* Bump github/codeql-action from 2.1.7 to 2.1.8

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.7 to 2.1.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0182a2c78c8a55b763909348834ed54d735ab3e2...1ed1437484560351c5be56cf73a48a279d116b78

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Update release jobs and trillian images

Signed-off-by: cpanato <ctadeu@gmail.com>

* update ko to v0.11.2

Signed-off-by: cpanato <ctadeu@gmail.com>

Signed-off-by: Bob Callaway <bcallaway@google.com>

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/581838fbedd492d2350a9ecd427a95d6de1e5d01...d6a3abf1bdea83574e28d40543793018b6035605

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump anchore/sbom-action from 0.8.0 to 0.9.0

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/2ad78246293830258e98b4e707b1fb02d0242828...f6c3d0fe42c3cf876e3462574e4c9416b5e0f07a

)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump codecov/codecov-action from 2.1.0 to 3

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/f32b3a3741e1053eb607407145bc9619351dc93b...e3c560433a6cc60aec8812599b7844a7b4fa0d71

)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump github/codeql-action from 2.1.6 to 2.1.7

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/28eead240834b314f7def40f6fcba65d100d99b1...0182a2c78c8a55b763909348834ed54d735ab3e2

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump google-github-actions/auth from 0.6.0 to 0.7.0

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/8d125895b958610ec414ca4dae010257eaa814d3...50dbfd0907520dcccbd51e965728eb32e592b8fa

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

This allows you to create an entry for the entire certificate chain, not
just the leaf certificate. The certificate chain will be verified before
adding the entry.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Specify public key for each inactive shard in config

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Updated the integration test

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Add debugging to the sharding test

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Add debugging

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Bump github/codeql-action from 1.1.5 to 2.1.6

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.5 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/883476649888a9e8e219d5b2e6b789dc024f690c...28eead240834b314f7def40f6fcba65d100d99b1

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Signed-off-by: Lily Sturmann <lsturman@redhat.com>

tlog_id specifes the active shard and is kept for backwards compatibility.
To avoid replicating information, the shard config file is used only to
specify inactive shards and must be used in conjunction with a tlog_id flag.
Together, these build the logRanges type in the sharding module.

Signed-off-by: Lily Sturmann <lsturman@redhat.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

* Bump anchore/sbom-action from 0.7.0 to 0.8.0

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/ce4a7cf05d7b684693d7b6bba97bfbee56806edb...2ad78246293830258e98b4e707b1fb02d0242828

)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Replace trillian_log_server.log_id_ranges flag with a config file

This will make it easier to specify mulitple shards, along with associated tree IDs and lengths.
Each shard may eventually have its own signer/public key as well, so it'll be easier to pass those in through
a config file rather than through CLI flags.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Add active tree ID to ranges

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0

)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update loginfo to return info about inactive shards

This also updates `rekor-cli` to verify inactive shards if they exist. It also updates the sharding integration test to run loginfo and store state based on TreeID if available.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Fix typo

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* specify resp code in error

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.23.2 to 0.23.3.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.23.2...v0.23.3

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This refactors the loginfo file in preparation for also getting info for inactive shards and verifying them as well.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

We will need this so we can get proofs for inactive shards. This will be used by `loginfo`.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Bump github/codeql-action from 1.1.4 to 1.1.5

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f5d822707ee6e8fb81b04a5c0040b736da22e587...883476649888a9e8e219d5b2e6b789dc024f690c

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Signed-off-by: Kenny Leung <kleung@chainguard.dev>

Signed-off-by: Kenny Leung <kleung@chainguard.dev>

* Return virtual index when creating and getting a log entry

Use the virtual index when signing an entry on creation, and return that to the end user.
There shouldn't be any observable difference here at the moment, until we actually shard the log.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Remove pointer to logRanges so value can't be modified

Also make all fields private and only accessible via funcition calls

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Fix virtual log index bug when getting indicies in inactive shards

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0

)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

Bumps golang from `ca70980` to `c7c9458`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.44.0 to 1.45.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.44.0...v1.45.0

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

When printing the TreeID with rekor-cli loginfo, if the output is parsed through jq
then the TreeID gets rounded down as an int because it is bigger than JSON allows Numbers to be.

This is how jq works and is mentioned in the FAQ: https://github.com/stedolan/jq/wiki/FAQ#numbers



Switching this to a string will preserve the actual Tree ID.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

And also handle the roothash.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

The logid field comes back as nil (which is expected), but we break trying
to dereference that for formatting.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.10.0 to 10.10.1.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.10.0...v10.10.1

)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/75f07e7ab2ee63cba88752d8c696324e4df67466...f5d822707ee6e8fb81b04a5c0040b736da22e587

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Kenny Leung <kleung@chainguard.dev>

Bumps golang from `0168c35` to `ca70980`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Kenny Leung <kleung@chainguard.dev>

* Bump anchore/sbom-action from 0.6.0 to 0.7.0

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/3626d7d7b13e87ee6c6f9ded3940dea05a3967bc...ce4a7cf05d7b684693d7b6bba97bfbee56806edb

)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>