b24e973cdc
Merge pull request #1125 from fluxcd/slsa3
...
Add SLSA3 generators to release workflow
2023-06-23 18:33:31 +03:00
91bd086607
Add SLSA3 generators to release workflow
...
Generate SLSA level 3 provenance attestations for the controller release assets and for the multi-arch container images.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-06-23 18:13:14 +03:00
bade8c9ea7
Merge pull request #1126 from fluxcd/fix-optimized-clone
...
Re-instantiate non-optimized clone fallback
2023-06-23 18:12:38 +03:00
60571c08f1
Disable "empty repository" Git test
...
This is required because the test fails with Git >=v2.41.0 due to
changes to commands used by the Git test server. Causing the server to
return an error when cloning an empty repository, instead of yielding
an empty object.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-06-23 16:58:05 +02:00
2f4b200571
Re-instantiate non-optimized clone fallback
...
This adds a bit back which got removed in
69f567bdc7
2023-06-23 15:53:11 +02:00
c758e666b7
Merge pull request #1124 from fluxcd/rm-optimized-clone-feat
...
gitrepo: remove `OptimizedGitClones` as a feature gate
2023-06-21 20:56:57 +05:30
69f567bdc7
gitrepo: remove `OptimizedGitClones` as a feature gate
...
Remove the `OptimizedGitClones` feature gate, making optimized Git
clones when using a branch or tag to checkout, the default behavior.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-06-21 16:48:18 +05:30
589bbc2fc9
Merge pull request #1120 from fluxcd/dependabot/github_actions/github/codeql-action-2.20.0
...
build(deps): bump github/codeql-action from 2.3.6 to 2.20.0
2023-06-19 16:18:49 +03:00
619f779d24
build(deps): bump github/codeql-action from 2.3.6 to 2.20.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.6 to 2.20.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](83f0fe6c49...6c089f53dd
2023-06-19 11:36:45 +00:00
ebb3c6dc13
Merge pull request #1123 from fluxcd/dependabot/github_actions/docker/build-push-action-4.1.1
...
build(deps): bump docker/build-push-action from 4.0.0 to 4.1.1
2023-06-19 13:36:08 +02:00
6afd813dc2
build(deps): bump docker/build-push-action from 4.0.0 to 4.1.1
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 4.0.0 to 4.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](3b5e8027fc...2eb1c1961a
2023-06-19 11:17:54 +00:00
3da89cb675
Merge pull request #1122 from fluxcd/dependabot/github_actions/docker/setup-buildx-action-2.7.0
...
build(deps): bump docker/setup-buildx-action from 2.6.0 to 2.7.0
2023-06-19 13:17:14 +02:00
10b76abf12
build(deps): bump docker/setup-buildx-action from 2.6.0 to 2.7.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.6.0 to 2.7.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](6a58db7e0d...ecf95283f0
2023-06-19 11:06:50 +00:00
e105dd78af
Merge pull request #1119 from fluxcd/dependabot/github_actions/docker/metadata-action-4.6.0
...
build(deps): bump docker/metadata-action from 4.5.0 to 4.6.0
2023-06-19 12:59:29 +02:00
97a701d0ed
build(deps): bump docker/metadata-action from 4.5.0 to 4.6.0
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](2c0bd771b4...818d4b7b91
2023-06-19 10:35:53 +00:00
15cdd7e61e
Merge pull request #1121 from fluxcd/dependabot/github_actions/goreleaser/goreleaser-action-4.3.0
...
build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0
2023-06-19 13:35:09 +03:00
535b762fef
build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](f82d6c1c34...336e29918d
2023-06-19 03:17:57 +00:00
a0ff0cfa88
Merge pull request #1117 from fluxcd/dependabot/github_actions/docker/metadata-action-4.5.0
...
build(deps): bump docker/metadata-action from 4.4.0 to 4.5.0
2023-06-12 12:44:52 +02:00
83378468f8
build(deps): bump docker/metadata-action from 4.4.0 to 4.5.0
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](c4ee3adeed...2c0bd771b4
2023-06-12 09:54:02 +00:00
b767a9da21
Merge pull request #1116 from fluxcd/dependabot/github_actions/docker/setup-buildx-action-2.6.0
...
build(deps): bump docker/setup-buildx-action from 2.5.0 to 2.6.0
2023-06-12 11:53:21 +02:00
7b9ac95d9f
build(deps): bump docker/setup-buildx-action from 2.5.0 to 2.6.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](4b4e9c3e2d...6a58db7e0d
2023-06-12 09:39:31 +00:00
90c65b837f
Merge pull request #1114 from fluxcd/dependabot/github_actions/docker/setup-qemu-action-2.2.0
...
build(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0
2023-06-12 11:38:53 +02:00
36b3073622
build(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](e81a89b173...2b82ce82d5
2023-06-12 09:28:22 +00:00
1af591f16a
Merge pull request #1115 from fluxcd/dependabot/github_actions/actions/checkout-3.5.3
...
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
2023-06-12 11:27:45 +02:00
b005657e13
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-12 09:11:28 +00:00
f4a0cc7c93
Merge pull request #1118 from fluxcd/dependabot/github_actions/docker/login-action-2.2.0
...
build(deps): bump docker/login-action from 2.1.0 to 2.2.0
2023-06-12 11:04:21 +02:00
0c611d506c
build(deps): bump docker/login-action from 2.1.0 to 2.2.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](f4ef78c080...465a07811f
2023-06-12 03:05:58 +00:00
9c5c89c3e8
Merge pull request #1113 from fluxcd/dependabot/github_actions/github/codeql-action-2.3.6
...
build(deps): bump github/codeql-action from 2.3.5 to 2.3.6
2023-06-05 08:28:47 +02:00
8f95f40aa0
build(deps): bump github/codeql-action from 2.3.5 to 2.3.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49
2023-06-05 03:05:27 +00:00
1c731a535e
Merge pull request #1112 from fluxcd/release-v1.0.0-rc.5
...
Release v1.0.0-rc.5
2023-06-01 12:57:50 +05:30
b965e62251
Release v1.0.0-rc.5
...
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-06-01 12:35:21 +05:30
96988f34d9
Merge pull request #1111 from fluxcd/bump-git
...
Bump `fluxcd/pkg/git/gogit` to v0.12.0
2023-05-31 19:49:53 +05:30
afaa987885
bump fluxcd/pkg/git/gogit to v0.12.0
...
Bump `fluxcd/pkg/git/gogit` to v0.12.0 to enable support for Git servers
that use v2 of the wire protocol, such as Azure Devops and AWS
CodeCommit. Fixes a regression introduced in v1.0.0.-rc.4.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-05-31 19:20:57 +05:30
44e64f6d3d
Merge pull request #1107 from fluxcd/dependabot/go_modules/github.com/sigstore/rekor-1.2.0
...
build(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0
2023-05-29 14:20:51 +03:00
c432747731
build(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0
...
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor ) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/sigstore/rekor/releases )
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-29 11:09:17 +00:00
0c6633f81c
Merge pull request #1108 from fluxcd/dependabot/github_actions/github/codeql-action-2.3.5
...
build(deps): bump github/codeql-action from 2.3.3 to 2.3.5
2023-05-29 10:26:35 +03:00
6bcc7ef28c
build(deps): bump github/codeql-action from 2.3.3 to 2.3.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...0225834cc5
2023-05-29 03:06:13 +00:00
98d1402158
Merge pull request #1106 from aryan9600/release-v1.0.0-rc.4
...
Release v1.0.0-rc.4
2023-05-26 15:02:18 +03:00
17a5a479f7
Release v1.0.0-rc.4
...
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-05-26 16:50:23 +05:30
6c05a55f52
Merge pull request #1105 from aryan9600/bump-git
...
Update dependencies; switch to `go-git/go-git` and `pkg/tar`
2023-05-26 12:14:45 +03:00
ef1df00fda
switch from `fluxcd/pkg/untar` to `fluxcd/pkg/tar`
...
Switch from `fluxcd/pkg/untar` to `fluxcd/pkg/tar` v0.2.0 as the former
has been deprecated. Ref: https://github.com/fluxcd/pkg/blob/main/untar/go.mod#L1
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-05-26 13:46:56 +05:30
68244b7d31
update dependencies and switch to `go-git/go-git`
...
* github.com/fluxcd/pkg/git => v0.12.2
* github.com/fluxcd/pkg/git/gogit => v0.11.1
* github.com/fluxcd/pkg/gittestserver => v0.8.4
* github.com/fluxcd/pkg/oci => v0.27.0
* github.com/fluxcd/pkg/sourceignore => v0.3.4
Switch from `fluxcd/go-git`to `go-git/go-git` v5.7.0, as all changes made
to our fork have been contributed back upstream.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2023-05-26 13:46:48 +05:30
75a30f9d29
Merge pull request #1104 from fluxcd/update-ctrl-runtime
...
Update controller-runtime and Kubernetes dependencies
2023-05-24 09:16:03 +02:00
eeef91a4b9
Update controller-runtime (v0.15) and K8s (v1.27)
...
This deals with various breaking changes in controller-runtime, as
documented in the release notes:
https://github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.15.0
In short:
- `Watches` now use a `client.Object` instead of a `source.Kind`.
- `handler.MapFunc` signature accepts a Go context, which is used to
log any errors, instead of silently ignoring them and/or panicking.
- Fake clients used in tests are now configured using
`WithStatusSubresource` to enable the correct behavior for status
updates and patches.
- Max concurrent reconciles is configured on the manager, instead of
configuring them per reconciler instance.
- Various manager configuration options have been moved to new
structures and/or fields.
In addition to this, all other dependencies which had updates are
updated to their latest (compatible) versions as well.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-05-24 09:05:42 +02:00
fc0df4dfa3
api: update dependencies
...
- github.com/fluxcd/pkg/apis/meta to v1.1.0
- k8s.io/apimachinery to v0.27.2
- sigs.k8s.io/controller-runtime to v0.15.0
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-05-23 23:49:58 +02:00
27e2ca97af
Merge pull request #1083 from fluxcd/dependabot/go_modules/github.com/sigstore/rekor-1.1.1
...
build(deps): bump github.com/sigstore/rekor from 0.12.1-0.20220915152154-4bb6f441c1b2 to 1.1.1
2023-05-22 11:57:50 +02:00
f8c8b157e0
build(deps): bump github.com/sigstore/rekor
...
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor ) from 0.12.1-0.20220915152154-4bb6f441c1b2 to 1.1.1.
- [Release notes](https://github.com/sigstore/rekor/releases )
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/rekor/commits/v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-22 09:36:47 +00:00
22aee8dccd
Merge pull request #1096 from fluxcd/cosign-v2
...
Update cosign to v2
2023-05-22 11:34:20 +02:00
0ec49784b5
oci: sort remaining quirks in cosign verify logic
...
This commit properly sets `IgnoreTlog` to `true` when a public key is
provided to check the signature against, which matches the (silent)
default behavior from cosign v1.
However, during this exercise it has become apparant that this
assumption isn't necessarily true. As you can theoretically have a
custom key and a tlog entry.
Given this, we should inventarise the possible configuration options
and the potential value they have to users (e.g. defining a custom
Rekor URL seems to be valuable as well), and extend our API to
facilitate these needs.
In addition to the above, the CTLog public keys are now properly
retrieved to avoid a `none of the CTFE keys have been found` error.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-05-22 11:08:16 +02:00
f58c229bc6
Update cosign to v2
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2023-05-22 11:08:12 +02:00
Stefan Prodan
Hidde Beydals
Sanskar Jaiswal
dependabot[bot]
Max Jonas Werner
Hidde Beydals