Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [actions/github-script](https://github.com/actions/github-script) from 4 to 5.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v4...v5

)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update key flag and add workflow-dispacth to trigger the build manually

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update key flag and add workflow-dispacth to trigger the build manually

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 1.3.1 to 1.4.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v1.3.1...v1.4.1

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v1.3.0...v1.3.1

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Fuzzing the RequestFromRekor API call using go-fuzz.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

makefile: add rule to download and set swagger and make rule to build rekor-cli for cross platform (#391)

* makefile: add rule to download and set swagger and make rule to build rekor-cli for cross platform

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update ci

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Jake Sanders <jsand@google.com>

* Adopt new signing/verification APIs from sigstore

This uses the new APIs introduced in sigstore/sigstore/pkg/signature and
removes most of the calls directly to the golang crypto APIs.

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* GetLogByIndexHandler returns 404 for missing index

GRPC return codes have changed after switching the Trillian GRPC calls
due to recent changes; therefore we need to adapt for InvalidArgument
which should be returned as a 404 Not Found error to callers.

Fixes #296

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2 to v2.5.2.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update boilerplate header and apply go fmt

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* lints: fix golangci-lint issues

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* updated based on feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2.5.1 to v2.5.2.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2.5.1...5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* fail build if diff exists

Right now the build tries to detect mismatches between what is in the change versus any changes actually occurred from a clean rebuild (e.g. missed checking in any updates to generated code). However if those are present, the build logs print that out but do not cause the build to fail.

Also bumps GOVERSION to match what is used in Dockerfile so we don't have go.mod or go.sum as a reason for above.

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Bumps [securego/gosec](https://github.com/securego/gosec) from v2.6.1 to v2.7.0.
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](https://github.com/securego/gosec/compare/v2.6.1...27a5ffb5c8f6dd3b6dea3b8e6019a2b3d43bf0f9

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump golangci/golangci-lint-action from v2.4.0 to v2.5.1

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2.4.0 to v2.5.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2.4.0...d9f0e73c0497685d68af8c58280f49fcaf0545ff

)

Signed-off-by: dependabot[bot] <support@github.com>

* bump lint version in addition to action version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>

Bumps [securego/gosec](https://github.com/securego/gosec) from v2.5.0 to v2.6.1.
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](https://github.com/securego/gosec/compare/v2.5.0...00bbbd8413c816b90b380e53e47ffab354edeee7

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2 to v2.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...544d2efb307b3f205f34886f2787046abe7fb26e

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Enable dependabot.

These require the minisign binary to be installed.

This allows us to skip sticking it onto each request context and retrieving it.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

also make GOVERSION an environment variable