Bump github.com/tektoncd/triggers from 0.34.0 to 0.35.0

[dependabot]

Bumps github.com/tektoncd/triggers from 0.34.0 to 0.35.0.

Release notes

Sourced from github.com/tektoncd/triggers's releases.

Tekton Triggers release v0.35.0 "Tekton Triggers"

-Docs @ v0.35.0 -Examples @ v0.35.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/triggers/previous/v0.35.0/release.yaml
kubectl apply -f https://infra.tekton.dev/tekton-releases/triggers/previous/v0.35.0/interceptors.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a45203936a8966245d4ee1bb04114c3c9a7a8ed99eae1e452c4e75cd00bfe19eb

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a45203936a8966245d4ee1bb04114c3c9a7a8ed99eae1e452c4e75cd00bfe19eb
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/triggers/previous/${VERSION_TAG}/release.yaml
INTERCEPTORS_FILE=https://infra.tekton.dev/tekton-releases/triggers/previous/${VERSION_TAG}/interceptors.yaml
REKOR_UUID=108e9186e8c5677a45203936a8966245d4ee1bb04114c3c9a7a8ed99eae1e452c4e75cd00bfe19eb
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.35.0@sha256:" + .digest.sha256')
Download the release file
curl -L "$RELEASE_FILE" > release.yaml
curl -L "$INTERCEPTORS_FILE" >> release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

... (truncated)

Commits

• 8c160e2 Bump step-security/harden-runner from 2.14.1 to 2.14.2
• ae31f98 Bump github/codeql-action from 4.32.1 to 4.32.2
• e099e40 Bump the all group with 3 updates
• cabe3eb Bump actions/checkout from 6.0.1 to 6.0.2
• 3e09cdd Bump github/codeql-action from 4.31.8 to 4.32.0
• d826f4c Bump golangci/golangci-lint-action from 9.1.0 to 9.2.0
• 7375827 Bump actions/setup-go from 6.1.0 to 6.2.0
• 9ee239c Bump the all group with 4 updates
• 57526b2 Bump step-security/harden-runner from 2.14.0 to 2.14.1
• f5fef44 Bump actions/upload-artifact from 5.0.0 to 6.0.0
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
github.com/tektoncd/triggers	[< 0.26, > 0.25.1-0.20231222120246-0127ca12341d]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[tekton-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign pratap0007 after the PR has been reviewed.
You can assign the PR to them by writing /assign @pratap0007 in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment