python-tuf

mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00

Author	SHA1	Message	Date
dependabot[bot]	07de919f5f	build(deps): bump actions/checkout in the action-dependencies group Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`8e8c483db8...de0fac2e45`) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-26 23:02:38 +00:00
dependabot[bot]	53a8f11c20	build(deps): bump actions/checkout in the action-dependencies group Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6.0.0 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`1af3b93b68...8e8c483db8`) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-15 21:03:18 +00:00
dependabot[bot]	347f76fd68	build(deps): bump the action-dependencies group with 2 updates Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-python](https://github.com/actions/setup-python). Updates `actions/checkout` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`08c6903cd8...1af3b93b68`) Updates `actions/setup-python` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](`e797f83bcb...83679a892e`) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-dependencies - dependency-name: actions/setup-python dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-01 23:07:50 +00:00
Jussi Kukkonen	64cacfc553	conformance: Bump version and schedule a weekly run This way there is always an up-to-date result for the conformance report (https://theupdateframework.github.io/tuf-conformance/) to use Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2025-11-03 19:43:41 +02:00
dependabot[bot]	5f60ee52e5	build(deps): bump the action-dependencies group with 2 updates (#2856 ) Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/checkout` from 4.2.2 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`11bd71901b...08c6903cd8`) Updates `actions/download-artifact` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](`d3f86a106a...634f93cb29`) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-dependencies - dependency-name: actions/download-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-12 11:20:34 +03:00
NicholasTanz	41c7922c92	add zizmor for linting workflows. Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>	2025-02-19 21:53:14 -05:00
dependabot[bot]	df7f9d64b2	build(deps): bump theupdateframework/tuf-conformance Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance). Updates `theupdateframework/tuf-conformance` from 2.2.0 to 2.3.0 - [Release notes](https://github.com/theupdateframework/tuf-conformance/releases) - [Commits](`dee4e23533...9bfc222a37`) --- updated-dependencies: - dependency-name: theupdateframework/tuf-conformance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2025-02-17 13:42:10 +00:00
dependabot[bot]	acffdc030e	build(deps): bump theupdateframework/tuf-conformance Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance). Updates `theupdateframework/tuf-conformance` from 2.1.0 to 2.2.0 - [Release notes](https://github.com/theupdateframework/tuf-conformance/releases) - [Commits](`ad0e8bef1a...dee4e23533`) --- updated-dependencies: - dependency-name: theupdateframework/tuf-conformance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-11-29 14:16:48 +00:00
dependabot[bot]	42c3b2d919	build(deps): bump the action-dependencies group with 2 updates (#2729 )	2024-10-29 08:50:53 +02:00
dependabot[bot]	bb127ec6ca	build(deps): bump theupdateframework/tuf-conformance (#2727 ) Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance). Updates `theupdateframework/tuf-conformance` from 2.0.0 to 2.1.0 - [Release notes](https://github.com/theupdateframework/tuf-conformance/releases) - [Commits](`f4acd16d0e...ad0e8bef1a`) --- updated-dependencies: - dependency-name: theupdateframework/tuf-conformance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-10-22 10:30:01 +03:00
Jussi Kukkonen	e30838428e	README: Update badges * Add a badge for conformance * Shorten the name of the workflow (since that ends up in the badge) * Tweak badge alt names to be more useful Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-10-17 16:42:27 +03:00
dependabot[bot]	192a349c1b	build(deps): bump the action-dependencies group with 3 updates Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `actions/checkout` from 4.2.0 to 4.2.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`d632683dd7...eef61447b9`) Updates `actions/upload-artifact` from 4.4.0 to 4.4.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](`50769540e7...604373da63`) Updates `pypa/gh-action-pypi-publish` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](`897895f1e1...f7600683ef`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-10-07 21:33:01 +00:00
dependabot[bot]	4fbcfa0e2c	build(deps): bump theupdateframework/tuf-conformance (#2711 ) Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance). Updates `theupdateframework/tuf-conformance` from 1.1.0 to 2.0.0 - [Release notes](https://github.com/theupdateframework/tuf-conformance/releases) - [Commits](`d8ab40ba95...f4acd16d0e`) --- updated-dependencies: - dependency-name: theupdateframework/tuf-conformance dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-10-01 11:06:57 +03:00
dependabot[bot]	4ec49e23f7	build(deps): bump actions/checkout in the action-dependencies group (#2710 ) Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.1.7 to 4.2.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`692973e3d9...d632683dd7`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-10-01 11:00:12 +03:00
dependabot[bot]	5971b09ac2	build(deps): bump theupdateframework/tuf-conformance (#2704 ) Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance). Updates `theupdateframework/tuf-conformance` from 1.0.0 to 1.1.0 - [Release notes](https://github.com/theupdateframework/tuf-conformance/releases) - [Commits](`5ae68349ec...d8ab40ba95`) --- updated-dependencies: - dependency-name: theupdateframework/tuf-conformance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-17 13:04:14 +03:00
Jussi Kukkonen	9b2a931c78	Update permissions This does not really change the default much but it's a decent practice and makes the SSF Scorecard look better. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-09-12 12:58:12 +03:00
Jussi Kukkonen	3a429984bd	workflows: Enable tuf-conformance for PRs tuf-conformance workflow now pins a release tag so we can enable this on PRs. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-08-08 15:50:14 +03:00
Jussi Kukkonen	ce560215bf	Update tuf-conformance action to 1.0 Also update the client-under-test script (this is a direct copy from tuf-conformance). Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-08-08 15:48:13 +03:00
Jussi Kukkonen	40f72b1f14	workflows: Change conformance workflow name Otherwise you can't tell them apart in the UI... Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-07-11 18:41:32 +03:00
Jussi Kukkonen	b14452dac6	workflows: Tweak conformance step name Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-07-11 18:26:58 +03:00
Jussi Kukkonen	0b85ed570d	Add a conformance test workflow * The conformance test suite is likely to still change quite a bit so the workflow is not enabled on PRs yet * The actual conformance client is copied from the tuf-conformance project * This is mostly a test to see how things should work out, and a demonstration of how the tuf-conformance project should be used Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-07-10 16:15:36 +03:00

21 commits