Releases: chainloop-dev/chainloop
Releases · chainloop-dev/chainloop
v0.80.1
What's Changed
- Bump Helm Chart Version => v0.75.2 by @github-actions in #575
- chore: upgrade Dagger module for Chainloop v0.72.2 by @migmartri in #576
- chore(deps): Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @dependabot in #579
- chore(deps): Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot in #580
- feat(api): add workflow run describe API endpoint by @migmartri in #577
- Let's take the Dagger module to the next level :) by @shykes in #581
- chore(ci): disable dagger linter by @migmartri in #583
- feat(metrics): add runs by day and update returned types by @migmartri in #584
- chore: rename pagination options by @migmartri in #585
- chore(docs): migrate Chainloop docs to the main repo by @danlishka in #568
- feat(controlplane): support providing connection string by @migmartri in #592
- chore(docs): upgrading docusaurus by @migmartri in #594
- chore(dagger module): minor follow-up items for dagger module by @migmartri in #586
- chore(deps): Bump the npm_and_yarn group group in /docs with 1 update by @dependabot in #597
- fix(dagger): container authentication by @migmartri in #598
- feat(dagger): sync method by @migmartri in #599
- chore(ci): fix dagger linter by @migmartri in #604
- feat(controlplane): make contract-names unique and DNS1123 compatible by @migmartri in #601
- chore(deps): Bump github.com/jackc/pgx/v4 from 4.18.1 to 4.18.2 by @dependabot in #606
- feat(controlplane): unique workflow name and formatted project by @migmartri in #605
- docs: document dagger module and runner by @migmartri in #607
- feat(controlplane): workflow contract description support by @migmartri in #608
- Bump Helm Chart Version => v0.80.0 by @github-actions in #609
- fix(controlplane): support soft-deleted items on name constraint by @migmartri in #613
New Contributors
Full Changelog: v0.75.2...v0.80.1
Contributors
danlishka, migmartri, and 2 other contributors
Assets 15
v0.80.0
What's Changed
- Bump Helm Chart Version => v0.75.2 by @github-actions in #575
- chore: upgrade Dagger module for Chainloop v0.72.2 by @migmartri in #576
- chore(deps): Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @dependabot in #579
- chore(deps): Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot in #580
- feat(api): add workflow run describe API endpoint by @migmartri in #577
- Let's take the Dagger module to the next level :) by @shykes in #581
- chore(ci): disable dagger linter by @migmartri in #583
- feat(metrics): add runs by day and update returned types by @migmartri in #584
- chore: rename pagination options by @migmartri in #585
- chore(docs): migrate Chainloop docs to the main repo by @danlishka in #568
- feat(controlplane): support providing connection string by @migmartri in #592
- chore(docs): upgrading docusaurus by @migmartri in #594
- chore(dagger module): minor follow-up items for dagger module by @migmartri in #586
- chore(deps): Bump the npm_and_yarn group group in /docs with 1 update by @dependabot in #597
- fix(dagger): container authentication by @migmartri in #598
- feat(dagger): sync method by @migmartri in #599
- chore(ci): fix dagger linter by @migmartri in #604
- feat(controlplane): make contract-names unique and DNS1123 compatible by @migmartri in #601
- chore(deps): Bump github.com/jackc/pgx/v4 from 4.18.1 to 4.18.2 by @dependabot in #606
- feat(controlplane): unique workflow name and formatted project by @migmartri in #605
- docs: document dagger module and runner by @migmartri in #607
- feat(controlplane): workflow contract description support by @migmartri in #608
New Contributors
Full Changelog: v0.75.2...v0.80.0
Contributors
danlishka, migmartri, and 2 other contributors
Assets 15
v0.75.2
This is a security re-build after Go 1.22.1 release
What's Changed
- Bump Helm Chart Version => v0.75.1 by @github-actions in #566
- feat(cli): organization membership by @migmartri in #567
- chore(cli): remove invitation from top-level org cmd by @migmartri in #571
- chore(cli): update allowList message by @migmartri in #570
- chore: upgrade golang to 1.22.1 by @migmartri in #574
- doc: update images in readme by @migmartri in #573
Full Changelog: v0.75.1...v0.75.2
Contributors
migmartri
Assets 15
v0.75.1
Chainloop release cadence is picking up speed this time with a long-awaited feature, role-based access control.
Authorization layer
#552 introduced a role based access control (RBAC) layer where uses can be within three categories viewers, admins or owners. The policy definition of each role is described in this live document.
