* ensure fallback logic executes if attestation key is empty

Signed-off-by: Bob Callaway <bcallaway@google.com>

* add gcloud auth to get containers

Signed-off-by: Bob Callaway <bcallaway@google.com>

* use correct ref, not a creds problem

Signed-off-by: Bob Callaway <bcallaway@google.com>

* use full path to rekor-cli, not safe to assume path is set

Signed-off-by: Bob Callaway <bcallaway@google.com>

* use external volume and set perms

Signed-off-by: Bob Callaway <bcallaway@google.com>

* collect docker-compose logs if sharding tests fail, also trim IDs

Signed-off-by: Bob Callaway <bcallaway@google.com>

* s/TRAP/trap, test failure case

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix left padding, rename log uploads, remove failure test

Co-authored-by: Bob Callaway <bcallaway@google.com>
Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>

* add missing negation

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix return code logic

Signed-off-by: Bob Callaway <bcallaway@google.com>

Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

This causes issues when trying to look up an entry where the chain was
valid/unexpired when uploaded, but has since expired when it's
retreived.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Bump actions/dependency-review-action from 2.0.0 to 2.0.2

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.0 to 2.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/97790d29c7fb370b5e1edbec513501e78789337d...1c59cdf2a9c7f29c90e8da32237eb04b81bad9f0

)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.2 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/a9c83d3af6b9031e20feba03b904645bb23d1dab...97790d29c7fb370b5e1edbec513501e78789337d

)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sigstore/cosign-installer from 2.3.0 to 2.4.0

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/536b37ec5d5b543420bdfd9b744c5965bd4d8730...7e0881f8fe90b25e305bbf0309761e9314607e25

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* updatge version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

* Print total tree size, including inactive shards

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Rename TreeSize to ActiveTreeSize

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Allow retrieving entryIDs or UUIDs

Fixes a bug where only 64 char UUIDs were allowed. Also adds in an integration test.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Confirm there are two entries returned in sharding e2e test

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Fix regex

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Code review comments

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Bump github.com/spf13/viper from 1.11.0 to 1.12.0

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.11.0...v1.12.0

)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update cloud.google.com/go/storage / cloud.google.com/go/iam

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [github.com/go-openapi/validate](https://github.com/go-openapi/validate) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/go-openapi/validate/releases)
- [Commits](https://github.com/go-openapi/validate/compare/v0.21.0...v0.22.0

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/validate
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

ED25519 signatures are not supported with the hashedrekord type, though they are
supported with rekord. The reason is that ED25519 computes the digest as part of
its algorithm, so the original artifact is needed to verify a signature.

The previous error message was very unclear, complaining about a nil
message.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

* Bump github/codeql-action from 2.1.11 to 2.1.12

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/a3a6c128d771b6b9bdebb1c9d0583ebd2728a108...27ea8f8fe5977c00f5b37e076ab846c5bd783b96

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump ossf/scorecard-action from 1.1.0 to 1.1.1

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/5c8bc69dc88b65c66584e07611df79d3579b0377...3e15ea8318eee9b333819ec77a36aca8d39df13e

)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.2 to 1.47.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.46.2...v1.47.0

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) from 0.3.1 to 0.4.0.
- [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases)
- [Commits](https://github.com/secure-systems-lab/go-securesystemslib/compare/v0.3.1...v0.4.0

)

---
updated-dependencies:
- dependency-name: github.com/secure-systems-lab/go-securesystemslib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This way the e2e tests can be run again production to make sure it's running as expected. This will be useful for the upcoming cluster migration.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.66.5 to 1.66.6.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.66.5...v1.66.6

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version.

Signed-off-by: Daniel Haus <dhaus@redhat.com>

* Fix build issue.

Signed-off-by: Daniel Haus <dhaus@redhat.com>

Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.66.4 to 1.66.5.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.66.4...v1.66.5

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add changelog for 0.7.0 release

Signed-off-by: cpanato <ctadeu@gmail.com>

* update changelog

Signed-off-by: cpanato <ctadeu@gmail.com>

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/fcdc43634adb5f7ae75a9d7a9b9361790f7293e2...b22fbbc2921299758641fab08929b4ac52b32923

)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/c1aec4ac820532bab364f02a81873c555a0ba3a1...5c8bc69dc88b65c66584e07611df79d3579b0377

)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* store attestations by digest instead of by UUID

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix typo

Signed-off-by: Bob Callaway <bcallaway@google.com>

* remove github.com/pkg/errors

Signed-off-by: Bob Callaway <bcallaway@google.com>

* Bump google-github-actions/auth from 0.7.3 to 0.8.0

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.3 to 0.8.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/81012c2689e66f7f020ed6d8ab43596a0f8b503a...ceee102ec2387dd9e844e01b530ccd4ec87ce955

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/39e692fa323107ef86d8fdac0067ce647f239bd7...a9c83d3af6b9031e20feba03b904645bb23d1dab

)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump goreleaser/goreleaser-action from 2.9.1 to 3

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.9.1 to 3.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/b953231f81b8dfd023c58e0854a721e35037f28b...68acf3b1adf004ac9c2f0a4259e85c5f66e99bef

)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/6673cd052c4cd6fcf4b4e6e60ea986c889389535...3cea5372237819ed00197afe530f5a7ea3e805c8

)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* all: remove dependency on deprecated github.com/pkg/errors

$ pkgerrors -fix ./...
$ goimports -w .

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* all: fix missing convert

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/types/hashedrekord: fix lint sugggestion

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* go.mod: go mod tidy

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/types/hashedrekord: fix unconverted by pkgerrors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

Accidentally deleted in previous PR

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.2 to 0.7.3.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/dafc92490a98acbdec38e6eb649f05d55e632447...81012c2689e66f7f020ed6d8ab43596a0f8b503a

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

See #812 for more discussion.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.10 to 2.1.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/2f58583a1b24a7d3c7034f6bf9fa506d23b1183b...a3a6c128d771b6b9bdebb1c9d0583ebd2728a108

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/b258a9f230b36c9fa86dfaa43d1906bd76399edb...dafc92490a98acbdec38e6eb649f05d55e632447

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.0 to 1.46.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.46.0...v1.46.2

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/3f943b86c9a289f4e632c632695e2e0898d9d67d...39e692fa323107ef86d8fdac0067ce647f239bd7

)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>