Releases: chainguard-dev/apko
Releases · chainguard-dev/apko
Release v0.19.0
What's Changed
- build(deps): bump chainguard.dev/sdk from 0.1.24 to 0.1.25 by @dependabot in #1301
- Delete a bunch of dead code by @jonjohnsonjr in #1306
- Keep apk modtime by @jonjohnsonjr in #1305
Full Changelog: v0.18.1...v0.19.0
Contributors
jonjohnsonjr and dependabot
Assets 20
Release v0.18.1
What's Changed
- Keep standalone DiscoverKeys function by @jonjohnsonjr in #1303
- build(deps): bump sigs.k8s.io/release-utils from 0.8.4 to 0.8.5 by @dependabot in #1300
- build(deps): bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot in #1304
- build(deps): bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by @dependabot in #1302
Full Changelog: v0.18.0...v0.18.1
Contributors
jonjohnsonjr and dependabot
Assets 20
Release v0.18.0
What's Changed
- build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.3 by @dependabot in #1217
- Create a command similar to
build-minirootfsfor CPIO by @mattmoor in #1177 - build(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by @dependabot in #1221
- build(deps): bump sigs.k8s.io/release-utils from 0.8.3 to 0.8.4 by @dependabot in #1220
- Migrate the configuration locking to
apko. by @mattmoor in #1222 - Merge architectures by @mattmoor in #1226
- Fix replacing symlinks by @jonjohnsonjr in #1225
- use retryable http client by default by @imjasonh in #1228
- Canonicalize the architecture. by @mattmoor in #1231
- build(deps): bump github.com/docker/docker from 24.0.9+incompatible to 26.1.4+incompatible in the go_modules group by @dependabot in #1232
- build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.3 to 4.0.4 by @dependabot in #1229
- build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @dependabot in #1233
- allow APK auth using assumable identity by @imjasonh in #1230
- build(deps): bump chainguard.dev/sdk from 0.1.21 to 0.1.22 by @dependabot in #1236
- build(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 by @dependabot in #1235
- build(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 by @dependabot in #1237
- build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 by @dependabot in #1238
- auth: Wrap errors by @jonjohnsonjr in #1241
- build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by @dependabot in #1240
- build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0 by @dependabot in #1239
- set basic chainguard auth by @imjasonh in #1242
- build(deps): bump step-security/harden-runner from 2.9.0 to 2.9.1 by @dependabot in #1243
- auth: Set username to "user" by @jonjohnsonjr in #1244
- build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @dependabot in #1246
- build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #1247
- build(deps): bump google.golang.org/api from 0.190.0 to 0.191.0 by @dependabot in #1249
- build(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible in the go_modules group by @dependabot in #1253
- build(deps): bump github.com/sigstore/cosign/v2 from 2.3.0 to 2.4.0 by @dependabot in #1245
- build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #1250
- build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 by @dependabot in #1252
- build(deps): bump chainguard.dev/sdk from 0.1.22 to 0.1.23 by @dependabot in #1251
- build(deps): bump github.com/chainguard-dev/clog from 1.4.0 to 1.5.0 by @dependabot in #1254
- Bust global caches by default in index tests by @jonjohnsonjr in #1255
- drop dependency on heredoc by @imjasonh in #1258
- remove custom log package, charm supports it now by @imjasonh in #1257
- drop dependency on go.lsp.dev/uri by @imjasonh in #1259
- Revert "drop dependency on go.lsp.dev/uri" by @imjasonh in #1262
- build(deps): bump google.golang.org/api from 0.191.0 to 0.192.0 by @dependabot in #1268
- build(deps): bump k8s.io/apimachinery from 0.30.3 to 0.31.0 by @dependabot in #1267
- build(deps): bump github/codeql-action from 3.26.0 to 3.26.1 by @dependabot in #1266
- Expose type of DefaultAuthenticators by @jonjohnsonjr in #1272
- build(deps): bump github/codeql-action from 3.26.1 to 3.26.2 by @dependabot in #1271
- Expose DiscoverKeys by @jonjohnsonjr in #1273
- Wire up chainctl stderr to os.Stderr by @jonjohnsonjr in #1274
- build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by @dependabot in #1280
- new command:
install-keysby @imjasonh in #1227 - build(deps): bump github/codeql-action from 3.26.3 to 3.26.4 by @dependabot in #1283
- build(deps): bump google.golang.org/api from 0.192.0 to 0.193.0 by @dependabot in #1282
- codeql needs security-events: write by @k4leung4 in #1281
- build(deps): bump google.golang.org/api from 0.193.0 to 0.194.0 by @dependabot in #1285
- build(deps): bump github/codeql-action from 3.26.4 to 3.26.5 by @dependabot in #1288
- build(deps): bump go.opentelemetry.io/otel/trace from 1.28.0 to 1.29.0 by @dependabot in #1286
- upgrade to golang 1.23 by @k4leung4 in #1278
- build(deps): bump google.golang.org/api from 0.194.0 to 0.195.0 by @dependabot in #1290
- build(deps): bump chainguard.dev/sdk from 0.1.23 to 0.1.24 by @dependabot in #1289
- auth: attempt CG auth if envs are configured by @imjasonh in #1279
- build(deps): bump github/codeql-action from 3.26.5 to 3.26.6 by @dependabot in #1291
- build(deps): bump golang.org/x/sys from 0.24.0 to 0.25.0 by @dependabot in #1294
- build(deps): bump google.golang.org/api from 0.195.0 to 0.196.0 by @dependabot in #1293
- Add LoongArch architecture definition by @kaniini in #1275
- build(deps): bump go.step.sm/crypto from 0.51.1 to 0.51.2 by @dependabot in #1292
- rsa256 by @xnox in #1256
- build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 by @dependabot in #1295
- build(deps): bump go.step.sm/crypto from 0.51.2 to 0.52.0 by @dependabot in #1296
