Features
Keyless signing with sigstore
Sigstore announced GA for Rekor and Fulcio. Now you can use this to do keyless signing of containers.
:warn: Beware that this stores all information in a public log, so you should not use this for private containers.
Breaking changes
The deprecation warnings from previous releases have now become breaking. Please update your workflows.
| Old argument | New argument |
|---|---|
DOCKER_USERNAME |
REGISTRY_USERNAME |
DOCKER_PASSWORD |
REGISTRY_TOKEN |
DOCKER_REGISTRY |
REGISTRY_URL |
What's Changed
- Keyless signing by @JeroenKnoops in #154
- Prepare for release by @JeroenKnoops in #157
Dependency updates
- Bump docker from 20.10.20-git to 20.10.21-git by @dependabot in #153
- Bump stefanzweifel/git-auto-commit-action from 4.15.2 to 4.15.3 by @dependabot in #152
- Fix sign with your own keys. by @JeroenKnoops in #156
Full Changelog: v4.5.3...v5.0.0
Contributors
JeroenKnoops and dependabot
Assets 2
0
Join discussion