notaryproject
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/build.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/release-github.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/release-github.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/scorecard.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/scorecard.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.goreleaser.yml‎
Lines changed: 3 additions & 2 deletions b/‎.goreleaser.yml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cmd/notation/cert/add.go‎
Lines changed: 1 addition & 1 deletion b/‎cmd/notation/cert/add.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cmd/notation/cert/delete.go‎
Lines changed: 1 addition & 1 deletion b/‎cmd/notation/cert/delete.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cmd/notation/cert/list.go‎
Lines changed: 1 addition & 1 deletion b/‎cmd/notation/cert/list.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cmd/notation/cert/show.go‎
Lines changed: 1 addition & 1 deletion b/‎cmd/notation/cert/show.go‎
Lines changed: 1 addition & 1 deletion
@@ -31,14 +31,14 @@ jobs:
       fail-fast: true
     steps:
       - name: Set up Go ${{ matrix.go-version }}
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: ${{ matrix.go-version }}
           check-latest: true
       - name: Check out code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Cache Go modules
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         id: go-mod-cache
         with:
           path: ~/go/pkg/mod
@@ -59,6 +59,6 @@ jobs:
             make e2e-covdata
           fi
       - name: Upload coverage to codecov.io
-        uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -44,13 +44,13 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Go ${{ matrix.go-version }} environment
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: ${{ matrix.go-version }}
           check-latest: true
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
         with:
           languages: go
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
@@ -33,7 +33,7 @@ jobs:
       fail-fast: true
     steps:
       - name: Set up Go ${{ matrix.go-version }}
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: ${{ matrix.go-version }}
           check-latest: true
@@ -46,10 +46,10 @@ jobs:
           pre_tag=`git tag --sort=-creatordate --list 'v*' | grep -v dev | head -2 | tail -1`
           echo "GORELEASER_PREVIOUS_TAG=$pre_tag" >> $GITHUB_ENV
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
+        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
         with:
           distribution: goreleaser
-          version: latest
+          version: v2
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -46,21 +46,21 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # tag=v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # tag=v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
           repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # tag=v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # tag=v4.6.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
         with:
           sarif_file: results.sarif
@@ -11,6 +11,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+version: 2
 builds:
   - main: ./cmd/notation
     id: notation
@@ -37,10 +38,10 @@ builds:
     ldflags:
       - -s -w -X {{.ModulePath}}/internal/version.Version={{.Version}} -X {{.ModulePath}}/internal/version.GitCommit={{.FullCommit}} -X {{.ModulePath}}/internal/version.BuildMetadata=
 archives:
-  - format: tar.gz
+  - formats: [ 'tar.gz' ]
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [ 'zip' ]
     files:
       - LICENSE
 release:
 
@@ -37,6 +37,7 @@ Notary Project is a [CNCF Incubating project](https://www.cncf.io/projects/notar
 - [Build Notation from source code](/building.md)
 - [Governance for Notary Project](https://github.com/notaryproject/.github/blob/master/GOVERNANCE.md)
 - [Maintainers and reviewers list](https://github.com/notaryproject/notation/blob/main/CODEOWNERS)
+- [Contributing Guide](https://github.com/notaryproject/.github/blob/main/CONTRIBUTING.md)
 - Regular conversations for Notary Project occur on the [Cloud Native Computing Slack](https://slack.cncf.io/) **notary-project** channel.
 
 ### Notary Project Community Meeting
 
@@ -56,7 +56,7 @@ Example - Add a certificate to the "tsa" type of a named store "timestamp":
 			return addCerts(opts)
 		},
 	}
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	command.MarkFlagRequired("type")
 	command.MarkFlagRequired("store")
 
@@ -67,7 +67,7 @@ Example - Delete certificate "wabbit-networks-timestamp.pem" with "tsa" type fro
 			return deleteCerts(opts)
 		},
 	}
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	command.Flags().BoolVarP(&opts.all, "all", "a", false, "delete all certificates in the named store")
 	command.Flags().BoolVarP(&opts.confirmed, "yes", "y", false, "do not prompt for confirmation")
 
@@ -63,7 +63,7 @@ Example - List all certificate files from trust store of type "tsa"
 		},
 	}
 	opts.LoggingFlagOpts.ApplyFlags(command.Flags())
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	return command
 }
 
@@ -66,7 +66,7 @@ Example - Show details of certificate "wabbit-networks-timestamp.pem" with type
 		},
 	}
 	opts.LoggingFlagOpts.ApplyFlags(command.Flags())
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	command.MarkFlagRequired("type")
 	command.MarkFlagRequired("store")
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ Example - Add a certificate to the "tsa" type of a named store "timestamp":`
`56`	`56`	`return addCerts(opts)`
`57`	`57`	`},`
`58`	`58`	`}`
`59`		`- command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")`
	`59`	`+ command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")`
`60`	`60`	`command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")`
`61`	`61`	`command.MarkFlagRequired("type")`
`62`	`62`	`command.MarkFlagRequired("store")`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ Example - Delete certificate "wabbit-networks-timestamp.pem" with "tsa" type fro`
`67`	`67`	`return deleteCerts(opts)`
`68`	`68`	`},`
`69`	`69`	`}`
`70`		`- command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")`
	`70`	`+ command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")`
`71`	`71`	`command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")`
`72`	`72`	`command.Flags().BoolVarP(&opts.all, "all", "a", false, "delete all certificates in the named store")`
`73`	`73`	`command.Flags().BoolVarP(&opts.confirmed, "yes", "y", false, "do not prompt for confirmation")`
Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ Example - List all certificate files from trust store of type "tsa"`
`63`	`63`	`},`
`64`	`64`	`}`
`65`	`65`	`opts.LoggingFlagOpts.ApplyFlags(command.Flags())`
`66`		`- command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")`
	`66`	`+ command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")`
`67`	`67`	`command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")`
`68`	`68`	`return command`
`69`	`69`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ Example - Show details of certificate "wabbit-networks-timestamp.pem" with type`
`66`	`66`	`},`
`67`	`67`	`}`
`68`	`68`	`opts.LoggingFlagOpts.ApplyFlags(command.Flags())`
`69`		`- command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")`
	`69`	`+ command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")`
`70`	`70`	`command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")`
`71`	`71`	`command.MarkFlagRequired("type")`
`72`	`72`	`command.MarkFlagRequired("store")`