- bump docker/login-action from 3.1.0 to 3.4.0
- bump docker/metadata-action from 5.5.1 to 5.7.0
- bump docker/setup-buildx-action from 3.3.0 to 3.10.0
- bump docker/build-push-action from 5.3.0 to 6.16.0
- bump sigstore/cosign-installer from 3.5.0 to 3.8.2
I believe chainguard no longer supports arm/v7. This was added at a
user's request I think that was running imageproxy on a raspberry pi or
something. I might switch to a different base image that does have
support, though it's annoying to have to do so. In the meantime, users
can always built the image themselves for other platforms.
This requires updating to a more recent version of golangci-lint, which
has some new failures. This removes those failing linters, and I'll
need to come back and look at those problems in a followup change.
apparently cosign doesn't like signing tags :)
WARNING: Image reference ghcr.io/willnorris/imageproxy:main uses a tag,
not a digest, to identify the image to sign.
This can lead you to sign a different image than the intended one.
Please use a digest (example.com/ubuntu@sha256:abc123...) rather than
tag (example.com/ubuntu:latest) for the input to cosign. The ability to
refer to images by tag will be removed in a future release.