Now, you can see the role you've assigned in each organization you are part of
$ chainloop organization ls
┌──────────────────────────────────────┬────────────────┬─────────┬───────┬─────────────────────┐
│ ORG ID │ ORG NAME │ CURRENT │ ROLE │ JOINED AT │
├──────────────────────────────────────┼────────────────┼─────────┼───────┼─────────────────────┤
│ 93d02275-853c-4ad6-9d60-8f562b123fd2 │ read-only-demo │ false │ admin │ 10 Jul 23 09:23 UTC │
├──────────────────────────────────────┼────────────────┼─────────┼───────┼─────────────────────┤
│ d3e9f368-495f-4697-910c-b5fe68468552 │ chainloop │ true │ admin │ 03 Jan 23 13:25 UTC │
├──────────────────────────────────────┼────────────────┼─────────┼───────┼─────────────────────┤
│ 9d827670-24e5-40ce-b9ce-f9221f95eff9 │ test-read-only │ false │ owner │ 04 Mar 24 14:31 UTC │
├──────────────────────────────────────┼────────────────┼─────────┼───────┼─────────────────────┤
│ 842f5931-21a4-4e17-98a4-970e95999b08 │ chainloop-test │ false │ admin │ 04 Jan 23 00:05 UTC │
└──────────────────────────────────────┴────────────────┴─────────┴───────┴─────────────────────┘
and invite users to your organization with a specific role in mind.
chainloop organization invitation create --receiver john@cyberdyne.io --role viewer
┌──────────────────────────────────────┬───────────────────┬────────┬─────────┬─────────────────────┐
│ ID │ RECEIVER EMAIL │ ROLE │ STATUS │ CREATED AT │
├──────────────────────────────────────┼───────────────────┼────────┼─────────┼─────────────────────┤
│ ed3a5ed2-c8fa-4ba8-bbf6-fbfe70ed8ab2 │ john@cyberdyne.io │ viewer │ pending │ 04 Mar 24 19:17 UTC │
└──────────────────────────────────────┴───────────────────┴────────┴─────────┴─────────────────────┘
and soon, see and manage each member of your organization #558
What's Changed
- Bump Helm Chart Version => v0.70.0 by @github-actions in #549
- feat(authz): implement read-only viewer role by @migmartri in #552
- feat(controlplane): scope invitation system by @migmartri in #553
- feat(controlplane): show role information in API by @migmartri in #554
- chore(db): update workflow_run revision used by @migmartri in #557
- chore(controlplane): continue invite system org scope by @migmartri in #555
- refactor: move membership API service to user by @migmartri in #559
- feat(controlplane): set role during invitation by @migmartri in #556
- feat(controlplane): org membership API by @migmartri in #560
- feat(controlplane): domain based allow-listing by @migmartri in #563
- Bump Helm Chart Version => v0.75.0 by @github-actions in #564
- fix: allow viewers to change or leave the org by @migmartri in #565
Full Changelog: v0.70.0...v0.75.1
Contributors
migmartri
Assets 15
v0.75.0
Changelog
- 9aa4bbf feat(controlplane): domain based allow-listing (#563)
- 5c96736 feat(controlplane): org membership API (#560)
- 94c01b9 feat(controlplane): set role during invitation (#556)
- 7fe4aa9 refactor: move membership API service to user (#559)
- 908a8e6 chore(controlplane): continue invite system org scope (#555)
- ef06a7c chore(db): update workflow_run revision used (#557)
- 5bb14e4 feat(controlplane): show role information in API (#554)
- 1b6c0aa feat(controlplane): scope invitation system (#553)
- aaabbc6 feat(authz): implement read-only viewer role (#552)
- f723f4c Bump Helm Chart Version => v0.70.0 (#549)
v0.70.0
Highlights
Hierarchical Dependency-Track project support
@sedan07 extended the dependency-Track plugin to support attaching automatically created projects to existing parent projects. This enables setting up hierarchical configurations out of the box. More on that #534
To leverage this feature, you must provide parentID alongside the projectName during the integration attachment.
What's Changed
- Bump Helm Chart Version => v0.66.0 by @github-actions in #527
- chore(dagger): upgrade client to v0.66 by @migmartri in #526
- fix(controlplane): handle org update duplicates by @migmartri in #529
- chore(ci): bump chainloop version by @migmartri in #530
- docs(dagger): update module readme by @migmartri in #533
- chore: improve org name error message by @migmartri in #537
- feat(controlplane): add workflow description by @migmartri in #541
- feat(dependency-track): support parent ID for autocreate projects (#534) by @sedan07 in #543
- feat: expose latest_revision on workflow by @migmartri in #542
- chore(dagger): bump module to stable v0.10.0 by @migmartri in #548
- feat(controlplane): filter workflow runs by status by @migmartri in #547
- chore: improvements on org management by @migmartri in #546
New Contributors
Full Changelog: v0.66.0...v0.70.0
Contributors
migmartri and sedan07
Assets 15
v0.66.0
What's Changed
- Bump Helm Chart Version => v0.65.0 by @github-actions in #519
- feat(dagger): support explicit OCI credentials by @migmartri in #514
- fix(controlplane): detect environment in server by @migmartri in #520
- chore(dagger): add description by @migmartri in #522
- feat(controlplane): make organization names unique by @migmartri in #525
Full Changelog: v0.65.0...v0.66.0
Contributors
migmartri
Assets 15
v0.65.0
This is a release focused on improving our Dagger module support.
