* Bump anchore/sbom-action from 0.6.0 to 0.7.0

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/3626d7d7b13e87ee6c6f9ded3940dea05a3967bc...ce4a7cf05d7b684693d7b6bba97bfbee56806edb

)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump sigstore/cosign-installer from 2.0.1 to 2.1.0

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/179e0f15e70e22ca2e7254fc12d68a9fbab35614...581838fbedd492d2350a9ecd427a95d6de1e5d01

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump actions/upload-artifact from 2.3.1 to 3

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/82c141cc518b40d92cc801eee768e7aafc9c2fa2...6673cd052c4cd6fcf4b4e6e60ea986c889389535

)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* update go to use release 1.17.8

Signed-off-by: cpanato <ctadeu@gmail.com>

* update cosign image to use release v1.6.0

Signed-off-by: cpanato <ctadeu@gmail.com>

Use codecov as service for code coverage.

Signed-off-by: Kenny Leung <kleung@chainguard.dev>

* Bump actions/checkout from 2.4.0 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/ec3a7ce113134d7a93b817d10a8272cb61118579...a12a3943b4bdde767164f792f33f40b04645d846

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/c127c9be6187cfff52edfac7c51b1834a47995d7...b953231f81b8dfd023c58e0854a721e35037f28b

)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump actions/setup-go from 2.2.0 to 3.0.0

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.2.0 to 3.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/bfdd3570ce990073878bf10f6b2d79082de49492...f6164bd8c8acb4a71fb2791a8b6c4024ff038dab

)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

* Trigger Build

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump golangci/golangci-lint-action from 3.0.0 to 3.1.0

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/c675eb70db3aa26b496bc4e64da320480338d41b...b517f99ae23d86ecc4c0dec08dcf48d2336abc29

)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.8.1 to 2.9.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/79d4afbba1b4eff8b9a98e3d2e58c4dbaf094e2b...c127c9be6187cfff52edfac7c51b1834a47995d7

)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump golangci/golangci-lint-action from 2.5.2 to 3

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 2.5.2 to 3.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018...c675eb70db3aa26b496bc4e64da320480338d41b

)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* add required go installation, update version comments

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump github/codeql-action from 1.1.2 to 1.1.3

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/d39d5d5c9707b926d517b1b292905ef4c03aa777...75f07e7ab2ee63cba88752d8c696324e4df67466

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Kenny Leung <kleung@chainguard.dev>

* Bump sigstore/cosign-installer from 2.0.0 to 2.0.1

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/51f8e5c6fce54e46006ae97d73b2b6315f518752...179e0f15e70e22ca2e7254fc12d68a9fbab35614

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump ossf/scorecard-action from 1.0.3 to 1.0.4

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Commits](https://github.com/ossf/scorecard-action/compare/b614d455ee90608b5e36e3299cd50d457eb37d5f...c1aec4ac820532bab364f02a81873c555a0ba3a1

)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump github/codeql-action from 1.1.0 to 1.1.2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.0 to 1.1.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/474bbf07f9247ffe1856c6a0f94aeeb10e7afee6...d39d5d5c9707b926d517b1b292905ef4c03aa777

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump actions/github-script from 5.1.0 to 6

Bumps [actions/github-script](https://github.com/actions/github-script) from 5.1.0 to 6.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/e3cbab99d3a9b271e1b79fc96d103a4a5534998c...9ac08808f993958e9de277fe43a64532a609130e

)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump github/codeql-action from 1.0.32 to 1.1.0

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.32 to 1.1.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/2b46439dd5477d8a1659811cdc500d35e601a1cb...474bbf07f9247ffe1856c6a0f94aeeb10e7afee6

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* update cross-build to use go 1.17.7

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update dockerfile base go image to use go 1.17.7

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Bump actions/setup-go from 2.1.5 to 2.2.0

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.1.5 to 2.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/424fc82d43fa5a37540bae62709ddcc23d9520d4...bfdd3570ce990073878bf10f6b2d79082de49492

)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version in comment

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bob.callaway@gmail.com>

* Bump github/codeql-action from 1.0.31 to 1.0.32

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.31 to 1.0.32.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/1a927e9307bc11970b2c679922ebc4d03a5bd980...2b46439dd5477d8a1659811cdc500d35e601a1cb

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* update release job

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update changelog

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/7a360a247cce1245c1d13bc63d8b2ac927d201c8...8d125895b958610ec414ca4dae010257eaa814d3

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github/codeql-action from 1.0.30 to 1.0.31

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.30 to 1.0.31.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8b37404d562d866ad6a65d0ecb4fa5131e047ca4...1a927e9307bc11970b2c679922ebc4d03a5bd980

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version marker

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump sigstore/cosign-installer from 1.4.1 to 2.0.0

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 1.4.1 to 2.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/116dc6872c0a067bcb78758f18955414cdbf918f...51f8e5c6fce54e46006ae97d73b2b6315f518752

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version marker

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump ossf/scorecard-action from 1.0.2 to 1.0.3

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Commits](https://github.com/ossf/scorecard-action/compare/c8416b0b2bf627c349ca92fc8e3de51a64b005cf...b614d455ee90608b5e36e3299cd50d457eb37d5f

)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version marker

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump github/codeql-action from 1.0.29 to 1.0.30

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.29 to 1.0.30.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/384cfc42b2131df01c009d3d2eed7b78d8e8556e...8b37404d562d866ad6a65d0ecb4fa5131e047ca4

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comments

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump ossf/scorecard-action from 1.0.1 to 1.0.2

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Commits](https://github.com/ossf/scorecard-action/compare/e3e75cf2ffbf9364bbff86cdbdf52b23176fe492...c8416b0b2bf627c349ca92fc8e3de51a64b005cf

)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comments

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.4.4 to 0.5.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/c6c22902f6af237edb96ede5f25a00e864589b2f...7a360a247cce1245c1d13bc63d8b2ac927d201c8

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.28 to 1.0.29.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8a4b243fbf9a03a93e93a71c1ec257347041f9c4...384cfc42b2131df01c009d3d2eed7b78d8e8556e

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update github/codeql-action requirement to 8a4b243fbf9a03a93e93a71c1ec257347041f9c4

Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action) to permit the latest version.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/commits/8a4b243fbf9a03a93e93a71c1ec257347041f9c4

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comments

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bob.callaway@gmail.com>

* Bump ossf/scorecard-action

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 0fe1afdc40f536c78e3dc69147b91b3ecec2cc8a to 1.0.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Commits](https://github.com/ossf/scorecard-action/compare/0fe1afdc40f536c78e3dc69147b91b3ecec2cc8a...e3e75cf2ffbf9364bbff86cdbdf52b23176fe492

)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* add version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/5df302e5e9e4c66310a6b6493a8865b12c555af2...79d4afbba1b4eff8b9a98e3d2e58c4dbaf094e2b

)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

* stop using github secret and use GCP workload identity pool

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* move to rekor-specific provider

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* pin all github actions by digest instead of tag

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* pin items in Dockerfile

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* fix GOVERSION logic

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [actions/github-script](https://github.com/actions/github-script) from 4 to 5.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v4...v5

)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>