2024-01-07 19:14:40 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Jan 07 18:08:16 UTC 2024 - opensuse_buildservice@ojkastl.de
|
|
|
|
|
|
|
|
- Update to version 0.5.5:
|
|
|
|
* build(deps): bump github.com/google/go-containerregistry
|
|
|
|
* bump upload/download github actions
|
|
|
|
* build(deps): bump google.golang.org/api from 0.152.0 to 0.154.0
|
|
|
|
* build(deps): bump github.com/lima-vm/lima from 0.18.0 to 0.19.1
|
|
|
|
* build(deps): bump github.com/containerd/containerd from 1.7.7
|
|
|
|
to 1.7.11
|
|
|
|
* build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to
|
|
|
|
5.11.0
|
|
|
|
* build(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0
|
|
|
|
* build(deps): bump cloud.google.com/go/storage from 1.35.1 to
|
|
|
|
1.36.0
|
|
|
|
* convert: sort packages alphabetically
|
|
|
|
* build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0
|
|
|
|
* build(deps): bump actions/setup-go from 4 to 5
|
|
|
|
* build(deps): bump github.com/kubescape/go-git-url from 0.0.25
|
|
|
|
to 0.0.26
|
|
|
|
* Set a default env var for GOMODCACHE.
|
|
|
|
* Pull in `go-apk` with `provider_priority` `ini` fix.
|
|
|
|
* Mark update.manual as an optional field.
|
|
|
|
* update release to add some clarification regarding the homebrew
|
|
|
|
|
2023-12-05 07:26:39 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Dec 05 06:06:45 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.5.4:
|
|
|
|
* build(deps): bump golang.org/x/sys from 0.14.0 to 0.15.0
|
|
|
|
* build(deps): bump chainguard.dev/apko
|
|
|
|
* build(deps): bump k8s.io/client-go from 0.28.3 to 0.28.4
|
|
|
|
* schema: update for new test pipeline configuration
|
|
|
|
* build(deps): bump github.com/klauspost/compress from 1.17.2 to
|
|
|
|
1.17.4
|
|
|
|
* build(deps): bump google.golang.org/api from 0.150.0 to 0.152.0
|
|
|
|
* fix issue
|
|
|
|
* cleanup: don't use pkg/errors
|
|
|
|
* fix bad merge.
|
|
|
|
* Default to package.name, but allow overrides, add example docs
|
|
|
|
for specifying which package, and version to test.
|
|
|
|
* argh, fix typo.
|
|
|
|
* Add tests, simplify code.
|
|
|
|
* e2e tests for `test` command.
|
|
|
|
* checkpoint.
|
|
|
|
* Add test command / implementation.
|
|
|
|
* alphabetize commands, add test.
|
|
|
|
* Refactor so can be used with test and build.
|
|
|
|
* config struct changes for test.
|
|
|
|
* Add autogenerated 'test' docs.
|
|
|
|
* make docs-repo
|
|
|
|
* remove unnecessary wait for testing
|
|
|
|
* support resource requests and timeouts
|
|
|
|
* UTC-ify source date epoch when set
|
|
|
|
* Fix capitalization of SBOM originators
|
|
|
|
* Fix the lint warnings in pkg/linter
|
|
|
|
* Fix lints, or ignore safe ones. No functional changes.
|
|
|
|
* prefix should be /usr
|
|
|
|
* Ensure jsonschema is kept up to date.
|
|
|
|
* Add jsonschema generation binary.
|
|
|
|
* build(deps): bump go.opentelemetry.io/otel from 1.20.0 to
|
|
|
|
1.21.0
|
|
|
|
* build(deps): bump k8s.io/apimachinery from 0.28.3 to 0.28.4
|
|
|
|
* build(deps): bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7
|
|
|
|
* fix and continuously validate SBOMs
|
|
|
|
* make docs-repo
|
|
|
|
* default --use-github=true
|
|
|
|
* fix docs
|
|
|
|
* convert python: don't overwrite existing files
|
|
|
|
* format manifests with yam
|
|
|
|
* fix docs for --runner
|
|
|
|
* improve 'melange convert python' to remove manual steps
|
|
|
|
|
2023-11-16 15:36:58 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Nov 16 14:23:15 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.5.3:
|
|
|
|
* Update release.md
|
|
|
|
* build(deps): bump golang.org/x/time from 0.3.0 to 0.4.0
|
|
|
|
* pipelines: go/build: add support for go.mod overlay files
|
|
|
|
* build(deps): bump cloud.google.com/go/storage from 1.33.0 to
|
|
|
|
1.35.1
|
|
|
|
* go mod tidy
|
|
|
|
* update go-apk dependency
|
|
|
|
* build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0
|
|
|
|
* build(deps): bump go.opentelemetry.io/otel from 1.19.0 to
|
|
|
|
1.20.0
|
|
|
|
* apply substitutions to .environment.contents.packages
|
|
|
|
* test runtime replacements
|
|
|
|
* build(deps): bump github.com/sigstore/cosign/v2 from 2.2.0 to
|
|
|
|
2.2.1
|
|
|
|
* build(deps): bump google.golang.org/api from 0.149.0 to 0.150.0
|
|
|
|
* go mod tidy
|
|
|
|
* use merged PR
|
|
|
|
* update dep
|
|
|
|
* use pushed PRs
|
|
|
|
* WIP: use forked alpine-go in go-apk
|
|
|
|
* move spammy logs to debugf
|
|
|
|
|
2023-11-09 18:06:33 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Nov 09 14:56:03 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.5.2:
|
|
|
|
* Update pkg/config/config.go
|
|
|
|
* GithubReleaseMonitor: add tagprefix and tagcontains to be used
|
|
|
|
in github tags filtering
|
|
|
|
* Plumb check configs through to linters
|
|
|
|
* Delete no-op sbom code
|
|
|
|
* remove unimplemented references to fulcio support
|
|
|
|
* fail if 'with' is used with 'runs'
|
|
|
|
* Error early if uses and runs are both present
|
|
|
|
* Get rid of PackageContext and SubpackageContext
|
|
|
|
* Remove impossible errors
|
|
|
|
* Make loadUse test actually test something
|
|
|
|
* Remove impossible errors
|
|
|
|
* build: use util.Dedup instead of slices.Compact
|
|
|
|
* util: bring back Dedup, slices.Collapse requires sorting
|
|
|
|
* Bump go-apk
|
|
|
|
* Filter out noise opening non-ELF files
|
|
|
|
* Bump go-apk and use faster tarfs implementation
|
|
|
|
* Add a test to ensure that ranges are handled properly.
