Skip to content

Releases: chainguard-dev/melange

Release v0.5.7

03 Feb 17:02
13c0c4e
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.5.6...v0.5.7

Release v0.5.6

22 Jan 20:24
eb44fc3
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.5.5...v0.5.6

Release v0.5.5

21 Dec 13:27
3a7d2fc
Compare
Choose a tag to compare

What's Changed

  • update release to add some clarification regarding the homebrew by @cpanato in #876
  • Pull in go-apk with provider_priority ini fix. by @mattmoor in #878
  • Set a default env var for GOMODCACHE. by @dlorenc in #880
  • convert: sort packages alphabetically by @imjasonh in #889
  • Mark update.manual as an optional field. by @wlynch in #877
  • build(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 by @dependabot in #897
  • build(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 by @dependabot in #898
  • build(deps): bump actions/setup-go from 4 to 5 by @dependabot in #886
  • build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.11.0 by @dependabot in #881
  • build(deps): bump github.com/kubescape/go-git-url from 0.0.25 to 0.0.26 by @dependabot in #884
  • build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #887
  • build(deps): bump cloud.google.com/go/storage from 1.35.1 to 1.36.0 by @dependabot in #893
  • bump upload/download github actions by @cpanato in #900
  • build(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 by @dependabot in #883
  • build(deps): bump google.golang.org/api from 0.152.0 to 0.154.0 by @dependabot in #892
  • build(deps): bump github.com/lima-vm/lima from 0.18.0 to 0.19.1 by @dependabot in #895

Full Changelog: v0.5.4...v0.5.5

Release v0.5.4

04 Dec 20:42
bc76a37
Compare
Choose a tag to compare

What's Changed

  • improve 'melange convert python' to remove manual steps by @imjasonh in #846
  • fix docs for --runner by @imjasonh in #848
  • format manifests with yam by @imjasonh in #849
  • convert python: don't overwrite existing files by @imjasonh in #850
  • default --use-github=true by @imjasonh in #847
  • fix and continuously validate SBOMs by @imjasonh in #851
  • Add jsonschema generation binary. by @wlynch in #861
  • Fix lints, or ignore safe ones. No functional changes. by @vaikas in #865
  • Fix the lint warnings in pkg/linter by @vaikas in #866
  • UTC-ify source date epoch when set by @imjasonh in #868
  • support resource requests and timeouts by @imjasonh in #869
  • Fix capitalization of SBOM originators by @imjasonh in #867
  • Add Test pipelines by @vaikas in #864
  • cleanup: don't use pkg/errors by @imjasonh in #870
  • Ensure jsonschema is kept up to date. by @wlynch in #862
  • build(deps): bump github.com/klauspost/compress from 1.17.2 to 1.17.4 by @dependabot in #874
  • build(deps): bump google.golang.org/api from 0.150.0 to 0.152.0 by @dependabot in #873
  • build(deps): bump go.opentelemetry.io/otel from 1.20.0 to 1.21.0 by @dependabot in #857
  • build(deps): bump k8s.io/apimachinery from 0.28.3 to 0.28.4 by @dependabot in #853
  • build(deps): bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7 by @dependabot in #852
  • prefix should be /usr by @lpcalisi in #863
  • schema: update for new test pipeline configuration by @kaniini in #875
  • build(deps): bump k8s.io/client-go from 0.28.3 to 0.28.4 by @dependabot in #855
  • build(deps): bump chainguard.dev/apko from 0.11.3-0.20231103184130-c376bfafbda0 to 0.12.0 by @dependabot in #872
  • build(deps): bump golang.org/x/sys from 0.14.0 to 0.15.0 by @dependabot in #871

