Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/cosign-installer
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v4.0.0
Choose a base ref
...
head repository: sigstore/cosign-installer
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v4.1.0
Choose a head ref
  • 13 commits
  • 3 files changed
  • 8 contributors

Commits on Oct 27, 2025

  1. fix path that was unix-centric (#204) 

    * fix path that was unix-centric

Signed-off-by: Bob Callaway <[email protected]>

* add back missing ./

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: Bob Callaway <[email protected]>
    @bobcallaway
    bobcallaway authored Oct 27, 2025
    Configuration menu
    Copy the full SHA
    dbac2a8 View commit details
    Browse the repository at this point in the history

Commits on Nov 24, 2025

  1. Bump actions/setup-go from 6.0.0 to 6.1.0 (#206)

    @dependabot
    dependabot[bot] authored Nov 24, 2025
    Configuration menu
    Copy the full SHA
    78c9329 View commit details
    Browse the repository at this point in the history

  2. Bump actions/checkout from 5.0.0 to 6.0.0 (#205)

    @dependabot
    dependabot[bot] authored Nov 24, 2025
    Configuration menu
    Copy the full SHA
    29bcfa8 View commit details
    Browse the repository at this point in the history

Commits on Dec 15, 2025

  1. drop tests with go1.24 as it cant build (#211) 

    Signed-off-by: Carlos Panato <[email protected]>
    @cpanato
    cpanato authored Dec 15, 2025
    Configuration menu
    Copy the full SHA
    b9a9af4 View commit details
    Browse the repository at this point in the history

Commits on Dec 16, 2025

  1. Bump actions/checkout from 6.0.0 to 6.0.1 (#208) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@1af3b93...8e8c483)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Dec 16, 2025
    Configuration menu
    Copy the full SHA
    c3f2d79 View commit details
    Browse the repository at this point in the history

Commits on Dec 18, 2025

  1. fix: use env vars for template expansions; show curl errors (#207) 

    * fix: use env vars for template expansions; show curl errors

* Use environment variables to avoid template expansions in code
  contexts, which could potentially result in code injection.
* Use `-S` option with `curl` so error output is not suppressed, which
  should result in more informative output when the installer fails due
  to network issues.
* Double-quote shell variable expansions to prevent unintended word
  splitting and globbing.

Signed-off-by: Daniel Hast <[email protected]>

* fix: substitute env vars in inputs.install-dir

Signed-off-by: Daniel Hast <[email protected]>

---------

Signed-off-by: Daniel Hast <[email protected]>
    @HastD
    HastD authored Dec 18, 2025
    Configuration menu
    Copy the full SHA
    f148005 View commit details
    Browse the repository at this point in the history

Commits on Dec 23, 2025

  1. feat: update to v3.0.3 (#212) 

    Signed-off-by: Carlos Alexandro Becker <[email protected]>
    @caarlos0
    caarlos0 authored Dec 23, 2025
    Configuration menu
    Copy the full SHA
    4d14d7f View commit details
    Browse the repository at this point in the history

Commits on Jan 14, 2026

  1. docs: fix registry from gcr.io to ghcr.io (#213) 

    Signed-off-by: MaineK00n <[email protected]>
    @MaineK00n
    MaineK00n authored Jan 14, 2026
    Configuration menu
    Copy the full SHA
    430b6a7 View commit details
    Browse the repository at this point in the history

Commits on Mar 2, 2026

  1. Bump actions/setup-go from 6.1.0 to 6.3.0 (#218)

    @dependabot
    dependabot[bot] authored Mar 2, 2026
    Configuration menu
    Copy the full SHA
    a6fdd19 View commit details
    Browse the repository at this point in the history

Commits on Mar 8, 2026

  1. test with go 1.26 too (#221)

    @bobcallaway
    bobcallaway authored Mar 8, 2026
    Configuration menu
    Copy the full SHA
    c17565f View commit details
    Browse the repository at this point in the history

  2. Bump actions/checkout from 6.0.1 to 6.0.2 (#217) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@8e8c483...de0fac2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 8, 2026
    Configuration menu
    Copy the full SHA
    351ea76 View commit details
    Browse the repository at this point in the history

Commits on Mar 9, 2026

  1. Bump cosign to 3.0.5 (#220) 

    * Upgrade to newest cosign version
* Also tweak README to mitigate issue #219: Do not promote the use of
  "cosign-release" argument

Signed-off-by: Jussi Kukkonen <[email protected]>
    @jku
    jku authored Mar 9, 2026
    Configuration menu
    Copy the full SHA
    5a292e1 View commit details
    Browse the repository at this point in the history

  2. fix: add retry to curl downloads for transient network failures (#210) 

    Transient network errors during the cosign download can cause the
action to fail. This is particularly problematic when the action runs
after images have been pushed to a registry, resulting in unsigned
images.

Add --retry 3 to all curl calls. By default, curl uses exponential
backoff: it waits 1 second before the first retry, then doubles the
wait time for each subsequent retry up to a maximum of 10 minutes. It
also respects Retry-After headers in the response.

Closes: #209

Signed-off-by: Jose Fernandez <[email protected]>
    @jfernandez
    jfernandez authored Mar 9, 2026
    Configuration menu
    Copy the full SHA
    ba7bc0a View commit details
    Browse the repository at this point in the history
Loading