github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/CHANGELOG.md (about) 1 # CHANGELOG 2 3 All notable changes to this project will be documented in this file. 4 5 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 6 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 7 8 <!-- markdown-toc --bullets="-" -i CHANGELOG.md --> 9 10 <!-- toc --> 11 12 - [v2.0.0](#v200) 13 - [v2.0.0: Breaking Change: upload-artifact and download-artifact](#v200-breaking-change-upload-artifact-and-download-artifact) 14 - [v2.0.0: Breaking Change: attestation-name Workflow Input and Output](#v200-breaking-change-attestation-name-workflow-input-and-output) 15 - [v2.0.0: DSSE Rekor Type](#v200-dsse-rekor-type) 16 - [v1.10.0](#v1100) 17 - [v1.10.0: TUF fix](#v1100-tuf-fix) 18 - [v1.10.0: Gradle Builder](#v1100-gradle-builder) 19 - [v1.10.0: Go Builder](#v1100-go-builder) 20 - [v1.10.0: Container Generator](#v1100-container-generator) 21 - [v1.9.0](#v190) 22 - [v1.9.0: BYOB framework (beta)](#v190-byob-framework-beta) 23 - [v1.9.0: Maven builder (beta)](#v190-maven-builder-beta) 24 - [v1.9.0: Gradle builder (beta)](#v190-gradle-builder-beta) 25 - [v1.9.0: JReleaser builder](#v190-jreleaser-builder) 26 - [v1.8.0](#v180) 27 - [v1.8.0: Generic Generator](#v180-generic-generator) 28 - [v1.8.0: Node.js Builder (beta)](#v180-nodejs-builder-beta) 29 - [v1.7.0](#v170) 30 - [v1.7.0: Go builder](#v170-go-builder) 31 - [v1.6.0](#v160) 32 - [Summary of changes](#summary-of-changes) 33 - [Go builder](#go-builder) 34 - [New Features](#new-features) 35 - [Generic generator](#generic-generator) 36 - [New Features](#new-features-1) 37 - [Container generator](#container-generator) 38 - [Changelog since v1.5.0](#changelog-since-v150) 39 - [v1.5.0](#v150) 40 - [Summary of changes](#summary-of-changes-1) 41 - [Go builder](#go-builder-1) 42 - [New Features](#new-features-2) 43 - [Generic generator](#generic-generator-1) 44 - [New Features](#new-features-3) 45 - [Container generator](#container-generator-1) 46 - [New Features](#new-features-4) 47 - [Changelog since v1.4.0](#changelog-since-v140) 48 - [v1.4.0](#v140) 49 - [What's Changed](#whats-changed) 50 - [Generic Generator](#generic-generator) 51 - [Bug fixes](#bug-fixes) 52 - [Go Builder](#go-builder) 53 - [Bug fixes](#bug-fixes-1) 54 - [New Contributors](#new-contributors) 55 - [Full Changelog](#full-changelog) 56 - [v1.4.0-rc.2](#v140-rc2) 57 - [What's Changed](#whats-changed-1) 58 - [New Contributors](#new-contributors-1) 59 - [Full Changelog](#full-changelog-1) 60 - [v1.4.0-rc.1](#v140-rc1) 61 - [What's Changed](#whats-changed-2) 62 - [New Contributors](#new-contributors-2) 63 - [Full Changelog](#full-changelog-2) 64 - [v1.4.0-rc.0](#v140-rc0) 65 - [What's Changed](#whats-changed-3) 66 - [New Contributors](#new-contributors-3) 67 - [Full Changelog](#full-changelog-3) 68 - [v1.2.2](#v122) 69 - [What's Changed](#whats-changed-4) 70 - [New Contributors](#new-contributors-4) 71 - [Full Changelog](#full-changelog-4) 72 - [v1.2.1](#v121) 73 - [What's Changed](#whats-changed-5) 74 - [Generic generator](#generic-generator-2) 75 - [buildType](#buildtype) 76 - [Provenance file names](#provenance-file-names) 77 - [Explicit opt-in for private repos](#explicit-opt-in-for-private-repos) 78 - [Go builder](#go-builder-2) 79 - [Support private repos](#support-private-repos) 80 - [New Contributors](#new-contributors-5) 81 - [Full Changelog](#full-changelog-5) 82 - [v1.2.0](#v120) 83 - [What's Changed](#whats-changed-6) 84 - [Generic generator](#generic-generator-3) 85 - [Go builder](#go-builder-3) 86 - [New Contributors](#new-contributors-6) 87 - [Full Changelog](#full-changelog-6) 88 - [v1.1.1](#v111) 89 - [What's Changed](#whats-changed-7) 90 - [New Contributors](#new-contributors-7) 91 - [Full Changelog](#full-changelog-7) 92 - [v1.0.0](#v100) 93 - [What's Changed](#whats-changed-8) 94 - [Contributors](#contributors) 95 96 <!-- tocstop --> 97 98 <!-- 99 Information on the next release will be added here. 100 101 Use the format "X.Y.Z: Go builder" etc. for format headers to avoid header name 102 duplication." 103 --> 104 105 ## v2.0.0 106 107 ### v2.0.0: Breaking Change: upload-artifact and download-artifact 108 109 - Our workflows now use the new `@v4`s of `actions/upload-artifact` and 110 `actions/download-artifact`, which are incompatiblle with the prior `@v3`. See 111 Our docs on the [generic generator](./internal/builders/generic/README.md#compatibility-with-actionsdownload-artifact) 112 for more information and how to upgrade. 113 114 ### v2.0.0: Breaking Change: attestation-name Workflow Input and Output 115 116 - `attestation-name` as a workflow input to 117 `.github/workflows/generator_generic_slsa3.yml` is now removed. Use 118 `provenance-name` instead. 