Releases: sigstore/scaffolding
v0.4.1
v0.4.0
What's Changed
-
Breaking change: remove
release.yaml
because for TUF you can not just do a simple kubectl apply. Replaced withsetup-scaffolding.sh
-
Increse Cloud SQL disk utilization threshold to 95% by @priyawadhwa in #193
-
Add prober check for Fulcio write endpoint by @priyawadhwa in #194
-
Add github action to run prober once when it's updated by @priyawadhwa in #195
-
actually pass through the mysql version to the module. by @k4leung4 in #197
-
Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #201
-
Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #203
-
Refactor alerts and fix prober error code alert by @priyawadhwa in #199
-
Bump tfsec/tfsec-sarif-action from 0.1.0 to 0.1.3 by @dependabot in #202
-
Bump github.com/sigstore/rekor from 0.7.0 to 0.8.0 by @dependabot in #207
-
Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 by @dependabot in #205
-
Bump github.com/sigstore/fulcio from 0.4.1 to 0.5.0 by @dependabot in #208
-
Allow custom URLs for Rekor/Fulcio for prober by @priyawadhwa in #209
-
raise version upper limit to allow terraform 1.2.0+ by @k4leung4 in #213
-
Add Rekor write endpoint to prober by @priyawadhwa in #214
-
add maintenance policy, avoid work hours for google maintenance by @k4leung4 in #215
-
Bump github.com/sigstore/rekor from 0.8.0 to 0.8.1 by @dependabot in #219
-
Bump sigs.k8s.io/release-utils from 0.6.0 to 0.7.1 by @dependabot in #216
-
raise allowed google provider version to 4.25 by @k4leung4 in #224
-
Bump github.com/sigstore/rekor from 0.8.1 to 0.8.2 by @dependabot in #226
-
Bump github/codeql-action from 2.1.12 to 2.1.14 by @dependabot in #225
-
increase timeout from 5 to 15min for argocd helm release. by @k4leung4 in #227
-
upgrade kubectl / helm terraform providers by @cpanato in #228
-
Add Terraform resource for TUF preprod bucket by @haydentherapper in #229
-
Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #230
-
Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 by @dependabot in #231
-
Bump github.com/sigstore/rekor from 0.8.2 to 0.9.0 by @dependabot in #232
-
Temporarily disable Rekor alert until we get around to fixing it by @priyawadhwa in #234
-
Bump github.com/sigstore/rekor from 0.9.0 to 0.9.1 by @dependabot in #237
-
Bump github.com/sigstore/fulcio from 0.5.0 to 0.5.1 by @dependabot in #236
-
Update prober alert metric names to Prometheus targets by @priyawadhwa in #238
-
Bump github/codeql-action from 2.1.15 to 2.1.16 by @dependabot in #240
-
Bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3 by @dependabot in #241
-
Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #243
-
Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #239
-
Allow creating alerts with multiple notification channels by @priyawadhwa in #249
-
Bump github.com/sigstore/cosign from 1.9.0 to 1.10.0 by @dependabot in #250
-
Bump github.com/google/trillian from 1.4.1 to 1.4.2 by @dependabot in #257
-
Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 by @dependabot in #254
-
Bump sigs.k8s.io/release-utils from 0.7.1 to 0.7.3 by @dependabot in #258
-
Bump github.com/sigstore/fulcio from 0.5.1 to 0.5.2 by @dependabot in #259
-
Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 by @dependabot in #256
-
Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #253
-
Bump github.com/sigstore/rekor from 0.9.1 to 0.10.0 by @dependabot in #255
-
add support for adding read replicas. can be used for failover by @k4leung4 in #251
-
use workload identity for external secret instead of service key. by @k4leung4 in #233
-
bump external-secrets api to v1beta1 now we are on v0.5.x by @k4leung4 in #260
-
plumb mysql replica configuration into sigstore module. by @k4leung4 in #261
-
Add a tuf server as well as repo management for tuf. by @vaikas in #262
-
remove token creator role for external secrets. by @k4leung4 in #264
-
Refactor the github action, test with tuf root. by @vaikas in #263
-
