From 596181931efa6d2d0f2d43e633cfec9ee222c671 Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 27 Sep 2023 12:49:08 -0400
Subject: [PATCH 1/7] update goreleaser version

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 .github/workflows/container.yml | 2 +-
 .github/workflows/release.yml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 203749e..54d7610 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -8,7 +8,7 @@ on:
 
 env:
   # renovate: datasource=go depName=github.com/goreleaser/goreleaser
-  GORELEASER_VERSION: v1.10.2
+  GORELEASER_VERSION: v1.21.2
 
 jobs:
   skip-check:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ee34594..492b6ed 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,7 +10,7 @@ permissions:
 
 env:
   # renovate: datasource=go depName=github.com/goreleaser/goreleaser
-  GORELEASER_VERSION: v1.18.2
+  GORELEASER_VERSION: v1.21.2
 
 jobs:
   binaries:

From 5c6a60ace366e382af85d499b6dc1cead7aaf4ce Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 27 Sep 2023 12:49:25 -0400
Subject: [PATCH 2/7] update golangci-lint

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index efb55cf..83c8d34 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,7 +10,7 @@ env:
   # renovate: datasource=go depName=mvdan.cc/gofumpt
   GOFUMPT_VERSION: v0.3.1
   # renovate: datasource=go depName=github.com/golangci/golangci-lint
-  GOLANGCI_LINT_VERSION: v1.53.3
+  GOLANGCI_LINT_VERSION: v1.54.2
 
 jobs:
   skip-check:

From 1f033a4e161b848577870bc53e134abb8040b478 Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 27 Sep 2023 12:49:50 -0400
Subject: [PATCH 3/7] update goreleaser flag

---
 .github/workflows/container.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 54d7610..684e398 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -60,7 +60,7 @@ jobs:
           cache: true
 
       - name: Run Goreleaser
-        run: goreleaser release --rm-dist --skip-validate --skip-publish --snapshot --debug
+        run: goreleaser release --clean --skip-validate --skip-publish --snapshot --debug
 
       - name: Archive generated artifacts
         uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0

From 4a89d6e27c2650ee0fcdd05f608f6c25f3564e4c Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 27 Sep 2023 12:50:37 -0400
Subject: [PATCH 4/7] update go image to match the go modules

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 .github/workflows/container.yml | 2 +-
 .github/workflows/docs.yml      | 1 -
 Makefile                        | 2 +-
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 684e398..45bfdcc 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -44,7 +44,7 @@ jobs:
     if: ${{ needs.skip-check.outputs.should_skip != 'true' }}
     runs-on: ubuntu-latest
     container:
-      image: docker.io/goreleaser/goreleaser-cross:v1.18.3
+      image: docker.io/goreleaser/goreleaser-cross:v1.21.1
       options: --privileged
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 7505be8..f9d6e0b 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -3,7 +3,6 @@ name: Documents
 on:
   push:
     branches: [ main ]
-    paths:
   pull_request:
     branches: [ main ]
 
diff --git a/Makefile b/Makefile
index 308472e..a06bc25 100644
--- a/Makefile
+++ b/Makefile
@@ -93,7 +93,7 @@ container: $(OUT_DIR)
 
 .PHONY: container-dev
 container-dev:
-	docker build -t $(OUT_DOCKER_DEV):$(VERSION) --build-arg=GOLANG_BASE=golang:1.18.3-bullseye --build-arg=DEBIAN_BASE=debian:bullseye-slim .
+	docker build -t $(OUT_DOCKER_DEV):$(VERSION) --build-arg=GOLANG_BASE=golang:1.21.1-bullseye --build-arg=DEBIAN_BASE=debian:bullseye-slim .
 