What's Changed
- Bump Helm Chart Version => v0.60.0 by @github-actions in #500
- feat: dagger module by @migmartri in #502
- chore: upgrade module to support dagger 0.9.9+ by @migmartri in #504
- feat(dagger): leverage secret types by @migmartri in #505
- feat: brings back local attestation protection by @migmartri in #510
- feat(dagger): support non-artifact materials by @migmartri in #512
- feat(attestation): explicit OCI credentials support by @migmartri in #513
- feat(dagger): support attestation of git repositories by @migmartri in #517
- feat: dagger runner context support by @migmartri in #516
- feat(cli): automatically discover runner context by @migmartri in #518
Full Changelog: v0.60.0...v0.65.0
Contributors
migmartri
Assets 15
v0.60.0
Highlights
Remote Attestation State
Chainloop now supports a stateless attestation process #494.
This feature is disabled by default, to enable it you need to pass the --remote-state flag
$ chainloop att init --remote-state
┌───────────────────┬──────────────────────────────────────┐
│ Initialized At │ 12 Feb 24 15:50 UTC │
├───────────────────┼──────────────────────────────────────┤
│ Attestation ID │ c8bac112-508c-4ab8-8ff2-9b7f22714628 │
│ Name │ test │
│ Team │ │
This state of the attestation is being stored now in Chainloop!
Subsequently, to continue with the attestation process, the attestation ID, returned by the init process needs to be provided as well.
For example, to add materials, now:
$ chainloop att add --name artifact --value ./test.jar --remote-state --attestation-id c8bac112-508c-4ab8-8ff2-9b7f22714628
INF material added to attestation
The same applies to the reset or push methods.
What's Changed
- Bump Helm Chart Version => v0.56.0 by @github-actions in #482
- chore(deps): Bump CHAINLOOP_VERSION to use latest Chainloop CLI by @danlishka in #486
- chore(deps): Bump the anchore/sbom-action version by @danlishka in #485
- feat: release CLI as container image by @migmartri in #487
- chore(deps): Bump github.com/opencontainers/runc from 1.1.9 to 1.1.12 by @dependabot in #489
- chore(deps): Bump github.com/moby/moby from 24.0.5+incompatible to 24.0.9+incompatible by @dependabot in #490
- fix(authZ): propagate new policies across replicas by @migmartri in #484
- refactor(cli): modularize current state management code by @migmartri in #493
- chore(cli): make attestation cmds context aware by @migmartri in #497
- chore(api): move attestation API to common package by @migmartri in #496
- feat(api): remote attestation state API by @migmartri in #495
- feat(cli): remote attestation state support by @migmartri in #499
Full Changelog: v0.56.0...v0.60.0
Contributors
danlishka, migmartri, and dependabot
Assets 15
v0.56.0
Chainloop Attestation Report here 🚀 🥳
Highlights
Authorization backend
This release sets the foundation of an authorization layer and enables it to our APITokens authentication method #474
This means that now unattended APITokens meant to be used by automation have a more granular, and restrictive, access level.
In the following demo you can see how the underlying policies are attached/removed during API-token creation/revocation.
Below, you'll see how only the allowed routes go through, and the rest get intercepted by the new backend.
CycloneDX 1.5 support
Chainloop now supports the latest version of the CycloneDX SBOM format as material type during attestations.
What's Changed
- Bump Helm Chart Version => v0.55.0 by @github-actions in #469
- chore(deps): Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #472
- chore(deps): Bump github.com/containerd/containerd from 1.7.5 to 1.7.11 by @dependabot in #473
- chore(deps): Bump github.com/go-git/go-git/v5 from 5.9.0 to 5.11.0 by @dependabot in #475
- chore: happy new year by @migmartri in #476
- fix: allow downloading artifacts with http clients by @migmartri in #471
- chore(deps): Bump github.com/cloudflare/circl from 1.3.5 to 1.3.7 by @dependabot in #477
- feat: add support for CycloneDX 1.5 by @migmartri in #480
- feat: authorization backend for API tokens by @migmartri in #474
- fix(docs): devel README instructions by @fgallina in #481
Full Changelog: v0.55.0...v0.56.0
Contributors
migmartri, fgallina, and dependabot