Signed-off-by: cpanato <ctadeu@gmail.com>

* Bump actions/checkout from 3.0.1 to 3.0.2

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/dcd71f646680f2efd8db4afa5ad64fdcba30e748...2541b1294d2704b0964813337f33b291d3f8596b

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* add version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/407a3ec314b07e326eff3ba171091cbc150460a8...bb716408e75840bbb01e839347cd213767269d4a

)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/a12a3943b4bdde767164f792f33f40b04645d846...dcd71f646680f2efd8db4afa5ad64fdcba30e748

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

* Bump anchore/sbom-action from 0.9.0 to 0.10.0

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/f6c3d0fe42c3cf876e3462574e4c9416b5e0f07a...407a3ec314b07e326eff3ba171091cbc150460a8

)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Update release jobs and trillian images

Signed-off-by: cpanato <ctadeu@gmail.com>

* update ko to v0.11.2

Signed-off-by: cpanato <ctadeu@gmail.com>

* Bump anchore/sbom-action from 0.8.0 to 0.9.0

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/2ad78246293830258e98b4e707b1fb02d0242828...f6c3d0fe42c3cf876e3462574e4c9416b5e0f07a

)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump anchore/sbom-action from 0.7.0 to 0.8.0

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/ce4a7cf05d7b684693d7b6bba97bfbee56806edb...2ad78246293830258e98b4e707b1fb02d0242828

)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump anchore/sbom-action from 0.6.0 to 0.7.0

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/3626d7d7b13e87ee6c6f9ded3940dea05a3967bc...ce4a7cf05d7b684693d7b6bba97bfbee56806edb

)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* update go to use release 1.17.8

Signed-off-by: cpanato <ctadeu@gmail.com>

* update cosign image to use release v1.6.0

Signed-off-by: cpanato <ctadeu@gmail.com>

* Bump actions/checkout from 2.4.0 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/ec3a7ce113134d7a93b817d10a8272cb61118579...a12a3943b4bdde767164f792f33f40b04645d846

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/c127c9be6187cfff52edfac7c51b1834a47995d7...b953231f81b8dfd023c58e0854a721e35037f28b

)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump actions/setup-go from 2.2.0 to 3.0.0

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.2.0 to 3.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/bfdd3570ce990073878bf10f6b2d79082de49492...f6164bd8c8acb4a71fb2791a8b6c4024ff038dab

)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

* Trigger Build

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.8.1 to 2.9.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/79d4afbba1b4eff8b9a98e3d2e58c4dbaf094e2b...c127c9be6187cfff52edfac7c51b1834a47995d7

)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* update cross-build to use go 1.17.7

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update dockerfile base go image to use go 1.17.7

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Bump actions/setup-go from 2.1.5 to 2.2.0

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.1.5 to 2.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/424fc82d43fa5a37540bae62709ddcc23d9520d4...bfdd3570ce990073878bf10f6b2d79082de49492

)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version in comment

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bob.callaway@gmail.com>

* update release job

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update changelog

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/5df302e5e9e4c66310a6b6493a8865b12c555af2...79d4afbba1b4eff8b9a98e3d2e58c4dbaf094e2b

)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

* pin all github actions by digest instead of tag

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* pin items in Dockerfile

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* fix GOVERSION logic

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>