 .PHONY: sign-container
 sign-container:

From f99923bd31d726dea61b7a2222c69b5f4c51618a Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 27 Sep 2023 12:50:55 -0400
Subject: [PATCH 5/7] update cosign flags

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 .github/workflows/container.yml | 4 +++-
 .github/workflows/release.yml   | 4 +++-
 Makefile                        | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 45bfdcc..2206e52 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -82,6 +82,8 @@ jobs:
         --privileged
         --security-opt label=disable
         --security-opt seccomp=unconfined
+      env:
+        TUF_ROOT: /tmp
     permissions:
       id-token: write
       packages: write
@@ -127,7 +129,7 @@ jobs:
 
       - name: Push and sign container
         env:
-          COSIGN_EXPERIMENTAL: true
+          COSIGN_YES: true
         run: |
           make push-container
           make sign-container
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 492b6ed..9dc7728 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -68,6 +68,8 @@ jobs:
         --privileged
         --security-opt label=disable
         --security-opt seccomp=unconfined
+      env:
+        TUF_ROOT: /tmp
     permissions:
       id-token: write
       packages: write
@@ -116,6 +118,6 @@ jobs:
 
       - name: Sign container
         env:
-          COSIGN_EXPERIMENTAL: true
+          COSIGN_YES: true
         run: |
           make sign-container
diff --git a/Makefile b/Makefile
index a06bc25..de3e79d 100644
--- a/Makefile
+++ b/Makefile
@@ -98,7 +98,7 @@ container-dev:
 .PHONY: sign-container
 sign-container:
 	crane digest $(OUT_DOCKER):$(VERSION)
-	cosign sign --force -a GIT_HASH=$(COMMIT) -a GIT_VERSION=$(VERSION) $(OUT_DOCKER)@$(shell crane digest $(OUT_DOCKER):$(VERSION))
+	cosign sign -a GIT_HASH=$(COMMIT) -a GIT_VERSION=$(VERSION) $(OUT_DOCKER)@$(shell crane digest $(OUT_DOCKER):$(VERSION))
 
 .PHONY: push-container
 push-container:

From ffe0ebe2f23f39b9f07ba70f059c24370857c70b Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 27 Sep 2023 12:55:39 -0400
Subject: [PATCH 6/7] update deprecated section

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 .goreleaser.yml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index c2862bd..23a1c88 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -28,13 +28,14 @@ builds:
       # {{.CommitDate}} is the date of the commit to make builds reproducible.
       - -X main.version={{.Version}} -X main.commit={{.FullCommit}} -X main.date={{.CommitDate}} -X main.goArch={{.Runtime.Goarch}}
 archives:
-  - replacements:
-      linux: Linux
-      darwin: Darwin
-      amd64: x86_64
-    format_overrides:
-      - goos: windows
-        format: zip
+  - id: archives
+    name_template: >-
+      {{- .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end -}}
 checksum:
   name_template: 'checksums.txt'
 snapshot:

From 4fbfda4a74ff898b5b4981a4245a88a7b7b24157 Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Wed, 27 Sep 2023 13:05:19 -0400
Subject: [PATCH 7/7] update podman digest

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 .github/workflows/container.yml | 8 +++++++-
 .github/workflows/release.yml   | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 2206e52..938c47a 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -53,6 +53,12 @@ jobs:
       - name: Check out the code
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
 
+      - name: 'Trust the github workspace'
+        run: |
+          # This is to avoid fatal errors about "dubious ownership" because we are
+          # running inside of a container action with the workspace mounted in.
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
       - name: Set up Go
         uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # tag=v3.2.1
         with:
@@ -76,7 +82,7 @@ jobs:
     needs: build-binaries
     runs-on: ubuntu-latest
     container:
-      image: quay.io/containers/podman:v4.6.2@sha256:e0cef628e369cf466979d08bda2c25d861e2b90e6236e99b817235b612c511b3
+      image: quay.io/containers/podman:v4.6.2@sha256:0402e08323ce9f033c710a05913e9258f1d9c59af76930580adb2ec8a1f68db6
       options: >-
         --device /dev/fuse:rw
         --privileged
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9dc7728..4aef1e2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,7 +62,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: binaries
     container:
-      image: quay.io/containers/podman:v4.6.2@sha256:e0cef628e369cf466979d08bda2c25d861e2b90e6236e99b817235b612c511b3
+      image: quay.io/containers/podman:v4.6.2@sha256:0402e08323ce9f033c710a05913e9258f1d9c59af76930580adb2ec8a1f68db6
       options: >-
         --device /dev/fuse:rw
         --privileged