Skip to content

Comments

chore: Bump actions and pre-commit hook refs#84

Merged
Techassi merged 5 commits intomainfrom
chore/pre-25.11.0-action-bumps
Oct 24, 2025
Merged

chore: Bump actions and pre-commit hook refs#84
Techassi merged 5 commits intomainfrom
chore/pre-25.11.0-action-bumps

Conversation

@Techassi
Copy link
Member

@Techassi Techassi commented Oct 24, 2025

  • Bump actions
    • Bump actions/checkout to v5.0.0
    • Bump sigstore/cosign-installer to v4.0.0
    • Bump anchore/sbom-action to v0.20.9
    • Bump docker/login-action to v3.6.0
    • Bump cachix/install-nix-action to v31.8.1
    • Bump actions/setup-python to v6.0.0
    • Bump actions/cache to v4.3.0
    • Bump Swatinem/rust-cache to v2.8.1
    • Bump actions/download-artifact to v5.0.0
    • Bump actions/upload-artifact to v4.6.2
    • Bump slackapi/slack-github-action to v2.1.1
    • Bump softprops/action-gh-release to v2.4.1
  • Bump pre-commit hook refs
    • Bump pre-commit/pre-commit-hooks to 6.0.0
    • Bump adrienverge/yamllint to 1.37.1
    • Bump igorshubovych/markdownlint-cli to 0.45.0
    • Bump koalaman/shellcheck-precommit to 0.11.
    • Bump rhysd/actionlint to 1.7.8

@Techassi
chore: Bump actions used in composite actions
1bda93d 
- Bump sigstore/cosign-installer to v4.0.0
- Bump anchore/sbom-action to v0.20.9
- Bump docker/login-action to v3.6.0
- Bump cachix/install-nix-action to v31.8.1
- Bump actions/setup-python to v6.0.0
- Bump actions/cache to v4.3.0
- Bump Swatinem/rust-cache to v2.8.1
- Bump actions/download-artifact to v4.6.2
- Bump slackapi/slack-github-action to v2.1.1
@Techassi
chore: Bump pre-commit hook refs
f30dfe3 
- Bump pre-commit/pre-commit-hooks to 6.0.0
- Bump adrienverge/yamllint to 1.37.1
- Bump igorshubovych/markdownlint-cli to 0.45.0
- Bump koalaman/shellcheck-precommit to 0.11.
- Bump rhysd/actionlint to 1.7.8
@Techassi
ci: Bump workflow actions
4ed2804 
- Bump actions/checkout to v5.0.0
- Bump actions/upload-artifact to v4.6.2
- Bump actions/download-artifact to v5.0.0
- Bump softprops/action-gh-release to v2.4.1
@Techassi
chore: Update default action version inputs
967bd20
@Techassi Techassi self-assigned this Oct 24, 2025
@Techassi Techassi moved this to Development: In Progress in Stackable Engineering Oct 24, 2025
@Techassi Techassi marked this pull request as ready for review October 24, 2025 08:32
@Techassi Techassi moved this from Development: In Progress to Development: Waiting for Review in Stackable Engineering Oct 24, 2025
@NickLarsenNZ NickLarsenNZ moved this from Development: Waiting for Review to Development: In Review in Stackable Engineering Oct 24, 2025
NickLarsenNZ
NickLarsenNZ approved these changes Oct 24, 2025
View reviewed changes
Copy link
Member

@NickLarsenNZ NickLarsenNZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved on the condition that changes/changelogs were checked before bumping to the latest.

@Techassi
Copy link
Member Author

Techassi commented Oct 24, 2025
edited
Loading

The changelogs were checked by me and no commit immediately stood out as malicious. I also didn't spot any breaking change which requires changes on our side.

@Techassi Techassi merged commit 75e0756 into main Oct 24, 2025
11 checks passed
@Techassi Techassi deleted the chore/pre-25.11.0-action-bumps branch October 24, 2025 08:43
@Techassi Techassi moved this from Development: In Review to Development: Done in Stackable Engineering Oct 24, 2025
@lfrancke lfrancke moved this from Development: Done to Done in Stackable Engineering Oct 24, 2025
@dervoeti
Copy link
Member

dervoeti commented Oct 30, 2025
edited
Loading

Release Note

BREAKING: With the release of SDP 25.11, we now sign container images and Helm charts using cosign 3 and its new bundle format, benefiting from the OCI Referrers API. This means to verify signatures of this and future releases, customers need to use cosign 3. Verification using cosign 2 is also possible if you're using version 2.6.0 or above and provide the additional flag --new-bundle-format, but cosign 3 is recommended for full compatibility and functionality. For guidance on how to verify image signatures, please consult the Stackable documentation.

@dervoeti dervoeti added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Oct 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NickLarsenNZ NickLarsenNZ NickLarsenNZ approved these changes

Assignees

@Techassi Techassi

Labels

release-note Denotes a PR that will be considered when it comes time to generate release notes.

Projects

Stackable Engineering
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Techassi @dervoeti @NickLarsenNZ