- build(deps): bump go.opentelemetry.io/otel/trace from 1.29.0 to 1.30.0 by @dependabot in #1299
- build(deps): bump go.opentelemetry.io/otel from 1.29.0 to 1.30.0 by @dependabot in #1297
- build(deps): bump google.golang.org/api from 0.196.0 to 0.197.0 by @dependabot in #1298
New Contributors
Full Changelog: v0.17.0...v0.18.0
Contributors
xnox, imjasonh, and 5 other contributors
Assets 20
Release v0.17.0
What's Changed
- Simplify the resolution logic to use
expandapk.Splitby @mattmoor in #1186 - remove remote include feature by @imjasonh in #1191
- build(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 by @dependabot in #1187
- build(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in #1183
- build(deps): bump go.opentelemetry.io/otel/trace from 1.27.0 to 1.28.0 by @dependabot in #1188
- openssl on alpine(Riscv64) returns a different version causing ci failures by @ajayk in #1194
- index throws nil pointer when no auth set by @ajayk in #1193
- build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0 by @dependabot in #1196
- remove os-release from apko config by @imjasonh in #1190
- build(deps): bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3 by @dependabot in #1197
- build(deps): bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 by @dependabot in #1199
- Add build.MultiArch.BuildPackageLists by @jonjohnsonjr in #1201
- Faster NewPkgResolver and GetRepositoryIndexes by @jonjohnsonjr in #1202
- Simplify s6 stuff further by @mattmoor in #1204
- Have the Authenticator support returning errors by @mattmoor in #1205
- Add
MergeIntofor combiningImageConfigurations by @mattmoor in #1206 - Remove labels from names and URLs in lockfile by @egibs in #1163
- build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #1200
- build(deps): bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @dependabot in #1208
- build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 by @dependabot in #1210
- build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #1203
- build(deps): bump k8s.io/apimachinery from 0.30.2 to 0.30.3 by @dependabot in #1209
- build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in #1212
- build(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 by @dependabot in #1211
- build(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 by @dependabot in #1213
- copy annotations to config labels by @imjasonh in #1215
- Implement client-side APK discovery in
apkoby @mattmoor in #1216 - remove the concept of Assertions by @imjasonh in #1214
- begin a new APK client by @luhring in #1218
New Contributors
Full Changelog: v0.16.0...v0.17.0
Contributors
imjasonh, ajayk, and 5 other contributors
Assets 20
Release v0.16.0
What's Changed
- Example: Golang image base example with wolfi by @msfidelis in #1174
- build(deps): bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 by @dependabot in #1171
- build(deps): bump github.com/chainguard-dev/clog from 1.3.1 to 1.4.0 by @dependabot in #1176
- Make solving multi-architecture aware by @jonjohnsonjr in #1180
- Expose ignoreSignatures functionality to CLI and library consumers by @Kevin-Molina in #1179
- auth: refactor into Authenticator interface by @imjasonh in #1182
- Fix typo in DefaultAuthenticators by @jdolitsky in #1185
- Don't mutate accounts if base image is set by @sfc-gh-mhazy in #1184
New Contributors
- @msfidelis made their first contribution in #1174
- @Kevin-Molina made their first contribution in #1179
Full Changelog: v0.15.0...v0.16.0
Contributors
imjasonh, jdolitsky, and 5 other contributors
Assets 20
Release v0.15.0
What's Changed
- Add include-paths flag to build and lock. by @sfc-gh-mhazy in #1160
- build(deps): bump imjasonh/setup-crane from 0.3 to 0.4 by @dependabot in #1162
- build(deps): bump github.com/klauspost/compress from 1.17.8 to 1.17.9 by @dependabot in #1161
- build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 by @dependabot in #1158
- remove --log-policy flag by @imjasonh in #1168
- build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #1167
- build(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in #1166
- build(deps): bump k8s.io/apimachinery from 0.29.2 to 0.30.2 by @dependabot in #1165
- Plumb through the notion of build-time repositories. by @mattmoor in #1169
- build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot in #1170
- Skip over "." when creating directories by @jonjohnsonjr in #1172
Full Changelog: v0.14.9...v0.15.0
Contributors
imjasonh, mattmoor, and 3 other contributors
Assets 20
Release v0.14.9
Contributors
imjasonh and mark-thm
Assets 20
Release v0.14.8
What's Changed
- enable per-host auth by @imjasonh in #1149
- build(deps): bump golang.org/x/sys from 0.20.0 to 0.21.0 by @dependabot in #1150
- add test that images with old packages can build by @imjasonh in #1151
- build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in #1152
- build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by @dependabot in #1153
- unsplit go-apk by @imjasonh in #1143
- Fix some lints carried over from go-apk by @jonjohnsonjr in #1154
- Add expandapk.Split and use it by @jonjohnsonjr in #1156
Full Changelog: v0.14.7...v0.14.8
Contributors
imjasonh, jonjohnsonjr, and dependabot
Assets 20
Release v0.14.7
What's Changed
- build(deps): bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #1147
- ensure homedir respects non-defaults by @joshrwolf in #1148
Full Changelog: v0.14.6...v0.14.7
Contributors
dependabot and joshrwolf
Assets 20
Release v0.14.6
What's Changed
- support basic HTTP auth by @imjasonh in #1142
- This fixes the boolean logic to pass auth. by @mattmoor in #1144
- Pull in the auth fix in go-apk by @mattmoor in #1145
- plumb through HomeDir as optional build configuration by @joshrwolf in #1146
Full Changelog: v0.14.5...v0.14.6
Contributors
imjasonh, mattmoor, and joshrwolf