New Contributors

Full Changelog: v0.5.3...v0.5.4

Release v0.5.3

16 Nov 12:14
728624e
Compare
Choose a tag to compare

What's Changed

  • use forked alpine-go in go-apk by @imjasonh in #815
  • test runtime replacements by @imjasonh in #837
  • apply substitutions to .environment.contents.packages by @imjasonh in #838
  • update go-apk dependency by @imjasonh in #842
  • build(deps): bump cloud.google.com/go/storage from 1.33.0 to 1.35.1 by @dependabot in #840
  • build(deps): bump google.golang.org/api from 0.149.0 to 0.150.0 by @dependabot in #835
  • move spammy logs to debugf by @imjasonh in #807
  • pipelines: go/build: add support for go.mod overlay files by @kaniini in #843
  • build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 by @dependabot in #841
  • build(deps): bump go.opentelemetry.io/otel from 1.19.0 to 1.20.0 by @dependabot in #839
  • build(deps): bump golang.org/x/time from 0.3.0 to 0.4.0 by @dependabot in #825
  • build(deps): bump github.com/sigstore/cosign/v2 from 2.2.0 to 2.2.1 by @dependabot in #836
  • Update release.md by @imjasonh in #844

Full Changelog: v0.5.2...v0.5.3

Release v0.5.2

09 Nov 14:07
ecd6ea9
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.5.1...v0.5.2

Release v0.5.1

16 Oct 17:05
7a6447a
Compare
Choose a tag to compare

What's Changed

  • update with 0.5.0 changes by @joshrwolf in #740
  • Fix and update deprecated fields for goreleaser by @cpanato in #741
  • Track vendored deps for .PKGINFO by @jonjohnsonjr in #721
  • Extricate config stuff from linter. by @Elizafox in #746
  • build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #749
  • build(deps): bump sigs.k8s.io/release-utils from 0.7.5-0.20230601212346-3866fe05b204 to 0.7.5 by @dependabot in #745
  • build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 by @dependabot in #744
  • Add function to lint APK files. by @Elizafox in #750
  • linter: fix a typo in package linting function by @Elizafox in #752
  • build(deps): bump google.golang.org/api from 0.143.0 to 0.146.0 by @dependabot in #751
  • Fix a bug where substitutions were not done for runtime. by @vaikas in #754
  • build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in #755
  • build(deps): bump github.com/lima-vm/lima from 0.17.2 to 0.18.0 by @dependabot in #756
  • build(deps): bump google.golang.org/api from 0.146.0 to 0.147.0 by @dependabot in #757
  • build(deps): bump github.com/klauspost/compress from 1.17.0 to 1.17.1 by @dependabot in #758