Bump github.com/sigstore/cosign from 1.10.0 to 1.10.1 by @dependabot in #270
-
Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #269
-
Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #271
-
Add job ttls, use setup-scaffolding for e2e tests, update getting-started.md by @vaikas in #267
Full Changelog: v0.3.0...v0.4.0
v0.3.0
What's Changed
- Bump k8s.io/apimachinery from 0.23.5 to 0.23.6 by @dependabot in #137
- Bump k8s.io/api from 0.23.5 to 0.23.6 by @dependabot in #139
- Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #135
- Bump hashicorp/setup-terraform from 1.4.0 to 2 by @dependabot in #134
- Bump k8s.io/client-go from 0.23.5 to 0.23.6 by @dependabot in #132
- Bump k8s.io/code-generator from 0.23.5 to 0.23.6 by @dependabot in #133
- Update setup-kind.sh by @loosebazooka in #142
- have always 1 pod running to avoid scale to 0 in ci by @cpanato in #143
- Bump github.com/sigstore/sigstore from 1.1.0 to 1.2.0 by @dependabot in #136
- fix: actions/cache by @embano1 in #141
- Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 by @dependabot in #146
- Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 by @dependabot in #144
- Bump github/codeql-action from 2.1.8 to 2.1.9 by @dependabot in #145
- Add Job for updating tree for sharding by @priyawadhwa in #147
- Bump docker/login-action from 1.14.1 to 2 by @dependabot in #148
- Make mysql instance name, and keys configurable in Terraform by @k4leung4 in #156
- allow configuring of mysql db name. by @k4leung4 in #157
- Add in a read-only prober across Rekor and Fulcio API endpoints by @priyawadhwa in #158
- Add alerts for sigstore prober to monitoring tf module by @priyawadhwa in #160
- make storage class and location configurable. by @k4leung4 in #159
- Bump github/codeql-action from 2.1.9 to 2.1.10 by @dependabot in #161
- Bump github.com/google/certificate-transparency-go from 1.1.2 to 1.1.3 by @dependabot in #165
- Bump actions/setup-go from 3.0.0 to 3.1.0 by @dependabot in #162
- pass correct var for tuf region. by @k4leung4 in #166
- Bind sigstore-prober KSA to GCP prometheus service account by @priyawadhwa in #167
- Set keyring iam to depend on service account to avoid error. by @k4leung4 in #168
- Add vars for mysql to allow matching prod migration instance. by @k4leung4 in #170
- More uptime alerts for rekor endpoints by @priyawadhwa in #155
- Fix alert documentation and set alignment period to 5m by @priyawadhwa in #172
- set service account to correct prometheus namespace by @k4leung4 in #173
- Add necessary permissions to prometheus SA to export to GCP monitoring by @priyawadhwa in #174
- allow specifying mysql dbname. by @k4leung4 in #175
- Alignment period for latency alerts should be 60 seconds by @priyawadhwa in #176
- Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #179
- Bump goreleaser/goreleaser-action from 2.9.1 to 3 by @dependabot in #178
- Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #177
- Bump google.golang.org/grpc from 1.45.0 to 1.46.2 by @dependabot in #164
- sync go mod by @cpanato in #184
- add flag to run one time and exit. by @k4leung4 in #181
- change default mysql version from 8.0 to 5.7 by @k4leung4 in #180
- update to go1.18 by @cpanato in #185
- Bump github.com/sigstore/rekor from 0.6.0 to 0.7.0 by @dependabot in #189
- Bump actions/setup-go from 3.1.0 to 3.2.0 by @dependabot in #186
- add pathremove cache, not needed by @cpanato in #192
New Contributors
Full Changelog: v0.2.9...v0.3.0
Thanks to all contributors!
v0.2.9
What's Changed
- bump kind node versions. by @k4leung4 in #126
- Add firewall to allow ingress webhook by @k4leung4 in #123
- Updated ctlog config to include CodeSigning usage. by @k4leung4 in #125
- Add checks in setup-kind for existing steps by @eddiezane in #122
- Bump instructions to use latest release (v0.2.8) and test with it. by @vaikas in #130
- Do not scale fulcio/rekor down to zero to prevent flakes when waiting for things to come up.
