Fixes go.mod (#1304)

- Running go.mod changes the go version in go.mod because of go
  toolchain, hence this patch updates the go.mod

Signed-off-by: PuneetPunamiya <ppunamiy@redhat.com>

Copy release resources from main branch v0.23.x (#1292)

The release process in the main branch has been updated to use GitHub's
container registry for releases. This commit brings those changes to the
v0.23.x branch.

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>

Copy release resources from main branch v0.22.x (#1291)

The release process in the main branch has been updated to use GitHub's
container registry for releases. This commit brings those changes to the
v0.22.x branch.

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>

Bootstrap crc in github action (#1202)

Signed-off-by: PuneetPunamiya <ppunamiy@redhat.com>

Update base image used in ko build (#1205) (#1212)

The default base image, cgr.dev/chainguard/static, no longer provides
all the platforms the Chains controller claims support for.

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>

fix mapping between Status.Steps and Status.TaskSpec.Steps (#1188) (#…

…1203)

* fix mapping between Status.Steps and Status.TaskSpec.Steps (#1188)

* .github: add github-actions to dependabot… (#1194)

* .github: add github-actions to dependabot…

… so that we also get dependabot actions updates. Today, we seems to
be using deprecated actions.

Signed-off-by: Vincent Demeester <vdemeest@redhat.com>

* .github/workflows: update some action versions

Signed-off-by: Vincent Demeester <vdemeest@redhat.com>

---------

Signed-off-by: Vincent Demeester <vdemeest@redhat.com>

---------

Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
Co-authored-by: Vincent Demeester <vdemeest@redhat.com>

Fix flaky watch backend test (#1179)

Fixes #1178

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>

Fixes for v0.21.1 (#1134)

* Fix field names in generated json statement (#1129)

To keep backwards compatibility with previous struct versions (e.g, github.com/in-toto/in-toto-golang/in_toto) we have to use protojson.Marshal function to transform the struct to its json representation so the tags defined in the intoto.Statement are follow and applied to the resulting string.

(cherry picked from commit 3bf8cac)

* Fix no repeated subjects for v2alpha4 pipelineruns (#1130)

Change the pipelinerun v2alpha4 method that calculates the subjects to use `artifact.AppendSubjects` instead of `append` to avoid duplicated subjects.

(cherry picked from commit badc734)

* Calculate subjects per formatter (#1132)

* Calculate subjects per formatter

* Tests for new retrieve full uris in grafeas

(cherry picked from commit 750a98e)

PipelineRuns with v2alpha4 to process StepActions (#1118)

* Add new v2alpha4 version for PipelineRuns
This new version will now process the information from any associated StepAction from the executed PipelineRun when `artifacts.pipelinerun.enable-deep-inspection` is set to `true`.

Also, the way chains read results from PipelineRuns to populate the `subjects` field is changing: now the user has to explicitly mark a result as a subject using an object type-hinted tag (*ARTIFACT_OUTPUTS) + the new `isBuildArtifact` property in the value.

Refactors to share logic between v2alph3 and v2alpha4.

* Fix issue when reading *IMAGE_URL / *IMAGE_DIGEST type hint results when two or more tasks/steps are using the same prefix.

Expose performance options (#1083)

This allow admins to specify a few parameters to better suit their use
of Chains.

`--threads-per-controller` controls the number of concurrent threads the
Chains controller processes. The default value is 2.

`--kube-api-burst` controle the maximum burst for throttle.

`--kube-api-qps` controles the maximum QPS to the server from the
client.

The approach taken here is the same one used by the Tekton Pipeline
controller for the sake of consistency in the ecosystem.

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>