Skip to content

Commit f3c66ad

Browse files
authored
Merge branch 'main' into ww/bump-proto-specs
2 parents 9a3bdf2 + 7cb709f commit f3c66ad

File tree

6 files changed

+17
-12
lines changed

6 files changed

+17
-12
lines changed

.github/workflows/ci.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,12 +46,16 @@ jobs:
4646
- name: test (offline)
4747
if: matrix.conf.os == 'ubuntu-latest'
4848
run: |
49+
# Look at me. I am the captain now.
50+
sudo sysctl -w kernel.unprivileged_userns_clone=1
51+
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
52+
4953
# We use `unshare` to "un-share" the default networking namespace,
5054
# in effect running the tests as if the host is offline.
5155
# This in turn effectively exercises the correctness of our
5256
# "online-only" test markers, since any test that's online
5357
# but not marked as such will fail.
54-
# We also explicitly exclude the intergration tests, since these are
58+
# We also explicitly exclude the integration tests, since these are
5559
# always online.
5660
unshare --map-root-user --net make test T="test/unit" TEST_ARGS="--skip-online -vv --showlocals"
5761

.github/workflows/conformance.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
- name: install sigstore-python
2525
run: python -m pip install .
2626

27-
- uses: sigstore/sigstore-conformance@b0635d4101f11dbd18a50936568a1f7f55b17760 # v0.0.14
27+
- uses: sigstore/sigstore-conformance@d658ea74a060aeabae78f8a379167f219dc38c38 # v0.0.16
2828
with:
2929
entrypoint: ${{ github.workspace }}/test/integration/sigstore-python-conformance
3030
xfail: "test_verify_with_trust_root test_verify_dsse_bundle_with_trust_root" # see issue 821

.github/workflows/pin-requirements.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,7 @@ jobs:
129129
git push -f origin "origin/main:${SIGSTORE_PIN_REQUIREMENTS_BRANCH}"
130130
131131
- name: Open pull request
132-
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
132+
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
133133
with:
134134
title: |
135135
Update pinned requirements for ${{ env.SIGSTORE_RELEASE_TAG }}

.github/workflows/release.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -74,14 +74,14 @@ jobs:
7474
done
7575
7676
- name: Upload built packages
77-
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
77+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
7878
with:
7979
name: built-packages
8080
path: ./dist/
8181
if-no-files-found: warn
8282

8383
- name: Upload smoketest-artifacts
84-
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
84+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
8585
with:
8686
name: smoketest-artifacts
8787
path: smoketest-artifacts/
@@ -130,7 +130,7 @@ jobs:
130130
# Confusingly, this action also supports updating releases, not
131131
# just creating them. This is what we want here, since we've manually
132132
# created the release that triggered the action.
133-
uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
133+
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
134134
with:
135135
# smoketest-artifacts/ contains the signatures and certificates.
136136
files: |

.github/workflows/scorecards-analysis.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,14 +44,14 @@ jobs:
4444

4545
# Upload the results as artifacts (optional).
4646
- name: "Upload artifact"
47-
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
47+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
4848
with:
4949
name: SARIF file
5050
path: results.sarif
5151
retention-days: 5
5252

5353
# Upload the results to GitHub's code scanning dashboard.
5454
- name: "Upload to code-scanning"
55-
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
55+
uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
5656
with:
5757
sarif_file: results.sarif

install/requirements.txt

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -491,9 +491,9 @@ pyjwt==2.10.1 \
491491
--hash=sha256:3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953 \
492492
--hash=sha256:dcdd193e30abefd5debf142f9adfcdd2b58004e644f25406ffaebd50bd98dacb
493493
# via sigstore
494-
pyopenssl==24.3.0 \
495-
--hash=sha256:49f7a019577d834746bc55c5fce6ecbcec0f2b4ec5ce1cf43a9a173b8138bb36 \
496-
--hash=sha256:e474f5a473cd7f92221cc04976e48f4d11502804657a08a989fb3be5514c904a
494+
pyopenssl==25.0.0 \
495+
--hash=sha256:424c247065e46e76a37411b9ab1782541c23bb658bf003772c3405fbaa128e90 \
496+
--hash=sha256:cd2cef799efa3936bb08e8ccb9433a575722b9dd986023f1cabc4ae64e9dac16
497497
# via sigstore
498498
python-dateutil==2.9.0.post0 \
499499
--hash=sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3 \
@@ -536,7 +536,7 @@ securesystemslib==1.2.0 \
536536
sigstore==3.6.1 \
537537
--hash=sha256:b568b16322222e834940acabdc84fbb16c8780874c3c21c6c8dde928dae0f881 \
538538
--hash=sha256:ee60fdc9236fd6709271ad53b44027461360c3fde155d2af15482e4c451ff865
539-
# via -r requirements.in
539+
# via -r install/requirements.in
540540
sigstore-protobuf-specs==0.3.2 \
541541
--hash=sha256:50c99fa6747a3a9c5c562a43602cf76df0b199af28f0e9d4319b6775630425ea \
542542
--hash=sha256:cae041b40502600b8a633f43c257695d0222a94efa1e5110a7ec7ada78c39d99
@@ -560,6 +560,7 @@ typing-extensions==4.12.2 \
560560
# multidict
561561
# pydantic
562562
# pydantic-core
563+
# pyopenssl
563564
# rich
564565
urllib3==2.2.3 \
565566
--hash=sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac \

0 commit comments

Comments
 (0)