119 120 ### v2.0.0: DSSE Rekor Type 121 122 - When uploading signed provenance to the log, the entry created in the log is now 123 a DSSE Rekor type. This fixes a bug where the current intoto type does not 124 persist provenance signatures. The attestation will no longer be persisted 125 in Rekor ([#3299](https://github.com/yogeshkumararora/slsa-github-generator/issues/3299)) 126 127 ## v1.10.0 128 129 Release [v1.10.0](https://github.com/yogeshkumararora/slsa-github-generator/releases/tag/v1.10.0) includes bug fixes and new features. 130 131 See the [full change list](https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.9.0...v1.10.0). 132 133 ### v1.10.0: TUF fix 134 135 - The cosign TUF roots were fixed ([#3350](https://github.com/yogeshkumararora/slsa-github-generator/issues/3350)). 136 More details [here](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid). 137 138 ### v1.10.0: Gradle Builder 139 140 - The Gradle Builder was fixed when the project root is the same as the 141 repository root ([#2727](https://github.com/yogeshkumararora/slsa-github-generator/issues/2727)) 142 143 ### v1.10.0: Go Builder 144 145 - The `go-version-file` input was fixed so that it can find the `go.mod` file 146 ([#2661](https://github.com/yogeshkumararora/slsa-github-generator/issues/2661)) 147 148 ### v1.10.0: Container Generator 149 150 - A new `provenance-repository` input was added to allow reading provenance from 151 a different container repository than the image itself ([#2956](https://github.com/yogeshkumararora/slsa-github-generator/issues/2956)) 152 153 ## v1.9.0 154 155 Release [v1.9.0] includes bug fixes and new features. 156 157 See the [full change list](https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.8.0...v1.9.0). 158 159 ### v1.9.0: BYOB framework (beta) 160 161 - **New**: A [new framework](https://github.com/yogeshkumararora/slsa-github-generator/blob/main/BYOB.md) to turn GitHub Actions into SLSA compliant builders. 162 163 ### v1.9.0: Maven builder (beta) 164 165 - **New**: A [Maven builder](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/maven) to build Java projects and publish to Maven central. 166 167 ### v1.9.0: Gradle builder (beta) 168 169 - **New**: A [Gradle builder](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/gradle) to build Java projects and publish to Maven central. 170 171 ### v1.9.0: JReleaser builder 172 173 - **New**: A [JReleaser builder](https://github.com/jreleaser/release-action/tree/v1.0.0-java) that wraps the official [JReleaser Action](https://github.com/jreleaser/release-action/tree/v1.0.0-java). 174 175 ## v1.8.0 176 177 Release [v1.8.0] includes bug fixes and new features. 178 179 See the [full change list](https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.7.0...v1.8.0). 180 181 ### v1.8.0: Generic Generator 182 183 - **Added**: A new 184 [`base64-subjects-as-file`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.8.0/internal/builders/generic/README.md#workflow-inputs) 185 was added to allow for specifying a large subject list. 186 187 ### v1.8.0: Node.js Builder (beta) 188 189 - **Fixed**: Publishing for non-scoped packages was fixed (See 190 [#2359](https://github.com/yogeshkumararora/slsa-github-generator/issues/2359)) 191 - **Fixed**: Documentation was updated to clarify that the GitHub Actions 192 `deployment` event is not supported. 193 - **Changed**: The file extension for the generated provenance file was changed 194 from `.sigstore` to `.build.slsa` in order to make it easier to identify 195 provenance files regardless of file format. 196 - **Fixed**: The publish action was fixed to address an issue with the package 197 name when using Node 16. 198 199 ## v1.7.0 200 201 This release includes the first beta release of the 202 [Container-based builder](https://github.com/yogeshkumararora/slsa-github-generator/tree/v1.7.0/internal/builders/docker). 203 The Container-based builder provides a GitHub Actions reusable workflow that can 204 be used to invoke a container image with a user-specified command to generate an 205 artifact and SLSA Build L3 compliant provenance. 206 207 ### v1.7.0: Go builder 208 209 - **Added**: A new 210 [go-version-file](https://github.com/yogeshkumararora/slsa-github-generator/blob/main/internal/builders/go/README.md#workflow-inputs) 211 input was added. This allows you to specify a go.mod file in order to track 212 which version of Go is used for your project. 213 214 ## v1.6.0 215 216 This release includes the first beta release of the 217 [Node.js builder](https://github.com/yogeshkumararora/slsa-github-generator/tree/v1.6.0/internal/builders/nodejs). 218 The Node.js builder provides a GitHub Actions reusable workflow that can be 219 called to build a Node.js package, generate SLSA Build L3 compliant provenance, 220 and publish it to the npm registry along with the package. 