Full Changelog: v0.5.0...v0.5.1

Release v0.5.0

05 Oct 19:52
b54700f
Compare
Choose a tag to compare

What's Changed

  • Rename Contexts to Builds by @jonjohnsonjr in #525
  • Add missing context propagation by @jonjohnsonjr in #527
  • Bug fix: silent env var replacement by @luhring in #533
  • Add otel spans by @jonjohnsonjr in #529
  • Bump apko dep to pick up otel spans by @jonjohnsonjr in #535
  • docs: explain how build cache works practically by @luhring in #537
  • build: package: forcibly treat libc as a shared library by @kaniini in #538
  • Change git-checkout depth default to 1 by @luhring in #539
  • Fix/python version issue by @mesaglio in #532
  • pull in apko with fix for blank SOURCE_DATE_EPOCH by @deitch in #542
  • Remove use of deprecated WaitImmediate by @jonjohnsonjr in #528
  • lima startup issues fixed by @deitch in #543
  • add dir option to ruby pipelines as not all gemspecs live in the root… by @rawlingsj in #544
  • K8s runner template bugs by @joshrwolf in #550
  • K8s runner retry exec by @joshrwolf in #549
  • Refactor some pipelines to more safely use pipeline expansions by @kaniini in #554
  • Default remove builder by @joshrwolf in #552
  • use go-apk.FullFS for retrieving builder workspaces by @joshrwolf in #548
  • Correct the variable name in the patch pipeline by @mattmoor in #555
  • Stop breaking github action. by @mesaglio in #546
  • Pod names must be RFC1123 compliant by @mattmoor in #557
  • K8s runner fetch workspace tgz by @joshrwolf in #551
  • Avoid using pargzip for compression by @jonjohnsonjr in #558
  • Add more otel spans to k8s runner by @jonjohnsonjr in #565
  • build(deps): bump k8s.io/client-go from 0.27.3 to 0.27.4 by @dependabot in #562
  • skip the cache mount for kubernetes runner builds by @joshrwolf in #566
  • Make sure we log errors. by @mattmoor in #570
  • Log errors bundling, enable GGCR Warn/Progress logs by @mattmoor in #574
  • add k8s runner config loading from envvars by @joshrwolf in #571
  • Remove wget -q from fetch by @mattmoor in #575
  • Several fixes to k8s runner. by @mattmoor in #578
  • Tweak the strip pipeline so that it never fails for deleted files by @mattmoor in #573
  • convert/python: check if release is found by @Dentrax in #572
  • Fix subpackage SBOM generation by @jonjohnsonjr in #569
  • build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 by @dependabot in #530
  • build(deps): bump github.com/klauspost/pgzip from 1.2.5 to 1.2.6 by @dependabot in #561
  • build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 by @dependabot in #564
  • build(deps): bump google.golang.org/api from 0.129.0 to 0.133.0 by @dependabot in #576
  • build(deps): bump github.com/docker/docker from 24.0.2+incompatible to 24.0.5+incompatible by @dependabot in #577
  • build(deps): bump google.golang.org/api from 0.133.0 to 0.134.0 by @dependabot in #580
  • build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.1 by @dependabot in #579
  • Refactor the config/logging stuff out of build by @Elizafox in #581
  • renovate: update to use new config infrastructure by @Elizafox in #585
  • pipelines: meson/configure: explicitly invoke meson setup action by @kaniini in #582
  • Updates on ci and release by @cpanato in #583
  • Make var transforms work in bump by @Elizafox in #586
  • container: bubblewrap: do not defer closing files by @kaniini in #596
  • build: package: add pkgconf-based SCA to catalog SDKs which use it by @kaniini in #590
  • doc and lint revisions by @jessp01 in #598
  • build(deps): bump google.golang.org/api from 0.134.0 to 0.136.0 by @dependabot in #597
  • build(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0 by @dependabot in #594
  • build(deps): bump github.com/lima-vm/lima from 0.16.0 to 0.17.0 by @dependabot in #593
  • build(deps): bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1 by @dependabot in #592
  • Version transform block in melange by @Elizafox in #588
  • Add docs about custom pipelines, defining and using. by @vaikas in #604
  • Support for setting context in .melange.k8s.yaml by @tcnghia in #605
  • allow override go version for uses: go/build and go/install by @rawlingsj in #606
  • add melange sign command, slightly refactor and make public the signing methods by @joshrwolf in #607
  • plumb through SDE to EmitSignature by @joshrwolf in #608
  • support substitutions in provides lists by @imjasonh in #610
  • Set reasonable concurrency levels for pgzip by @jonjohnsonjr in #611
  • Bump pkgconfig to pick up the openblas fix. by @dlorenc in #612
  • Bump pkg-config again to actually pick up the openblas fix. by @dlorenc in #618
  • Add ${{targets.contextdir}} by @kaniini in #622
  • add --force option to recreate apk indexes with given signatures by @joshrwolf in #626
  • sign: do not rename across device boundaries by @kaniini in #627
  • Fix the links to commands, fix the URLs generated. by @vaikas in #624
  • cli: index: add --signing-key, --source and --merge options by @kaniini in #629
  • docs: typo in go-build example by @acuteaura in #630
  • Bump apko and fix everything I broke by @jonjohnsonjr in #631
  • Print the path to generated melange config. by @vaikas in #636
  • feat: support --recurse-submodules in git clone by @stormqueen1990 in #639
  • readlinkfs: ignore some security-module specific xattrs by @kaniini in #640
  • Add --wolfi-defaults flag, clean up flag handling. by @vaikas in #641
  • Start of exhaustively documenting the build file. by @vaikas in #609
  • Add a maven/configure-mirror pipeline to redirect to GCP. by @dlorenc in #644
  • Add flags for resolving git tags, release-monitoring by @vaikas in #643
  • add builtin pipelines for python by @imjasonh in #642
  • remove extra backtick. by @vaikas in #647
  • Bunch of lint fixes. No functional changes. by @vaikas in #645
  • Change GeneratedMelangeConfig to embed pkg/config/config instead of redefining it. by @vaikas in #650
  • Fix syntax in maven pipeline (and add test). by @dlorenc in #652
  • package: dereference symlinks for aliased pkg-config modules by @kaniini in #653
  • Fix issue: #658 by @vaikas in #659
  • feat: add output logs for the apkbuild converter by @stormqueen1990 in #660
  • Change default python-v...
Read more