|
|
|
|
* Add linters for #805 and #804.
|
|
|
|
* Refactor linting logic and clean things up
|
|
|
|
* Add SBOM linter
|
|
|
|
* build(deps): bump github.com/docker/docker
|
|
|
|
* build(deps): bump chainguard.dev/apko
|
|
|
|
* build(deps): bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6
|
|
|
|
* Add GID/UID remapping to improve permissions. Fix permission
|
|
|
|
issues resulting from running with the build user.
|
|
|
|
* Separate out package and build lints
|
|
|
|
* Add json tags to melange Configuration.
|
|
|
|
* Add python/test linter
|
|
|
|
* util: drop Dedup in favor of golang.org/x/exp/slices.Compact
|
|
|
|
* sca: fix compile by moving a few things around
|
|
|
|
* sca: move analyzer invocation into Analyze() function
|
|
|
|
* sca: implement abstract interface between build engine and sca
|
|
|
|
engine
|
|
|
|
* sca: pass FS into dependency generators rather than creating it
|
|
|
|
on demand
|
|
|
|
* sca: move out of package.go into sca.go as a first pass
|
|
|
|
* Rename Python linters to python/*
|
|
|
|
* readlinkfs: ignore security.selinux xattrs
|
|
|
|
* Add Python docs linter
|
|
|
|
* SCA: add python dependency generator
|
|
|
|
* linter: refactor check block generation in tests
|
|
|
|
* Improve linter diagnostic output
|
|
|
|
* Add GID/UID remapping to improve permissions. Fix permission
|
|
|
|
issues resulting from running with the build user.
|
|
|
|
* build(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0
|
|
|
|
* Fixups
|
|
|
|
* Handle .so files a little smarter
|
|
|
|
* Ignore all packages starting with _
|
|
|
|
* build(deps): bump google.golang.org/api from 0.147.0 to 0.148.0
|
|
|
|
* build(deps): bump k8s.io/client-go from 0.28.2 to 0.28.3
|
|
|
|
* build(deps): bump github.com/klauspost/compress from 1.17.1 to
|
|
|
|
1.17.2
|
|
|
|
* build(deps): bump chainguard.dev/apko
|
|
|
|
* build(deps): bump actions/checkout from 4.1.0 to 4.1.1
|
|
|
|
* Centralize SOURCE_DATE_EPOCH parsing.
|
|
|
|
* Run go fmt
|
|
|
|
* Exclude docs
|
|
|
|
* Exclude tests
|
|
|
|
* drop sync-issues-to-project-board.yaml not used anymore
|
|
|
|
* Exclude more files from Python multiple package linter
|
|
|
|
* Improve filtering and diagnostics
|
|
|
|
* Use the correct path for Python.
|
|
|
|
* Add multiple Python packages post-linter
|
|
|
|
* pipelines: add npm-install pipeline
|
|
|
|
* replace the fetch python url to more friendly URI
|
|
|
|
* Silence the linter
|
|
|
|
* Make empty linter work by disregarding directories and SBOM in
|
|
|
|
package linting
|
|
|
|
* Really shut up docs linter
|
|
|
|
* Docs changes/consistency fixes
|
|
|
|
* Document melange lint
|
|
|
|
* Module updates
|
|
|
|
* Resolve circular import
|
|
|
|
* Small fix
|
|
|
|
* Update go-apk dep
|
|
|
|
* Remove redundant package
|
|
|
|
* Update pkg/config/config.go
|
|
|
|
* Add basic test for APK linting
|
|
|
|
* Document the release steps.
|
|
|
|
* melange bump: move the reset / bump epoch logic up and inline
|
|
|
|
version
|
|
|
|
* melange bump: only reset the epoch if version changes, else
|
|
|
|
increment it
|
|
|
|
* Add APK linting.
|
|
|
|
* document full-version, add pointer to docs.
|
|
|
|
* Fix Typo
|
|
|
|
|
2023-10-19 07:57:28 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 19 05:46:49 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.5.1:
|
|
|
|
* build(deps): bump github.com/klauspost/compress from 1.17.0 to
|
|
|
|
1.17.1
|
|
|
|
* build(deps): bump google.golang.org/api from 0.146.0 to 0.147.0
|
|
|
|
* build(deps): bump github.com/lima-vm/lima from 0.17.2 to 0.18.0
|
|
|
|
* build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0
|
|
|
|
* Fix a bug where substitutions were not done for runtime.
|
|
|
|
* linter: fix a typo in package linting function
|
|
|
|
* build(deps): bump google.golang.org/api from 0.143.0 to 0.146.0
|
|
|
|
* go mod tidy to shut up linter
|
|
|
|
* Small cleanup
|
|
|
|
* Add function to lint APK files.
|
|
|
|
* build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0
|
|
|
|
* build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0
|
|
|
|
* Extricate config stuff from linter.
|
|
|
|
* build(deps): bump sigs.k8s.io/release-utils
|
|
|
|
* fix release url path
|
|
|
|
* update deprecated fields
|
|
|
|
* update with 0.5.0 changes
|
|
|
|
* Track vendored deps for .PKGINFO
|
|
|
|
|
2023-10-14 08:44:48 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat Oct 14 06:40:13 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.5.0:
|
|
|
|
* Enable linters to warn (via callback) instead of just failing.
|
|
|
|
* build(deps): bump github.com/package-url/packageurl-go
|
|
|
|
* build(deps): bump go.opentelemetry.io/otel from 1.18.0 to
|
|
|
|
1.19.0
|
|
|
|
* Add a PR checklist to melange.
|
|
|
|
* Fix yaml typo in linter docs
|
|
|
|
* nit: fix mistake in function docs
|
|
|
|
* Apply suggestions from code review
|
|
|
|
* Document disabling lints and when to do so.
|
|
|
|
* Update linter docs
|
|
|
|
* strip linter: properly close file
|
|
|
|
* Make improvements/suggestions
|
|
|
|
* Add stripped file linter
|
|
|
|
* update alpine-go to latest git to fix indexing
|
|
|
|
* pipelines: strip: use -g by default when stripping
|
|
|
|
* build(deps): bump google.golang.org/api from 0.142.0 to 0.143.0
|
|
|
|
* do not delete extensions and plugins with ruby/clean
|
|
|
|
* build(deps): bump k8s.io/api from 0.28.1 to 0.28.2
|
|
|
|
* build(deps): bump google.golang.org/api from 0.138.0 to 0.142.0
|
|
|
|
* build(deps): bump k8s.io/client-go from 0.28.1 to 0.28.2
|
|
|
|
* build(deps): bump github.com/opencontainers/image-spec
|
|
|
|
* build(deps): bump github.com/docker/docker
|
|
|
|
* build(deps): bump cloud.google.com/go/storage from 1.32.0 to
|
|
|
|
1.33.0
|
|
|
|
* build(deps): bump github.com/klauspost/compress from 1.16.7 to
|
|
|
|
1.17.0
|
|
|
|
* build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
|
|
|
|
* build(deps): bump actions/checkout from 4.0.0 to 4.1.0
|
|
|
|
* add docs for -compat packages
|
|
|
|
* Disable empty check on git-checkout
|
|
|
|
* build: refactor package linter invocation
|
|
|
|
* Refactor the linter into a submodule.
|
|
|
|
* Remove no provides check per @kaniini
|
|
|
|
* Respect subpackage no-provides
|
|
|
|
* Add post-file walk linting and empty package linting
|
|
|
|
* exa is dead, use mdbook as a rust CI test instead.
|
|
|
|
* bump apko to e9722fc
|
|
|
|
* build: do not run linters on skipped subpackages
|
|
|
|
* linter: when subpackages are linted use the subpackage name as
|
|
|
|
the package config name
|
|
|
|
* Only run worldwrite linter on regular files
|
|
|
|
* Add worldwrite linter
|
|
|
|
* Add dev, opt, and srv linters
|
|
|
|
* fix the arch
|
|
|
|
* Use Warnf over WARNING
|
|
|
|
* log and continue when .pc file can't be loaded
|
|
|
|
* fix the dir name as we already expect dir to be set explicit
|
|
|
|
* Disable linters on -compat packages
|
|
|
|
* Update build.yaml
|
|
|
|
* add goreleaser pipeline
|
|
|
|
* Unexport linter struct and linterFunc
|
|
|
|
* Don't export the linter map
|
|
|
|
* Add tests
|
|
|
|
* build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.1.2
|
|
|
|
* Bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0
|
|
|
|
* Bump docker/login-action from 2.2.0 to 3.0.0
|
|
|
|
* chore: remove CODEOWNERS file
|
|
|
|
* Add more linters
|
|
|
|
* Appease golint
|
|
|
|
* Fix tests
|
|
|
|
* Remove debugging print statement
|
|
|
|
* Implement subpackage linting
|
|
|
|
* Add package (but not subpackage) linting
|
|
|
|
* build(deps): bump golangci/golangci-lint-action from 3.6.0 to
|
|
|
|
3.7.0
|
|
|
|
* Update golangci-lint to 1.54
|
|
|
|
* git-checkout: Allow tags to matched annotated tag SHAs, don't
|
|
|
|
allow fuzzy matching of refs.
|
|
|
|
* build(deps): bump actions/checkout from 3.5.3 to 4.0.0
|
|
|
|
* Bump k8s test workflows to Go 1.21
|
|
|
|
* Bump go to 1.21
|
|
|
|
* pipeline: fix downward propagation to referenced external
|
|
|
|
pipeline nodes
|
|
|
|
* config: tests: add workdir propagation test
|
|
|
|
* remove cmake. Signed-off-by: Ville Aikas
|
|
|
|
<vaikas@chainguard.dev>
|
|
|
|
* forgot to remove one -dev
|
|
|
|
* Remove specifying the php-dev version.
|
|
|
|
* Add pecl pipelines for phpize & install. Signed-off-by: Ville
|
|
|
|
Aikas <vaikas@chainguard.dev>
|
|
|
|
* package: only constrain library search paths for provides
|
|
|
|
entries
|
|
|
|
* Fix some python generation issues:
|
|
|
|
* Refactor application of pipeline variables to config and add
|
|
|
|
tests
|
|
|
|
* Pipeline: make env overrides work recursively
|
|
|
|
* Add environment var overriding to the pipeline.
|
|
|
|
* Bump goreleaser/goreleaser-action from 4.3.0 to 4.6.0
|
|
|
|
* Bump actions/upload-artifact from 3.1.2 to 3.1.3
|
|
|
|
* package: constrain library SCA to library search paths only
|
|
|
|
* Replace the elements of the subpackage
|
|
|
|
* construct the package.full-version in higher context than just
|
|
|
|
pipeline.
|
|
|
|
* docs: fix link in pkg/build/pipelines/README.md
|
|
|
|
* docs: add documentation for built-in pipelines
|
|
|
|
* document / examples for ${{package.full-version}}
|
|
|
|
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
|
|
|
|
* add ${{package.full-version}} =
|
|
|
|
${{package.version}}-r${{package.epoch}} Signed-off-by: Ville
|
|
|
|
Aikas <vaikas@chainguard.dev>
|
|
|
|
* Changes from code review.
|
|
|
|
* config: copy all subpackage variables when doing a range
|
|
|
|
expansion
|
|
|
|
* feat: add output logs for the apkbuild converter
|
|
|
|
* Fix issue: #658 Signed-off-by: Ville Aikas
|
|
|
|
<vaikas@chainguard.dev>
|
|
|
|
* feat: add new Perl pipelines for install and clean
|
|
|
|
* package: just skip symlinks for now
|
|
|
|
* workflows: add ncurses to the presubmit test matrix
|
|
|
|
* package: dereference symlinks for aliased pkg-config modules
|
|
|
|
* Fix syntax in maven pipeline (and add test).
|
|
|
|
* more debug crap. Signed-off-by: Ville Aikas
|
|
|
|
<vaikas@chainguard.dev>
|
|
|
|
* remove debug crap. Signed-off-by: Ville Aikas
|
|
|
|
<vaikas@chainguard.dev>
|
|
|
|
* Environment is required, adjust the tests.
|
|
|
|
* Change GeneratedMelangeConfig to embed pkg/config/config
|
|
|
|
instead of redefining it.
|
|
|
|
* Change default python-version from 3.11 to 3.
|
|
|
|
* remove extra backtick.
|
|
|
|
* let's try again.
|
|
|
|
* update docs
|
|
|
|
* Bunch of lint fixes. No functional changes.
|
|
|
|
* Add a maven/configure-mirror pipeline to redirect to GCP.
|
|
|
|
* yikes, only 2 fatal lints... nice...
|
|
|
|
* update docs.
|
|
|
|
* Add flags for resolving git tags, release-monitoring
|
|
|
|
* Update pkg/build/pipelines/python/build-wheel.yaml
|
|
|
|
* Update pkg/build/pipelines/python/build-wheel.yaml
|
|
|
|
* add builtin pipelines for python
|
|
|
|
* update generated docs. Signed-off-by: Ville Aikas
|
|
|
|
<vaikas@chainguard.dev>
|
|
|
|
* remove unused vars. They do not have short form, so can use
|
|
|
|
this variant. Signed-off-by: Ville Aikas
|
|
|
|
<vaikas@chainguard.dev>
|
|
|
|
* Add --wolfi-defaults flag, clean up flag handling.
|
|
|
|
* readlinkfs: ignore some security-module specific xattrs
|
|
|
|
* feat: support --recurse-submodules in git clone
|
|
|
|
* Print the path to generated melange config.
|
|
|
|
* build(deps): bump go.opentelemetry.io/otel from 1.16.0 to
|
|
|
|
1.17.0
|
|
|
|
* build(deps): bump cloud.google.com/go/storage from 1.31.0 to
|
|
|
|
1.32.0
|
|
|
|
* build(deps): bump google.golang.org/api from 0.136.0 to 0.138.0
|
|
|
|
* build(deps): bump k8s.io/api from 0.28.0 to 0.28.1
|
|
|
|
* build(deps): bump github.com/lima-vm/lima from 0.17.0 to 0.17.2
|
|
|
|
* build(deps): bump k8s.io/client-go from 0.28.0 to 0.28.1
|
|
|
|
* Bump apko and fix everything I broke
|
|
|
|
* docs: typo in go-build example
|
|
|
|
* run make docs
|
|
|
|
* cli: index: add --signing-key, --source and --merge options
|
|
|
|
* default for github actions is bubblewwrap.
|
|
|
|
* update lint rule.
|
|
|
|
* Fix the links to commands, fix the URLs generated.
|
|
|
|
* sign: do not rename across device boundaries
|
|
|
|
* add --force option to recreate apk indexes with given
|
|
|
|
signatures
|
|
|
|
* pipelines: use ${{targets.contextdir}} where it makes sense
|
|
|
|
* pipeline: add ${{targets.package.foo}} expansions
|
|
|
|
* pipeline: add ${{targets.contextdir}}, representing the current
|
|
|
|
target dir
|
|
|
|
* Bump pkg-config again to actually pick up the openblas fix.
|
|
|
|
* Bump pkgconfig to pick up the openblas fix.
|
|
|
|
* feedback + verbiage from Erika.
|
|
|
|
* Set reasonable concurrency levels for pgzip
|
|
|
|
* appease linter
|
|
|
|
* support substitutions in provides lists
|
|
|
|
* Start of exhaustively documenting the build filele.
|
|
|
|
* plumb through SDE to EmitSignature
|
|
|
|
* add melange sign command, slightly refactor and make public the
|
|
|
|
signing methods
|
|
|
|
* add test for substituting needs.packages
|
|
|
|
* allow override go version for uses: go/build and go/install
|
|
|
|
* Support for setting context in .melange.k8s.yaml
|
|
|
|
* Add docs about custom pipelines, defining and using.
|
|
|
|
* build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
|
|
|
|
* Teach melange about the forthcoming version-transform block
|
|
|
|
* doc and lint revisions (#598)
|
|
|
|
* build(deps): bump google.golang.org/api from 0.134.0 to 0.136.0
|
|
|
|
* container: bubblewrap: do not defer closing files
|
|
|
|
* build(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0
|
|
|
|
* build(deps): bump github.com/lima-vm/lima from 0.16.0 to 0.17.0
|
|
|
|
* build(deps): bump github.com/google/go-containerregistry
|
|
|
|
* build: package: add pkgconf-based SCA to catalog SDKs which use
|
|
|
|
it
|
|
|
|
* Docstring typo fixes
|
|
|
|
* Docstring fixes
|
|
|
|
* Appease the go fmt Gods
|
|
|
|
* Test two var transforms at once
|
|
|
|
* Test var transforms on a basic level
|
|
|
|
* Add ${{build.arch}} as a possible variable in bump
|
|
|
|
* Make var transforms work in bump
|
|
|
|
* remove paralell test for TestKubernetesRunnerConfig
|
|
|
|
* add fail-fast to false
|
|
|
|
* update code running goimports
|
|
|
|
* add goimports
|
|
|
|
* publish brew formula during release
|
|
|
|
* update actions to use git hashes
|
|
|
|
* update golangci-lint to v1.53 series
|
|
|
|
* Adjust the var substitution stuff a bit
|
|
|
|
* Move var substitution stuff into config
|
|
|
|
* config: Change root to a pointer in the config struct, and add
|
|
|
|
an accessor
|
|
|
|
* renovate: update to use new config infrastructure
|
|
|
|
* build: Add root node to the config
|
|
|
|
* Appease the golangci-lint Gods
|
|
|
|
* build_test: fix tests in a better way
|
|
|
|
* Make all tests pass
|
|
|
|
* build: add parameter where one was missing
|
|
|
|
* build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to
|
|
|
|
5.8.1
|
|
|
|
* pipelines: meson/configure: explicitly invoke meson setup
|
|
|
|
action
|
|
|
|
* build(deps): bump github.com/docker/docker
|
|
|
|
* Refactor the config/logging stuff out of build
|
|
|
|
* build(deps): bump google.golang.org/api from 0.133.0 to 0.134.0
|
|
|
|
* build(deps): bump github.com/docker/docker
|
|
|
|
* Several fixes to k8s runner.
|
|
|
|
* build(deps): bump github.com/klauspost/pgzip from 1.2.5 to
|
|
|
|
1.2.6
|
|
|
|
* build(deps): bump google.golang.org/api from 0.129.0 to 0.133.0
|
|
|
|
* Remove `wget -q` from `fetch`
|
|
|
|
* add k8s runner config loading from envvars
|
|
|
|
* Log errors bundling, enable GGCR Warn/Progress logs
|
|
|
|
* Tweak the strip pipeline so that it never fails for deleted
|
|
|
|
files
|
|
|
|
* convert/python: check if release is found
|
|
|
|
* Make sure we log errors.
|
|
|
|
* Fix subpackage SBOM generation
|
|
|
|
* define constants for runners destination mount paths
|
|
|
|
* skip the cache mount for kubernetes runner builds
|
|
|
|
* Add more otel spans to k8s runner
|
|
|
|
* build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to
|
|
|
|
5.8.0
|
|
|
|
* build(deps): bump k8s.io/client-go from 0.27.3 to 0.27.4
|
|
|
|
* Avoid using pargzip for compression
|
|
|
|
* add a retryable (tgz) fetcher for the k8s runner
|
|
|
|
* Pod names must be RFC1123 compliant
|
|
|
|
* Correct the variable name in the patch pipeline
|
|
|
|
* pipelines: git-checkout: harden variable expansions
|
|
|
|
* pipelines: patch: refactor series/patches handling
|
|
|
|
* pipelines: fetch: harden variable expansions
|
|
|
|
* add retries to a subset of k8s runner exec failures
|
|
|
|
* delete builder pod post build by default
|
|
|
|
* properly pass workspace env/volumes to k8s builder pods
|
|
|
|
* use go-apk.FullFS for retrieving builder workspaces
|
|
|
|
* Finally fix python convert tests.
|
|
|
|
* Comment python test.
|
|
|
|
* add dir option to ruby pipelines as not all gemspecs live in
|
|
|
|
the root folder
|
|
|
|
* fix containerID for lima when tarring up
|
|
|
|
* lima startup issues fixed
|
|
|
|
* pull in apko with fix for blank SOURCE_DATE_EPOCH
|
|
|
|
* Change git-checkout depth default to 1
|
|
|
|
* workflows: wolfi-presubmit: use package/ instead of packages/
|
|
|
|
for package names
|
|
|
|
* build: package: forcibly treat libc as a shared library
|
|
|
|
* docs: explain how build cache works practically
|
|
|
|
* Bump apko dep to pick up otel spans
|
|
|
|
* Fix failing test for env var wipeout
|
|
|
|
* Add failing test for env var wipeout
|
|
|
|
* add otel spans
|
|
|
|
* build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1
|
|
|
|
* Remove use of deprecated WaitImmediate
|
|
|
|
* Add ! char to ignore.
|
|
|
|
* Add missing context propagation
|
|
|
|
* Rename index.Context to index.Index
|
|
|
|
* Rename Contexts to Builds
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat Oct 14 06:38:30 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.4.0:
|
|
|
|
* build(deps): bump github.com/opencontainers/image-spec
|
|
|
|
* add release notes for Melange 0.4.0
|
|
|
|
* build(deps): bump cloud.google.com/go/storage from 1.30.1 to
|
|
|
|
1.31.0
|
|
|
|
* build(deps): bump google.golang.org/api from 0.128.0 to 0.129.0
|
|
|
|
* appease linter for now
|
|
|
|
* update apko to 0.9.0
|
|
|
|
* build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0
|
|
|
|
* some small UX improvements for k8s runner
|
|
|
|
* build(deps): bump github.com/package-url/packageurl-go
|
|
|
|
* update apko and go-apk to use pinned deps correctly
|
|
|
|
* build: scan subpackage pipelines for dependencies
|
|
|
|
* add a split/debug pipeline
|
|
|
|
* ensure bundles are rooted correctly
|
|
|
|
* build(deps): bump google.golang.org/api from 0.125.0 to 0.127.0
|
|
|
|
* build(deps): bump actions/checkout from 3.5.2 to 3.5.3
|
|
|
|
* add a kubernetes pod runner
|
|
|
|
* build(deps): bump docker/login-action from 2.1.0 to 2.2.0
|
|
|
|
* build(deps): bump golangci/golangci-lint-action from 3.4.0 to
|
|
|
|
3.6.0
|
|
|
|
* build(deps): bump goreleaser/goreleaser-action from 4.2.0 to
|
|
|
|
4.3.0
|
|
|
|
* add strip prefix and suffix update config for release monitor
|
|
|
|
* import apko and go-apk with better debug logging
|
|
|
|
* Switch from calling Glob to two Stats
|
|
|
|
* workflows: add wolfi-presubmit
|
|
|
|
* cli: build: fix destination variable for --apk-cache-dir
|
|
|
|
* build: PopulateCache: do not populate the cache dir when it is
|
|
|
|
empty
|
|
|
|
* fix apk caching directory
|
|
|
|
* import apko and go-apk with package caching
|
|
|
|
* Change the default for delete to false.
|
|
|
|
* pipeline: fetch: optionally delete fetched artifacts after
|
|
|
|
unpacking
|
|
|
|
* cond: allow underscores and capitalization in variable
|
|
|
|
expressions
|
|
|
|
* run tests with race detector
|
|
|
|
* warn and fallback to SOURCE_DATE_EPOCH=0 when specified but
|
|
|
|
empty
|
|
|
|
* index: use deep copy when loading pre-existing index data
|
|
|
|
* build(deps): bump github.com/lima-vm/lima from 0.14.2 to 0.16.0
|
|
|
|
* build(deps): bump actions/setup-go from 4.0.0 to 4.0.1
|
|
|
|
* index: appease linter by moving the deferred close to after the
|
|
|
|
error check
|
|
|
|
* build(deps): bump github.com/containerd/containerd from 1.6.15
|
|
|
|
to 1.6.18
|
|
|
|
* build: generate APKINDEX.json when writing packages index
|
|
|
|
* index: add WriteJSONIndex function
|
|
|
|
* index: split out the indexing logic itself to UpdateIndex
|
|
|
|
* index: WriteArchiveIndex: use destination file path as primary
|
|
|
|
input
|
|
|
|
* index: use SourceIndexFile for loading index data rather than
|
|
|
|
IndexFile
|
|
|
|
* index: factor out loading of pre-existent indices and index
|
|
|
|
state management
|
|
|
|
* index: factor out index writing into WriteArchiveIndex
|
|
|
|
* Bump apko and fix what that breaks
|
|
|
|
* add wolfictl
|
|
|
|
* upgrade alpine-lima to 3.18
|
|
|
|
* Allow uppercase and plus, allow numbers as first char
|
|
|
|
* Validate configuration at the end of parsing
|
|
|
|
* Remove secfixes and advisories altogether
|
|
|
|
* include filename when parsing fails
|
|
|
|
* Require that build config YAML has only known fields
|
|
|
|
* Refactor tests for configuration load method
|
|
|
|
* build(deps): bump google.golang.org/api from 0.119.0 to 0.123.0
|
|
|
|
* readlinkfs: implement go-apk fs.XattrFS interfaces
|
|
|
|
* Pull in the latest go-apk for xattrs support
|
|
|
|
* build(deps): bump github.com/docker/docker
|
|
|
|
* Pull in index builddate support.
|
|
|
|
* Install should first build melange binary...
|
|
|
|
* Make makefile work on Mac and Linux.
|
|
|
|
* build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.5
|
|
|
|
* add a boolean so built in melange pipelines can be used in
|
|
|
|
subpackages as they need to write to a different target folder
|
|
|
|
* ensure range data replaces `with` options during a pipeline
|
|
|
|
* Update README.md
|
|
|
|
* Update distroless references
|
|
|
|
* default for mac is docker, not bwrap
|
|
|
|
* add extra logging when runner fails to TestUsability
|
|
|
|
* Add go vendor support to the go build pipeline.
|
|
|
|
* add multiple runner options
|
|
|
|
* use latest version of melange in lima configuration file
|
|
|
|
* Set `builddate` in our `.PKGINFO` control data.
|
|
|
|
* add field docs
|
|
|
|
* build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0
|
|
|
|
* pipelines: patch: add support for quilt patch-series files
|
|
|
|
* Add an optional "deps" paramter to the go/build pipeline.
|
|
|
|
* chore: signing issues
|
|
|
|
* chore: corrections in mac instructions
|
|
|
|
* chore: corrections in mac instructions
|
|
|
|
* build: package: skip SONAME analysis when ELF interpreter
|
|
|
|
setting is present
|
|
|
|
* Add trimpath to the go pipeline.
|
|
|
|
* update docs
|
|
|
|
* build: add support for configurable logging policies
|
|
|
|
* Add name method to build config
|
|
|
|
* build(deps): bump gitlab.alpinelinux.org/alpine/go
|
|
|
|
* move signing funcs to rely on external go-apk library
|
|
|
|
* use go-apk library instead of apko
|
|
|
|
* update alpine-go to include replaces hotfix
|
|
|
|
* simplify DataItems to use the builtin marshallable map type
|
|
|
|
* add `ignore-regex-patterns` update config to indicate you want
|
|
|
|
to ignore string patterns that match an upstream version
|
|
|
|
* add a strip-suffix: key to melange update struct to indicate
|
|
|
|
stripping a suffix from an upstream GitHub version
|
|
|
|
* bump to latest apko which handles file overwrites
|
|
|
|
* cli: build: warn when no work to do instead of throwing an
|
|
|
|
error
|
|
|
|
* build(deps): bump github.com/docker/docker
|
|
|
|
* upgrade apko to 20230421 snapshot
|
|
|
|
* build(deps): bump google.golang.org/api from 0.116.0 to 0.119.0
|
|
|
|
* build: update tests to use apko log.Logger
|
|
|
|
* build: use apko_log.Logger everywhere
|
|
|
|
* build: logger: conform to apko_log.Logger shape
|
|
|
|
* adapt to new apko logging framework
|
|
|
|
* update apko dependency to 20230420 snapshot
|
|
|
|
* update apko dependency to 20230419 snapshot
|
|
|
|
* config parsing: fix handling of filesystems
|
|
|
|
* bump test: fix panic by requiring no error
|
|
|
|
* Stop repeating errors on build command
|
|
|
|
* build(deps): bump actions/checkout from 3.5.0 to 3.5.2
|
|
|
|
* fix 403 error when melange bumping some packages,
|
|
|
|
https://www.netfilter.org for example needs it
|
|
|
|
* update apko to 20230413 snapshot
|
|
|
|
* Print full uri to debug file download errors
|
|
|
|
* Do not depend on concrete logger
|
|
|
|
* pipelines: autoconf/make-install: delete all GNU libtool
|
|
|
|
metadata files
|
|
|
|
* remove flawed test
|
|
|
|
* build: package: append subpackages to build log
|
|
|
|
* Use formatted YAML encoder from yam
|
|
|
|
* build: readlinkfs: chase apko ReadlinkFS API break
|
|
|
|
* upgrade apko snapshot to 20230411
|
|
|
|
* build(deps): bump google.golang.org/api from 0.114.0 to 0.116.0
|
|
|
|
* build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2
|
|
|
|
* go mod tidy again
|
|
|
|
* index: convert to using logrus
|
|
|
|
* build: package: use logrus.Entry for logging
|
|
|
|
* update apko for formatting fixes
|
|
|
|
* build: remove actualArchs variable, no longer used
|
|
|
|
* fix tests
|
|
|
|
* container: use warning level for stderr output
|
|
|
|
* pipeline: downgrade dumpWith() to use debug level
|
|
|
|
* switch to using logrus
|
|
|
|
* update to apko git
|
|
|
|
* feat: send useragent in HTTP requests
|
|
|
|
* export mutate functions as these are very useful to be called
|
|
|
|
outside of the build package
|
|
|
|
* warn if target-architecture:['all'], remove from examples
|
|
|
|
* feat: respect target-architecture to filter archs
|
|
|
|
* index: rework architecture filtering
|
|
|
|
* update docs
|
|
|
|
* build(deps): bump actions/add-to-project from 0.4.1 to 0.5.0
|
|
|
|
* cli: index: add --arch flag
|
|
|
|
* index: print warning and skip packages which do not match the
|
|
|
|
expected architecture
|
|
|
|
* index: add ExpectedArch to index.Context
|
|
|
|
* add a `update.manual:` key to indicate a package should be
|
|
|
|
manually updated
|
|
|
|
* fix: log package new names+versions when regenerating index
|
|
|
|
* make original test commit sha different from the new expected
|
|
|
|
sha to ensure test works
|
|
|
|
* melange bump: optional flag to modify git-checkout pipeline
|
|
|
|
expected-commit value
|
|
|
|
* Bump apko to pick up busybox detection fix.
|
|
|
|
* Fix goreleaser cosign flags
|
|
|
|
* package: allow any library which has a SONAME to be a provider
|
|
|
|
* build: fix SBOM language gathering for subpackage pipelines
|
|
|
|
* package: ensure the package output directories always exist for
|
|
|
|
scanning
|
|
|
|
* build: introduce Context.IsBuildLess and skip a lot of
|
|
|
|
setup/teardown for buildless packages
|
|
|
|
* build: allow a package to be defined without a pipeline
|
|
|
|
* Add darwin goreleaser target (macOS)
|
|
|
|
* fix build
|
|
|
|
* release image after the binary
|
|
|
|
* update makefile
|
|
|
|
* cleanup goreleaser and ko config
|
|
|
|
* clean up, update version comments for ci jobs
|
|
|
|
* upgrade to use go1.20
|
|
|
|
* upgrade alpine pkgs lima
|
|
|
|
|
2023-04-03 15:03:36 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Apr 03 12:43:01 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
- Update to version 0.3.2:
|
|
|
|
* Fix goreleaser cosign flags, add NEWS for melange 0.3.2
|
|
|
|
* add NEWS for melange 0.3.1
|
|
|
|
* package: allow any library which has a SONAME to be a provider
|
|
|
|
* Add darwin goreleaser target (macOS)
|
|
|
|
* update NEWS for melange 0.3.0.
|
|
|
|
* update to apko 0.7.3 release
|
|
|
|
* pipelines: fetch: use wget quiet mode
|
|
|
|
* build: check for signing key existence before using it
|
|
|
|
* build: package: do not add interpreter dependency when
|
|
|
|
no-depends option is enabled
|
|
|
|
* docs: fix baseurl for melange reference in generated docs
|
|
|
|
* directly parse configuration for query
|
|
|
|
* add query and package-version commands
|
|
|
|
* build: use realpath to determine cache dir bindmount source
|
|
|
|
* refresh docs for --cache-source
|
|
|
|
* cli: add --cache-source option
|
|
|
|
* build: use CacheSource to define the bucket to pull cached
|
|
|
|
sources from
|
|
|
|
* build: change default cache directory to ./melange-cache
|
|
|
|
* build: add CacheSource option to context
|
|
|
|
* Hookup user and accounts in the environment.
|
|
|
|
* build(deps): bump cloud.google.com/go/storage from 1.30.0 to
|
|
|
|
1.30.1
|
|
|
|
* build(deps): bump google.golang.org/api from 0.113.0 to 0.114.0
|
|
|
|
* build(deps): bump actions/checkout from 3.3.0 to 3.5.0
|
|
|
|
* refresh docs
|
|
|
|
* cli: build: add --debug flag
|
|
|
|
* build: pipeline: if Context.Debug is enabled, add set -x to all
|
|
|
|
pipelines
|
|
|
|
* build: add Debug option to Context
|
|
|
|
* build: use cond.Subst instead of replacers
|
|
|
|
* cond: subst: variable names can have dashes
|
|
|
|
* cond: subst: add goparsify-based variable substitution
|
|
|
|
implementation
|
|
|
|
* cond: parser: test: add variable lookup with whitespace test
|
|
|
|
* parser: use newer fork of goparsify
|
|
|
|
* add codeowners
|
|
|
|
* add Update struct for identifying how a melange package can be
|
|
|
|
updated
|
|
|
|
* add `var-transforms` for manipulation of variables using
|
|
|
|
regular expressions
|
|
|
|
* pipelines: git-checkout: use tempdir for doing the initial
|
|
|
|
clone
|
|
|
|
* pipelines: git-checkout: mark clone directory as a safe
|
|
|
|
directory for git
|
|
|
|
* update ruby pipelines with usability features
|
|
|
|
* add an optional flag to generate a packages.log containing list
|
|
|
|
of packages + subpackages that were actuall built by `melange
|
|
|
|
build`
|
|
|
|
* Try to fix a strange index generation bug.
|
|
|
|
* build(deps): bump actions/setup-go from 3.5.0 to 4.0.0
|
|
|
|
* container: fixes to handle /sbin/ldconfig not being present,
|
|
|
|
e.g. on musl
|
|
|
|
* container: run ldconfig when bringing up a build environment
|
|
|
|
* update to latest apko git
|
|
|
|
* build(deps): bump google.golang.org/api from 0.111.0 to 0.113.0
|
|
|
|
* build(deps): bump cloud.google.com/go/storage from 1.29.0 to
|
|
|
|
1.30.0
|
|
|
|
* update apko to latest git
|
|
|
|
* pipeline: only run mkdir -p if absolutely needed
|
|
|
|
* build(deps): bump github.com/go-git/go-git/v5 from 5.6.0 to
|
|
|
|
5.6.1
|
|
|
|
* update docs
|
|
|
|
* run go mod tidy
|
|
|
|
* pkg: convert: fix tests to use upstream ImageContents type
|
|
|
|
* build: package: use internal readlinkFS, old apko fs package
|
|
|
|
was deprecated
|
|
|
|
* build: add minimal internal readlinkfs implementation
|
|
|
|
* convert: use upstream ImageContents type, added in apko 0.7.0
|
|
|
|
* build: use normal os.DirFS for filesystem walking
|
|
|
|
* upgrade to apko 0.7.2 git
|
|
|
|
* build: remove --use-proot option
|
|
|
|
* lint
|
|
|
|
* move convert related packages under convert as subpackages
|
|
|
|
* container: bubblewrap runner: use --new-session to mitigate
|
|
|
|
CVE-2017-5226
|
|
|
|
* autoconf: always define the GNU host and build triplets in
|
|
|
|
configure step
|
|
|
|
* update docs
|
|
|
|
* add more context for the experimental commands
|
|
|
|
* add shell completion and move common flags to top level
|
|
|
|
* move wolfios to its own package
|
|
|
|
* add same convert options to higher leve
|
|
|
|
* fix lint and tests
|
|
|
|
* fix tests
|
|
|
|
* add convert subcommand
|
|
|
|
* docs: ensure docs are up to date in CI
|
|
|
|
* add melange docs
|
|
|
|
* change --out-dir to not depend on cwd
|
|
|
|
* accept dependabot's GPG key for commit signing CI check
|
|
|
|
* package: only use base soname when generating runtime
|
|
|
|
dependencies across symlinks
|
|
|
|
* build(deps): bump github.com/stretchr/testify from 1.8.1 to
|
|
|
|
1.8.2
|
|
|
|
* add omitempty to some fields
|
|
|
|
* build(deps): bump google.golang.org/api from 0.110.0 to 0.111.0
|
|
|
|
* build(deps): bump github.com/go-git/go-git/v5 from 5.5.2 to
|
|
|
|
5.6.0
|
|
|
|
* build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1
|
|
|
|
* remove self-provided dependencies from the runtime dependency
|
|
|
|
set
|
|
|
|
* build(deps): bump github.com/openvex/go-vex
|
|
|
|
* build: package: dereference symlinks across packages and read
|
|
|
|
the real DT_SONAME instead of guessing
|
|
|
|
* build: configuration: add support for variable substitution in
|
|
|
|
more places
|
|
|
|
* apply refactoring suggestions from go linter
|
|
|
|
* build: also apply if-conditionals when generating the package
|
|
|
|
index
|
|
|
|
* build: also apply subpkg if-conditionals when emitting packages
|
|
|
|
and SBOMs
|
|
|
|
* examples: add example outlining the new option-related features
|
|
|
|
* build: implement if-conditionals for subpackages
|
|
|
|
* build: pipeline: add option enabled variables
|
|
|
|
* build: build option: patch the variables and environment
|
|
|
|
configuration
|
|
|
|
* build: use BuildOption.Apply to apply configuration patches
|
|
|
|
from build options
|
|
|
|
* build: build_option: add Apply stub
|
|
|
|
* cli: build: add --build-option to configure the enabled build
|
|
|
|
options
|
|
|
|
* build: add WithEnabledBuildOptions context option
|
|
|
|
* build: add BuildOptions map to Configuration
|
|
|
|
* build: add BuildOption types
|
|
|
|
* package: ensure we are operating only on a basename when
|
|
|
|
generating symlink deps
|
|
|
|
* package: detect shared library dependencies for .so symlinks
|
|
|
|
* build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
|
|
|
|
* build(deps): bump google.golang.org/api from 0.109.0 to 0.110.0
|
|
|
|
* Add ruby pipelines for gem install, build and clean
|
|
|
|
* build: package: add support for defining "replaces"
|
|
|
|
relationships
|
|
|
|
* package: findInterpreter: chop trailing nul from interpBuf
|
|
|
|
* package: deal with musl interpreter being a symlink back to
|
|
|
|
itself
|
|
|
|
* package: ensure PT_INTERP is always added as an explicit
|
|
|
|
dependency
|
|
|
|
* build(deps): bump github.com/docker/docker
|
|
|
|
* build(deps): bump github.com/joho/godotenv from 1.4.0 to 1.5.1
|
|
|
|
* build(deps): bump google.golang.org/api from 0.108.0 to 0.109.0
|
|
|
|
* build(deps): bump github.com/docker/docker
|
|
|
|
* git-checkout: fix tags
|
|
|
|
* use merge option to speed up apkindex generation when build
|
|
|
|
* just warn if no branch or tag specified
|
|
|
|
* build(deps): bump goreleaser/goreleaser-action from 4.1.0 to
|
|
|
|
4.2.0
|
|
|
|
* build(deps): bump github.com/google/go-containerregistry
|
|
|
|
* Revert "Generate build environment SBOM"
|
|
|
|
* add expected-commit to git-checkout
|
|
|
|
* Update README to mention wolfi.
|
|
|
|
* cli: add --vars-file option to support loading build variables
|
|
|
|
from an external source
|
|
|
|
* build: add WithVarsFile and WithVarsFileForParsing options
|
|
|
|
* examples: add variable substitution example
|
|
|
|
* pipeline: handle ${{vars}} block as expected
|
|
|
|
* build: add variables block to build configuration struct
|
|
|
|
* build(deps): bump cloud.google.com/go/storage from 1.28.1 to
|
|
|
|
1.29.0
|
|
|
|
* examples: add working-directory example
|
|
|
|
* pipeline: ensure the working-directory is created before using
|
|
|
|
it
|
|
|
|
* pipeline: propagate WorkDir to subpipelines
|
|
|
|
* pipeline: set working directory when evaluating pipeline "runs"
|
|
|
|
entries
|
|
|
|
* build: add Pipeline.WorkDir definition
|
|
|
|
* build(deps): bump google.golang.org/api from 0.107.0 to 0.108.0
|
|
|
|
* build(deps): bump github.com/docker/docker
|
|
|
|
* build(deps): bump golangci/golangci-lint-action from 3.3.1 to
|
|
|
|
3.4.0
|
|
|
|
* go mod tidy to drop chainguard/vex
|
|
|
|
* Switch VEX dependency to openvex
|
|
|
|
* allow provider priority to be configured
|
|
|
|
* build(deps): bump google.golang.org/api from 0.106.0 to 0.107.0
|
|
|
|
* Wire logger from SBOM generator to impl
|
|
|
|
* Escape invalid identifier chars
|
|
|
|
* Fix build sbom name in subpackages
|
|
|
|
* Fix bug where package verification was wrong
|
|
|
|
* build sbom: Add relationships to produced SBOMs
|
|
|
|
* Update protobom to support dl location
|
|
|
|
* Build SBOM: Generate package with apks
|
|
|
|
* Trigger build SBOM generation, reuse write
|
|
|
|
* Passs guest directory to sbom spec
|
|
|
|
* Refactor SBOM spec for reuse
|
|
|
|
* Add ReadPackageIndex to gen implementation
|
|
|
|
* Add GenerateBuildEnvSBOM fn to SBOM generator
|
|
|
|
* Update Lima link
|
|
|
|
* update apko dependency to latest
|
|
|
|
* bump apko dependency
|
|
|
|
* pipelines: autoconf/configure: fix sysconfdir
|
|
|
|
* upgrade apko dependency to latest git
|
|
|
|
* build(deps): bump github.com/go-git/go-git/v5 from 5.5.1 to
|
|
|
|
5.5.2
|
|
|
|
* build(deps): bump google.golang.org/api from 0.105.0 to 0.106.0
|
|
|
|
* build(deps): bump actions/checkout from 3.2.0 to 3.3.0
|
|
|
|
* bump apko to latest git again for keyring fix
|
|
|
|
* fix typo
|
|
|
|
* index gen: Add loop throttle, mutex
|
|
|
|
* close lingering file descriptor
|
|
|
|
* sbom: handle spdxPkg.VerificationCode being a pointer in apko
|
|
|
|
git
|
|
|
|
* chase PublishImageFromLayer API change in apko
|
|
|
|
* update apko dependency to latest git for armv6/armv7 triplet
|
|
|
|
fixes
|
|
|
|
* go/install: also require git (#239)
|
|
|
|
* use lima to use melange on mac
|
|
|
|
* Advisories: Require pkg version for fixed status (#237)
|
|
|
|
* Parallel processing of packages.
|
|
|
|
* Make packageurl-go import direct
|
|
|
|
* add --namespace option to build subcommand
|
|
|
|
* SBOM: Generate purls for built packages
|
|
|
|
* Add namespace and arch fields to SBOM spec
|
|
|
|
* Drop distro qualifier from purls
|
|
|
|
* Add Go pipelines documentation
|
|
|
|
* Revamp go examples to use both pipleines
|
|
|
|
* New go/install pipeline
|
|
|
|
* go/build: Support changing module root
|
|
|
|
* Bump vex (#231)
|
|
|
|
* Remove extra field
|
|
|
|
* Add advisories and purls
|
|
|
|
* Export functionality for config parsing (#229)
|
|
|
|
* Apko devenv README
|
|
|
|
* Melange development environment
|
|
|
|
|
2023-03-22 14:14:58 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Mar 19 14:09:23 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
|
|
|
|
|
|
|
|
- new package melange: Build APKs from source code
|