [Compare Source](https://togithub.com/carvel-dev/vendir/compare/v0.38.0...v0.39.0)

Installation and signature verification

 ##### Installation ##### By downloading binary from the release For instance, if you are using Linux on an AMD64 architecture: ```shell ### Download the binary curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.0/vendir-linux-amd64 ### Move the binary in to your PATH mv vendir-linux-amd64 /usr/local/bin/vendir ### Make the binary executable chmod +x /usr/local/bin/vendir ``` ##### Via Homebrew (macOS or Linux) ```shell $ brew tap carvel-dev/carvel $ brew install vendir $ vendir version ``` ##### Verify checksums file signature Install cosign on your system https://docs.sigstore.dev/system_config/installation/ The checksums file provided within the artifacts attached to this release is signed using [Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC. To validate the signature of this file, run the following commands: ```shell ### Download the checksums file, certificate and signature curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.0/checksums.txt curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.0/checksums.txt.pem curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.39.0/checksums.txt.sig ### Verify the checksums file cosign verify-blob checksums.txt \ --certificate checksums.txt.pem \ --signature checksums.txt.sig \ --certificate-identity-regexp=https://github.com/carvel-dev \ --certificate-oidc-issuer=https://token.actions.githubusercontent.com ``` ##### Verify binary integrity To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature. ```shell ### Verify the binary using the checksums file sha256sum -c checksums.txt --ignore-missing ```
### :sparkles: What's new * fix grammar in README by @​vtrent[https://github.com/carvel-dev/vendir/pull/324](https://togithub.com/carvel-dev/vendir/pull/324)ll/324 * Added changes to sign artifacts by @​kumaritanushr[https://github.com/carvel-dev/vendir/pull/339](https://togithub.com/carvel-dev/vendir/pull/339)ll/339 * Simplify gitignore and make sure all binaries are accounted for by @​100m[https://github.com/carvel-dev/vendir/pull/351](https://togithub.com/carvel-dev/vendir/pull/351)ll/351 * PrivateKey with or without extra char as newline will be accepted by @​kumaritanushr[https://github.com/carvel-dev/vendir/pull/349](https://togithub.com/carvel-dev/vendir/pull/349)ll/349 * Fix race condition when running multiple vendir from the same directory by @​Zebrad[https://github.com/carvel-dev/vendir/pull/345](https://togithub.com/carvel-dev/vendir/pull/345)ll/345 * Refactor lazy sync code by @​Zebrad[https://github.com/carvel-dev/vendir/pull/340](https://togithub.com/carvel-dev/vendir/pull/340)ll/340 * Fix: updated setup cosign step in release process by @​kumaritanushr[https://github.com/carvel-dev/vendir/pull/352](https://togithub.com/carvel-dev/vendir/pull/352)ll/352 * updated release to have installation and verification steps included in release notes by @​kumaritanushr[https://github.com/carvel-dev/vendir/pull/354](https://togithub.com/carvel-dev/vendir/pull/354)ll/354 #### New Contributors * @​vtrenton made their first contributi[https://github.com/carvel-dev/vendir/pull/324](https://togithub.com/carvel-dev/vendir/pull/324)ll/324 * @​100mik made their first contributi[https://github.com/carvel-dev/vendir/pull/351](https://togithub.com/carvel-dev/vendir/pull/351)ll/351 **Full Changelog**: https://github.com/carvel-dev/vendir/compare/v0.38.0...v0.39.0 ### :open_file_folder: Files Checksum 012531a2f1a2de8bc89f1623edfc40a7ac5aee421fe609085278fb9e287f1cdf ./vendir-linux-arm64 20b71cc25dc3fea31edf9667c92a05167f713935f854882159736443c2f7a0e6 ./vendir-windows-amd64.exe 90ae82718c1072831f3097bdb031d5a897cc9f2f8334e2e1d7f35e35d0abd84f ./vendir-darwin-amd64 91ecf04ad5cdfa0f8839dc1430da7a4da665f7cb88c64c0c72202f6db261e651 ./vendir-darwin-arm64 feb2836153508adfb6fd33c127e466c9ce26577678e93a252be2fec445f4501f ./vendir-linux-amd64
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/mykso/myks). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 41b5d010..0cfd336a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ FROM downloader AS vendir ARG TARGETOS ARG TARGETARCH # renovate: datasource=github-releases depName=carvel-dev/vendir -ARG VENDIR_VERSION=v0.38.0 +ARG VENDIR_VERSION=v0.39.0 RUN curl -fsSL \ https://github.com/carvel-dev/vendir/releases/download/${VENDIR_VERSION}/vendir-${TARGETOS}-${TARGETARCH} \ > vendir