221 222 ### Summary of changes 223 224 #### Go builder 225 226 ##### New Features 227 228 - A new 229 [`prerelease`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-inputs) 230 input was added to allow users to create releases marked as prerelease when 231 `upload-assets` is set to `true`. 232 - A new input [`draft-release`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-inputs) was added to allow users to create releases marked 233 as draft when `upload-assets` is set to `true`. 234 - A new output [`go-provenance-name`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-outputs) added which can be used to retrieve the name 235 of the provenance file generated by the builder. 236 237 #### Generic generator 238 239 ##### New Features 240 241 - A new input [`draft-release`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.6.0/internal/builders/generic/README.md#workflow-inputs) was added to allow users to create releases marked 242 as draft when `upload-assets` is set to `true`. 243 244 #### Container generator 245 246 The Container Generator was updated to use `cosign` v2.0.0. No changes to the 247 workflow's inputs or outputs were made. 248 249 ### Changelog since v1.5.0 250 251 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.5.0...v1.6.0 252 253 ## v1.5.0 254 255 <!-- Information on the next release will be added here. --> 256 257 ### Summary of changes 258 259 #### Go builder 260 261 ##### New Features 262 263 - A new [`upload-tag-name`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`. 264 - The environment variables included in provenance output were changed to include only those variables that are specified by the user in the [slsa-goreleaser.yml configuration file](https://github.com/yogeshkumararora/slsa-github-generator/tree/v1.5.0/internal/builders/go#configuration-file) in order to improve reproducibility. See [#822](https://github.com/yogeshkumararora/slsa-github-generator/issues/822) for more information and background. 265 266 #### Generic generator 267 268 ##### New Features 269 270 - A new boolean [`continue-on-error`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-outputs) output. 271 - A new [`upload-tag-name`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`. 272 273 #### Container generator 274 275 ##### New Features 276 277 - A new boolean [`continue-on-error`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-outputs) output. 278 - A new [`repository-username`](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) secret input was added to allow users to pass their repository username that is stored in a [Github Actions encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets). This secret input should only be used for high-entropy registry username values such as AWS Access Key. 279 - Support was added for authenticating with [Google Artifact Registry](https://cloud.google.com/artifact-registry) and [Google Container Registry](https://cloud.google.com/container-registry) using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). Users can use this new feature by using the [`gcp-workload-identity-provider` and `gcp-service-account` inputs](https://github.com/yogeshkumararora/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) 280 281 ### Changelog since v1.4.0 282 283 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.4.0...v1.5.0 284 285 ## v1.4.0 286 287 ### What's Changed 288 289 This release is the first Generally Available version of the [Container Generator workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/container). The Container Generator workflow is now considered stable and can be included in your production GitHub Actions workflows 290 291 This is also the first release (technically the second) with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!! 292 We hope to have fewer issues with sigstore infrastructure moving forward. 293 294 #### Generic Generator 295 296 ##### Bug fixes 297 298 1. Allow users of the [Generic Generator](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance for artifacts created in a project subdirectory (#1225) 299 300 #### Go Builder 301 302 ##### Bug fixes 303 304 1. Allow environment variables to contain '=' characters in the [Go builder](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/go) (#1231) 305 306 ### New Contributors 307 308 - @cfergeau made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1232 309 - @DanAlbert made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1239 310 - @gal-legit made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1252 311 312 ### Full Changelog 313 314 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.2.2...v1.4.0 315 316 ## v1.4.0-rc.2 317 318 \*_This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the official release._ 319 320 ### What's Changed 321 322 This release is the first Generally Available version of the [generic container workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/container). The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows 323 324 This is also the first release with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)! 