New Contributors
- @eddiezane made their first contribution in #122
Full Changelog: v0.2.8...v0.2.9
v0.2.8
What's Changed
- sync go module by @cpanato in #124
- Fetch only root certificate from cert chain by @haydentherapper in #111
- Add KMS key for Fulcio by @haydentherapper in #112
- fix missing variables for kms rekor/fulcio by @cpanato in #114
- Add presubmit test for "terraform validate" to the sigstore module by @priyawadhwa in #116
- use chainguard set of actions to avoid duplication by @cpanato in #113
- Split up KMS module keys into rekor and fulcio modules by @priyawadhwa in #117
- Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #118
- Bump github.com/sigstore/rekor from 0.5.0 to 0.6.0 by @dependabot in #121
- Bump github/codeql-action from 1 to 2.1.8 by @dependabot in #120
- Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 by @dependabot in #119
New Contributors
- @haydentherapper made their first contribution in #111
Full Changelog: v0.2.6...v0.2.8
v0.2.6
What's Changed
- Test with v0.2.5, update docs. by @vaikas in #89
- Add sigstore terraform for GCP by @priyawadhwa in #93
- Add in github action for terraform fmt and tfsec by @priyawadhwa in #98
- sigstore module depends on bastion module by @priyawadhwa in #97
- Add examples for signing and verifying an image, as well as by @vaikas in #94
- Mention there are TF templates, add pointer. by @vaikas in #96
- Resurrect trillian createdb by @k4leung4 in #92
- fix secret keys to match helm chart expectation. by @k4leung4 in #99
- Allow specifying the password to use for creating and encrypting keys and pems by @k4leung4 in #103
- change default cert registration info. by @k4leung4 in #104
- Make enabling CA service with Fulcio optional by @priyawadhwa in #101
- Bump actions/upload-artifact from 2 to 3 by @dependabot in #109
- Bump hashicorp/setup-terraform from 1.3.2 to 1.4.0 by @dependabot in #108
- pin versions using git commit instead of tags by @cpanato in #110
New Contributors
- @priyawadhwa made their first contribution in #93
- @k4leung4 made their first contribution in #92
Full Changelog: v0.2.5...v0.2.6
Thanks to all contributors!
v0.2.5
v0.2.4
What's Changed
******* @vaikas screwed up this release :) Do not use, there are no artifacts *******
- more detailed log for fulcio root cert fetch error by @tsl0922 in #84
- Start of an action to install kind,knative and sigstore pieces + tests. by @vaikas in #85
- rename inputs to be more consistent with others. by @vaikas in #86
- Test release with v0.2.3. by @vaikas in #87
- Use apko as base image and add version information by @cpanato in #88
New Contributors
Full Changelog: v0.2.3...v0.2.4
v0.2.3
What's Changed
- Bump docs release version to v0.2.2 and test with it. by @vaikas in #74
- Bump k8s.io/client-go from 0.23.4 to 0.23.5 by @dependabot in #76
- Bump k8s.io/code-generator from 0.23.4 to 0.23.5 by @dependabot in #79
- Bump github.com/go-openapi/runtime from 0.23.2 to 0.23.3 by @dependabot in #77
- Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #83
- Bump actions/cache from 2 to 3 by @dependabot in #82
- Starting to play with URLs in e2e tests. by @vaikas in #75
Full Changelog: v0.2.2...v0.2.3
Thanks to all contributors!
v0.2.2
What's Changed
- update license headers and add job to check the boilerplate by @cpanato in #69
- Bump google.golang.org/grpc from 1.44.0 to 1.45.0 by @dependabot in #71
- add shellcheck action job by @cpanato in #72
- Change job
check-oidc
name tosign-job
. by @vaikas in #73
Full Changelog: v0.2.1...v0.2.2