chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.5

[dependabot]

Bumps sigstore/cosign-installer from 3.0.1 to 3.0.5.

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.0.5

What's Changed

• download cosign releases from GitHub rather than GCS by @​bobcallaway in sigstore/cosign-installer#126

Full Changelog: sigstore/cosign-installer@v3.0.4...v3.0.5

v3.0.4

• Include fix for sigstore/cosign-installer#124

v3.0.3

What's Changed

• bump to cosign v2.0.2 by @​bobcallaway in sigstore/cosign-installer#119

Full Changelog: sigstore/cosign-installer@v3.0.2...v3.0.3

v3.0.2

What's Changed

• add --yes to example workflow by @​sebhoss in sigstore/cosign-installer#110
• Fix aarch64 action run by @​ananos in sigstore/cosign-installer#113
• Bump actions/checkout from 3.3.0 to 3.4.0 by @​dependabot in sigstore/cosign-installer#115
• Bump actions/setup-go from 3.5.0 to 4.0.0 by @​dependabot in sigstore/cosign-installer#114
• Bump actions/checkout from 3.4.0 to 3.5.0 by @​dependabot in sigstore/cosign-installer#116
• default cosign to v2.0.1 by @​cpanato in sigstore/cosign-installer#117

New Contributors

• @​sebhoss made their first contribution in sigstore/cosign-installer#110
• @​ananos made their first contribution in sigstore/cosign-installer#113

Full Changelog: sigstore/cosign-installer@v3...v3.0.2

Commits

• dd6b2e2 download cosign releases from GitHub rather than GCS (#126)
• 8e47e41 add --yes option to cosign sign (#125)
• 87f4580 Remove warning about OIDC signing being experimental (#123)
• 03d0fec Fix unsafe evaluation of inputs.use-sudo (#124)
• 46b5db7 use intermediate environment variables to avoid risks of script injection (#122)
• 84448ba we should rely upon the digests not the tags, typos (#121)
• 204a51a bump to cosign v2.0.2 (#119)
• 66dd3f3 Bump actions/checkout from 3.5.0 to 3.5.2 (#118)
• 9e9de22 default cosign to v2.0.1 (#117)
• 8348525 Bump actions/checkout from 3.4.0 to 3.5.0 (#116)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: -0.14 ⚠️

Comparison is base (1e7d8ad) 49.22% compared to head (abe2e17) 49.08%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #13639      +/-   ##
==========================================
- Coverage   49.22%   49.08%   -0.14%     
==========================================
  Files         248      249       +1     
  Lines       42828    43228     +400     
==========================================
+ Hits        21081    21220     +139     
- Misses      19648    19882     +234     
- Partials     2099     2126      +27     

see 37 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[crenshaw-dev]

/cherry-pick release-2.7

[crenshaw-dev]

Seems like it should be unrelated, but I'm consistently getting this:

time="2023-05-28T19:06:45Z" level=error msg="`../../dist/argocd app create test-helm-with-dependencies --repo file:///tmp/argo-e2e/testdata.git --helm-version  --dest-server https://kubernetes.default.svc/ --path helm-with-dependencies --project default --helm-pass-credentials --dest-namespace argocd-e2e--test-helm-with-dependencies-exrvi --plaintext --server 127.0.0.1:8088 --auth-token *** --insecure` failed exit status 20: time=\"2023-05-28T19:06:45Z\" level=fatal msg=\"rpc error: code = InvalidArgument desc = application spec for test-helm-with-dependencies is invalid: InvalidSpecError: Unable to generate manifests in helm-with-dependencies: rpc error: code = Unknown desc = `helm dependency build` failed exit status 1: WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/runner/.kube/config\\nWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/runner/.kube/config\\nError: no repository definition for @custom-repo. Please add them via 'helm repo add'\"" execID=e51fd

[gcp-cherry-pick-bot]

Cherry-pick failed with Merge error 0b289da7fe751fad47113ba5df491379c152601b into temp-cherry-pick-54afa9-release-2.7