325 326 This release also includes a couple of bug fixes: 327 328 1. Allow users of the [generic generator workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance using for artifacts created in a project subdirectory (#1225) 329 2. Allow environment variables to contain '=' characters in the [Go workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/go) (#1231) 330 331 ### New Contributors 332 333 - @cfergeau made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1232 334 - @DanAlbert made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1239 335 - @gal-legit made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1252 336 337 ### Full Changelog 338 339 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.2.2...v1.4.0-rc.2 340 341 ## v1.4.0-rc.1 342 343 \*_This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the official release._ 344 345 ### What's Changed 346 347 This release is the first Generally Available version of the [generic container workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/container). The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows 348 349 This is also the first release with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)! 350 351 This release also includes a couple of bug fixes: 352 353 1. Allow users of the [generic generator workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance using for artifacts created in a project subdirectory (#1225) 354 2. Allow environment variables to contain '=' characters in the [Go workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/go) (#1231) 355 356 ### New Contributors 357 358 - @cfergeau made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1232 359 - @DanAlbert made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1239 360 - @gal-legit made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1252 361 362 ### Full Changelog 363 364 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.2.2...v1.4.0-rc.1 365 366 ## v1.4.0-rc.0 367 368 **This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the official release.** 369 370 ### What's Changed 371 372 This release is the first Generally Available version of the [generic container workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/container). The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows 373 374 This is also the first release with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)! 375 376 This release also includes a couple of bug fixes: 377 378 1. Allow users of the [generic generator workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance using for artifacts created in a project subdirectory (#1225) 379 2. Allow environment variables to contain '=' characters in the [Go workflow](https://github.com/yogeshkumararora/slsa-github-generator/tree/main/internal/builders/go) (#1231) 380 381 ### New Contributors 382 383 - @cfergeau made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1232 384 - @DanAlbert made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1239 385 - @gal-legit made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1252 386 387 ### Full Changelog 388 389 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.2.2...v1.4.0-rc.0 390 391 ## v1.2.2 392 393 ### What's Changed 394 395 This release fixes issues with signing provenance due to a change in Sigstore TUF root certificates (#1163). This release also includes better handling of transient errors from the Rekor transparency logs. 396 397 ### New Contributors 398 399 - @suzuki-shunsuke made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1061 400 - @datosh made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1074 401 - @pnacht made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1187 402 - @dongheelee92 made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/1209 403 404 ### Full Changelog 405 406 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.2.1...v1.2.2 407 408 ## v1.2.1 409 410 **DO NOT USE THIS RELEASE. This version will no longer work and is not supported due to errors described in #1163. Please upgrade to [v1.2.2](https://github.com/yogeshkumararora/slsa-github-generator/releases/tag/v1.2.2) or later.** 411 412 ### What's Changed 413 414 This release fixes an error that occurs on the "Generate Builder" step for various workflows. 415 416 ```text 417 FAILED: SLSA verification failed: could not find a matching valid signature entry 418 ``` 419 420 See #942 421 422 #### Generic generator 423 424 ##### buildType 425 426 This release changes the [`buildType`](https://slsa.dev/provenance/v0.2#buildType) used in provenance created by the generic generator. 427 428 The previous value was: 429 430 ```json 431 "buildType": "https://github.com/yogeshkumararora/slsa-github-generator@v1", 432 ``` 433 434 The new value is: 435 436 ```json 437 "buildType": "https://github.com/yogeshkumararora/slsa-github-generator/generic@v1", 438 ``` 439 440 See #627 441 442 ##### Provenance file names 443 444 Previously the default file name for provenance was `attestation.intoto.jsonl`. This has been updated to be in line with [intoto attestation file naming conventions](https://github.com/in-toto/attestation/blob/main/spec/bundle.md#file-naming-convention). The file name now defaults to `<artifact filename>.intoto.jsonl` if there is a single artifact, or `multiple.intoto.jsonl` if there are multiple artifacts. 445 446 See #654 447 448 ##### Explicit opt-in for private repos 449 450 Private repository support was enhanced to required the `private-repository` input field as the repository name will be made public in the public Rekor transparency log. 451 452 Please add the following to your workflows if you opt into allowing repository names to be recorded in the public Rekor transparency log. 453 454 ```yaml 455 with: 456 private-repository: true 457 ``` 458 459 See #823 460 461 #### Go builder 462 463 ##### Support private repos 464 465 Support for private repositories was fixed. If using a private repository you must specify the `private-repository` input field as the repository name will be made public in the public Rekor transparency log. 466 467 Please add the following to your workflows if you opt into allowing repository names to be recorded in the public Rekor transparency log. 468 469 ```yaml 470 with: 471 private-repository: true 472 ``` 473 474 See #823 475 476 ### New Contributors 477 478 - @sethmlarson made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/758 479 - @yunginnanet made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/776 480 - @diogoteles08 made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/957 481 482 ### Full Changelog 483 484 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.2.0...v1.2.1 485 486 ## v1.2.0 487 488 **DO NOT USE THIS RELEASE. This version will no longer work and is not supported due to errors described in #942. Please upgrade to [v1.2.2](https://github.com/yogeshkumararora/slsa-github-generator/releases/tag/v1.2.2) or later.** 489 490 ### What's Changed 491 492 #### Generic generator 493 494 The highlight of this release is a new re-usable workflow called the "Generic generator". It lets users build artifacts on their own and generate a provenance that satisfies SLSA provenance 3 requirement. It's perfect to get started with SLSA with minimal changes to an existing build workflow. To use it, check the [README.md](https://github.com/yogeshkumararora/slsa-github-generator/blob/main/internal/builders/generic/README.md)! 495 496 #### Go builder 497 498 No changes. 499 500 ### New Contributors 501 502 - @naveensrinivasan made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/352 503 - @renovate-bot made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/401 504 - @rarkins made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/489 505 - @developer-guy made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/497 506 - @loosebazooka made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/573 507 508 ### Full Changelog 509 510 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.1.1...v1.2.0 511 512 ## v1.1.1 513 514 ### What's Changed 515 516 - Improve documentation 517 - Fix filename issue when resolving it with variables 518 - Add support for environment variables in artifact filename 519 520 ### New Contributors 521 522 - @joshuagl made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/199 523 - @mihaimaruseac made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/202 524 - @MarkLodato made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/312 525 - @chipzoller made their first contribution in https://github.com/yogeshkumararora/slsa-github-generator/pull/354 526 527 ### Full Changelog 528 529 https://github.com/yogeshkumararora/slsa-github-generator/compare/v1.0.0...v1.1.1 530 531 ## v1.0.0 532 533 ### What's Changed 534 535 This is the first official release of the generator. The first builder we are releasing is for Golang projects. 536 To learn how to use it, see [./README.md#golang-projects](https://github.com/yogeshkumararora/slsa-github-generator#golang-projects) 537 538 ### Contributors 539 540 @asraa @ianlewis @MarkLodato @joshuagl @laurentsimon 541 542 [v1.8.0]: https://github.com/yogeshkumararora/slsa-github-generator/releases/tag/v1.8.0 543 [v1.9.0]: https://github.com/yogeshkumararora/slsa-github-generator/releases/tag/v1.9.0