Andreas/mtg_python_deckbuilder
1
0
Fork 0
mirror of https://github.com/mwisnowski/mtg_python_deckbuilder.git synced 2026-04-05 20:57:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

feat: add SBOM generation and build provenance attestation to release workflows (#69)

Browse source 
* feat: add SBOM generation and build provenance attestation to release workflows

* docs: update release notes template with SBOM unreleased entry
This commit is contained in:
mwisnowski 2026-04-02 10:44:13 -07:00 committed by GitHub
parent 6d1d5a1822
commit 75184a5967
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 90 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
RELEASE_NOTES_TEMPLATE.md
View file

@ -1,9 +1,6 @@
# MTG Python Deckbuilder
## [Unreleased]
_No unreleased changes yet._
## [4.5.2] - 2026-04-01
### Added
- Hover-intent prefetch (`WEB_PREFETCH=1`): hovering the Open button on the Finished Decks page prefetches the deck view after 100 ms, making it load near-instantly. Off by default; Data Saver / slow connections are respected automatically.
- **SBOM & supply chain provenance**: Every tagged release now attaches source SBOMs (SPDX + CycloneDX JSON) for Python dependencies and a CycloneDX container image SBOM to the GitHub Release assets. Build provenance attestations (SLSA-style) are published for the multi-arch Docker image via the GitHub Attestations API. `provenance: mode=max` is enabled on all arch builds.