From e8e735d90839e94233521b46d986826a60fb0d98 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 23 Jan 2025 19:49:25 +0000
Subject: [PATCH 1/3] build(deps): bump github.com/sigstore/timestamp-authority

Bumps the actions group in /.github with 1 update: [github.com/sigstore/timestamp-authority](https://github.com/sigstore/timestamp-authority).


Updates `github.com/sigstore/timestamp-authority` from 1.2.3 to 1.2.4
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/timestamp-authority/compare/v1.2.3...v1.2.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/timestamp-authority
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/go.mod | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/.github/go.mod b/.github/go.mod
index 56f2af9d3..3f38e2f01 100644
--- a/.github/go.mod
+++ b/.github/go.mod
@@ -1,11 +1,7 @@
 module sigstore/sigstore-python
 
 go 1.23
+toolchain go1.23.5
 
-require (
-    // We don't have a Go module here but this file is picked up by dependabot
-    // and this will automatically update the dependency when needed.
-
-    github.com/sigstore/timestamp-authority v1.2.3
-
-)
+// We don't have a Go module here but this file is picked up by dependabot
+// and this will automatically update the dependency when needed.

From cb978a4483bf8b80fdd8657e6b00d1abdf39ff43 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Thu, 23 Jan 2025 15:59:42 -0500
Subject: [PATCH 2/3] bump dep correctly

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 .github/go.mod | 5 ++++-
 .github/go.sum | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 .github/go.sum

diff --git a/.github/go.mod b/.github/go.mod
index 3f38e2f01..9c70ef9ad 100644
--- a/.github/go.mod
+++ b/.github/go.mod
@@ -1,7 +1,10 @@
 module sigstore/sigstore-python
 
-go 1.23
+go 1.23.1
+
 toolchain go1.23.5
 
 // We don't have a Go module here but this file is picked up by dependabot
 // and this will automatically update the dependency when needed.
+
+require github.com/sigstore/timestamp-authority v1.2.4
diff --git a/.github/go.sum b/.github/go.sum
new file mode 100644
index 000000000..42d5069e7
--- /dev/null
+++ b/.github/go.sum
@@ -0,0 +1,2 @@
+github.com/sigstore/timestamp-authority v1.2.4 h1:RjXZxOWorEiem/uSr0pFHVtQpyzpcFxgugo5jVqm3mw=
+github.com/sigstore/timestamp-authority v1.2.4/go.mod h1:ExrbobKdEuwuBptZIiKp1IaVBRiUeKbiuSyZTO8Okik=

From 6d90cb993c7306df42d2faa13c8f0525cb41826c Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Thu, 23 Jan 2025 16:02:14 -0500
Subject: [PATCH 3/3] fix awk variable

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 63874daa5..e15077189 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -65,7 +65,7 @@ jobs:
       - name: test (timestamp-authority)
         if: ${{ matrix.conf.os == 'ubuntu-latest' }}
         run: |
-          SIGSTORE_TIMESTAMP_VERSION=$(grep "github.com/sigstore/timestamp-authority" .github/go.mod | awk '{print $2}')
+          SIGSTORE_TIMESTAMP_VERSION=$(grep "github.com/sigstore/timestamp-authority" .github/go.mod | awk '{print $3}')
           wget https://github.com/sigstore/timestamp-authority/releases/download/${SIGSTORE_TIMESTAMP_VERSION}/timestamp-server-linux-amd64 -O /tmp/timestamp-server
           chmod +x /tmp/timestamp-server
           # Run the TSA in background