v0.0.24

What's Changed

The release improves the content quality of the Client Conformance Report.

• Allow skipping of result upload, avoid uploading "staging" results by @loosebazooka in #277
• Improve client conformance report content by @di in #284, #283, #288
• Various small bug fixes by @jku in #294

Full Changelog: v0.0.23...v0.0.24

v0.0.23

sigstore-conformance GitHub action now publishes test results as GitHub artifacts: The sigstore-conformance project collects these results into a report: https://sigstore.github.io/sigstore-conformance/

Note: Users are requested to schedule a weekly run of sigstore-conformance to ensure that up-to-date results are available for the report. Thanks for the help!

Added

• Publish conformance test results (#268)

Fixed

• Fix cache dir lookup on non-linux platforms (#264)

v0.0.22

Changes

The main change fixes installation issue on Python 3.14 (#269): The action now manages the Python version it uses internally.

• Refactor Rekor v2 signing test by @jku in #262
• selftest: Upgrade client to sigstore-python 4.1.0 by @jku in #265
• Manage python versions by @jku in #267

Full Changelog: v0.0.21...v0.0.22

v0.0.21

Fixed

• Fix rekor2 signing test by updating the signingconfig used there: The signing config is currently hard coded and the previous shard was just closed for write traffic: #252

v0.0.20

What's Changed

the sign command of the CLI protocol now contains optional --signing-config and --trusted-root arguments: This feature is used in the new signing test, users should update their client-under-test CLI implementations (or alternatively mark the test as XFAILed if the underlying client is incompatible). See CLI protocol for more details.

Added tests

• Multiple new verification tests for rekor2 entries
• Signing test for rekor2 entries

Full Changelog: v0.0.19...v0.0.20

v0.0.19

What's Changed

• Test names have changed: Expected failures ("xfail") lists must be updated
• xfails can now be expressed with wildcards, see README for details and examples
• Tests now include rekor v2 tests: this means bundles with
  • Log entries with kindversion hashedrekord 0.0.2 or dsse 0.0.2
  • TSA timestamps that clients must verify correctly
  • No integrated time in the entry

New Contributors

• @aaronlew02 made their first contribution in #235

Full Changelog: v0.0.18...v0.0.19

v0.0.18

This is a small bug fix release.

What's Changed

• Test suite runtime environment is now fully separated in both the Makefile and the action itself by @jku in #187, #204
• Dependency updates (cryptography, sigstore-protobuf-specs, pytest)

Full Changelog: v0.0.17...v0.0.18

v0.0.17

What's Changed

• Bump the actions group with 2 updates by @dependabot in #184
• Use log groups in the action by @jku in #191
• Always show test durations by @di in #189
• Compile dependencies by @di in #192
• cpython verify: Only verify one artifact per release by @jku in #196
• Bump cryptography from 44.0.0 to 44.0.1 by @dependabot in #197
• README: fix badges by @jku in #198
• action: bump cpython-release-tracker by @woodruffw in #199
• README: prep for v0.0.17 release by @woodruffw in #200

New Contributors

• @di made their first contribution in #189

Full Changelog: v0.0.16...v0.0.17

v0.0.16

What's Changed

• Fix action failure #178 by pinning dependencies better by @jku

Full Changelog: v0.0.15...v0.0.16

v0.0.15

What's Changed

• Add and update dsse tests by @loosebazooka in #175
• handle different certificate fields correctly by @woodruffw in #176

Full Changelog: v0.0.14...v0.0.15