* Code of conduct
* Committer guidelines (good commit messages, issue raising etc)

Signed-off-by: Luke Hinds <lhinds@redhat.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.35.0 to 1.36.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.35.0...v1.36.0

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

All instances of projectrekor are now renamed to SigStore

This includes:

* Import paths
* Tests
* Readme's

Signed-off-by: Luke Hinds <lhinds@redhat.com>

* Bump golangci/golangci-lint-action from v2.4.0 to v2.5.1

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2.4.0 to v2.5.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2.4.0...d9f0e73c0497685d68af8c58280f49fcaf0545ff

)

Signed-off-by: dependabot[bot] <support@github.com>

* bump lint version in addition to action version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>

* Bump github.com/google/trillian from 1.3.10 to 1.3.13

Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.3.10 to 1.3.13.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.3.10...v1.3.13

)

Signed-off-by: dependabot[bot] <support@github.com>

* update to new package structure

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* register hasher

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* revert to original naming

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallawa@redhat.com>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>

* Bump github.com/go-openapi/spec from 0.20.1 to 0.20.3

Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.20.1 to 0.20.3.
- [Release notes](https://github.com/go-openapi/spec/releases)
- [Commits](https://github.com/go-openapi/spec/compare/v0.20.1...v0.20.3

)

Signed-off-by: dependabot[bot] <support@github.com>

* update go.sum

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Luke Hinds <7058938+lukehinds@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallawa@redhat.com>

Allow uploading x509 signatures based on a cert rather than the publi…

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Bump github.com/spf13/cobra from 1.0.0 to 1.1.3

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.0.0 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.0.0...v1.1.3

)

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/go-openapi/errors](https://github.com/go-openapi/errors) from 0.19.9 to 0.20.0.
- [Release notes](https://github.com/go-openapi/errors/releases)
- [Commits](https://github.com/go-openapi/errors/compare/v0.19.9...v0.20.0

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/validate](https://github.com/go-openapi/validate) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/go-openapi/validate/releases)
- [Commits](https://github.com/go-openapi/validate/compare/v0.20.1...v0.20.2

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.32.0 to 1.35.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.32.0...v1.35.0

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/loads](https://github.com/go-openapi/loads) from 0.20.0 to 0.20.2.
- [Release notes](https://github.com/go-openapi/loads/releases)
- [Commits](https://github.com/go-openapi/loads/compare/v0.20.0...v0.20.2

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps golang from 1.15 to 1.16.0.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [securego/gosec](https://github.com/securego/gosec) from v2.5.0 to v2.6.1.
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](https://github.com/securego/gosec/compare/v2.5.0...00bbbd8413c816b90b380e53e47ffab354edeee7

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2 to v2.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...544d2efb307b3f205f34886f2787046abe7fb26e

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Enable dependabot.

By using viper.GetString(flag), viper will return the values of that
argument from a precedence order (including CLI arguments). However, if
a value was passed in through an environment variable or as a value in
the config file, it would skip the validation step since that logic was
defined against the FlagSet for command line arguments.

This change causes validation to be done across all input methods.

Fixes #157

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

This works! We can use it to track # of new entries over time.

Add prometheus /metrics endpoint.

This just exposes the default go metrics for now. We can use middleware to expose
more custom metrics for our API.

fixes #149

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Add ed25519 support to ssh libraries.

* persist URL along with state for comparison

* change to map so we can store state from multiple Rekor instances concurrently

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Add and plumb through the ssh type.

Stick the generated RPM in a tmpdir.

I noticed this when running some tests locally.

Add initial libraries for ssh support.