chore(deps): update dependency sigstore/cosign to v3.0.4

chore(deps): use sigstore/cosign v2.6.2
fix(goreleaser): add annotation 'io.artifacthub.package.logo-url'
2026-02-03 20:05:36 +00:00 · 2026-02-03 21:00:58 +01:00 · 2026-02-03 13:46:53 +01:00 · 2026-02-03 13:44:23 +01:00 · 2026-02-02 22:37:08 +01:00
5 changed files with 12 additions and 6 deletions
--- a/.gitea/workflows/artifacthub-metadata.yaml
+++ b/.gitea/workflows/artifacthub-metadata.yaml
@@ -13,7 +13,7 @@ jobs:
    - uses: actions/checkout@v6.0.2
    - uses: sigstore/cosign-installer@v4.0.0
      with:
-        cosign-release: "v3.0.3" # renovate: datasource=github-tags depName=sigstore/cosign
+        cosign-release: "v3.0.4" # renovate: datasource=github-tags depName=sigstore/cosign
    - uses: docker/login-action@v3.7.0
      with:
        registry: git.cryptic.systems
@@ -38,6 +38,7 @@ jobs:
        echo "${COSIGN_PUBLIC_KEY}" > cosign.pub
        oras push git.cryptic.systems/volker.raschek/dcmerge:cosign.pub \
          --artifact-type application/vnd.dev.cosign.public-key.v1 \
          --annotation org.opencontainers.image.title=cosign.pub \
          cosign.pub:application/vnd.dev.cosign.public-key.v1
    - name: Push artifacthub-repo.yml to docker.io
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -33,7 +33,7 @@ jobs:
        rm syft_${SYFT_VERSION}_${OS}_${ARCH}.deb
    - uses: sigstore/cosign-installer@v4.0.0
      with:
-        cosign-release: "v3.0.3" # renovate: datasource=github-tags depName=sigstore/cosign
+        cosign-release: "v3.0.4" # renovate: datasource=github-tags depName=sigstore/cosign
    - uses: docker/setup-qemu-action@v3.7.0
    - uses: docker/setup-buildx-action@v3.12.0
    - uses: actions/setup-go@v6.2.0
@@ -72,6 +72,6 @@ jobs:
          --dest-password ${{ secrets.DOCKER_IO_PASSWORD }} \
          --dest-username ${{ secrets.DOCKER_IO_USERNAME }} \
          --src-password ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} \
-          --src-username volker.raschek \
+          --src-username ${{ github.repository_owner }} \
            docker://git.cryptic.systems/volker.raschek/dcmerge:${TAG} \
            docker://docker.io/volkerraschek/dcmerge:${TAG}
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -104,6 +104,7 @@ dockers_v2:
    io.artifacthub.package.alternative-locations: "docker.io/volkerraschek/{{ .ProjectName }}:{{ .Version }}"
    io.artifacthub.package.keywords: "docker,docker-compose,merge,ci"
    io.artifacthub.package.logo-url: "https://git.cryptic.systems/volker.raschek/{{ .ProjectName }}/raw/tag/v{{ .Version }}/icons/icon.png"
    io.artifacthub.package.license: "MIT"
    io.artifacthub.package.readme-url: "https://git.cryptic.systems/volker.raschek/{{ .ProjectName }}/raw/tag/v{{ .Version }}/README.md"
@@ -327,11 +328,13 @@ docker_signs:
  #
  # Default: ["sign", "--key=cosign.key", "${artifact}@${digest}", "--yes"].
  # Templates: allowed.
  # Note: Using --registry-referrers-mode=legacy ensures signature is stored as sha256-<digest>.sig tag
  # which is required by ArtifactHub to display the "Signed" badge
  args:
  - "sign"
  - "--key=env://COSIGN_PRIVATE_KEY"
  - "${artifact}@${digest}"
  - "--yes"
  - "${artifact}@${digest}"
  # Which artifacts to sign.
  #
@@ -342,7 +345,7 @@ docker_signs:
  #   '':        images built by dockers_v2
  #
  # Default: ''.
-  artifacts: all
+  artifacts: manifests
  # IDs of the artifacts to sign.
  ids:
@@ -356,6 +359,8 @@ docker_signs:
  # StdinFile file to be given to the signature command as stdin.
  # stdin_file: ./passphrase.key
  output: true
 gitea_urls:
  api: https://git.cryptic.systems/api/v1
  download: https://git.cryptic.systems
--- a/icons/icon.png
+++ b/icons/icon.png
--- a/icons/icon_32x32.png
+++ b/icons/icon_32x32.png
Author	SHA1	Message	Date
CSRBot	686aaaaac6	chore(deps): update dependency sigstore/cosign to v3.0.4 All checks were successful Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 10s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (pull_request) Successful in 9s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (pull_request) Successful in 7s Details Lint Markdown files / Run markdown linter (pull_request) Successful in 5s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 30s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 23s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (pull_request) Successful in 31s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (pull_request) Successful in 25s Details	2026-02-03 20:05:36 +00:00
Markus Pesch	fa8d0b9176	chore(deps): use sigstore/cosign v2.6.2 All checks were successful Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 11s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s Details Lint Markdown files / Run markdown linter (push) Successful in 4s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 30s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 24s Details Release / Release application (push) Successful in 1m41s Details Release / Upload Images to docker.io (push) Successful in 1m29s Details	2026-02-03 21:00:58 +01:00
Markus Pesch	faaba66bce	fix(goreleaser): add annotation 'io.artifacthub.package.logo-url' All checks were successful Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 10s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s Details Lint Markdown files / Run markdown linter (push) Successful in 4s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 30s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 24s Details	2026-02-03 13:46:53 +01:00
Markus Pesch	4b5b41e4b9	fix(icons): add icons All checks were successful Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 12s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s Details Lint Markdown files / Run markdown linter (push) Successful in 4s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 29s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 24s Details	2026-02-03 13:44:23 +01:00
Markus Pesch	2a114e1369	fix(goreleaser): print cosign cmd on stdout All checks were successful Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 12s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s Details Lint Markdown files / Run markdown linter (push) Successful in 4s Details Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 30s Details Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 24s Details Release / Release application (push) Successful in 2m20s Details Release / Upload Images to docker.io (push) Successful in 1m19s Details	2026-02-02 22:37:08 +01:00