Release v0.4.0

30 Jun 23:14
784821d
Compare
Choose a tag to compare
Release v0.4.0 Pre-release
Pre-release

What's Changed

  • update NEWS for melange 0.3.0. by @kaniini in #357
  • Add darwin goreleaser target (macOS) by @jdolitsky in #359
  • Upgrade go to 1.20 and clean up ci by @cpanato in #358
  • Allow construction of empty packages without environment/pipelines by @kaniini in #360
  • build: fix SBOM language gathering for subpackage pipelines by @kaniini in #361
  • package: allow any library which has a SONAME to be a provider by @kaniini in #362
  • Fix goreleaser cosign flags by @jdolitsky in #365
  • Bump apko to pick up busybox detection fix. by @dlorenc in #366
  • melange bump: optional flag to modify git-checkout pipeline expected-… by @rawlingsj in #367
  • make original test commit sha different from the new expected sha to … by @rawlingsj in #368
  • fix: log package new names+versions when regenerating index by @imjasonh in #369
  • add a update.manual: key to indicate a package should be manually u… by @rawlingsj in #371
  • Add --arch to melange index to skip packages with the wrong arch by @kaniini in #372
  • index: rework architecture filtering by @kaniini in #375
  • feat: respect target-architecture to filter archs by @imjasonh in #376
  • export mutate functions as these are very useful to be called outside… by @rawlingsj in #377
  • update to apko git by @kaniini in #379
  • Use logrus for logging, like apko by @kaniini in #380
  • build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2 by @dependabot in #382
  • build(deps): bump actions/add-to-project from 0.4.1 to 0.5.0 by @dependabot in #373
  • feat: send useragent in HTTP requests by @imjasonh in #378
  • upgrade alpine pkgs lima by @developer-guy in #289
  • build(deps): bump google.golang.org/api from 0.114.0 to 0.116.0 by @dependabot in #383
  • Upgrade to apko 0.7.4-20230411 snapshot. by @kaniini in #386
  • Use formatted YAML encoder from yam by @luhring in #385
  • build: package: append subpackages to build log by @kaniini in #387
  • pipelines: autoconf/make-install: delete all GNU libtool metadata files by @kaniini in #388
  • Do not depend on concrete logger by @luhring in #389
  • Print full uri to debug file download errors by @patflynn in #390
  • update apko to 20230413 snapshot by @kaniini in #391
  • fix 403 error when melange bumping some packages, https://www.netfilt… by @rawlingsj in #392
  • build(deps): bump actions/checkout from 3.5.0 to 3.5.2 by @dependabot in #393
  • Fix parse configuration's use of abstract filesystems by @luhring in #395
  • update apko dependency to 20230419 snapshot by @kaniini in #397
  • update apko to 20230420, use apko log.Logger everywhere by @kaniini in #399
  • build(deps): bump google.golang.org/api from 0.116.0 to 0.119.0 by @dependabot in #398
  • upgrade apko to 20230421 snapshot by @kaniini in #400
  • build(deps): bump github.com/docker/docker from 23.0.3+incompatible to 23.0.4+incompatible by @dependabot in #402
  • cli: build: warn when no work to do instead of throwing an error by @kaniini in #403
  • bump to latest apko which handles file overwrites by @deitch in #404
  • add a strip-suffix: key to melange update struct to indicate strippin… by @rawlingsj in #405
  • add ignore-regex-patterns update config to indicate you want to ign… by @rawlingsj in #406
  • simplify DataItems to use the builtin marshallable map type by @joshrwolf in #407
  • update alpine-go to include replaces hotfix by @kaniini in #410
  • use go-apk library instead of apko by @deitch in #411
  • move signing funcs to rely on external go-apk library by @deitch in #412
  • build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.6.1-0.20230428211436-f22972d078c8 to 0.7.0 by @dependabot in #414
  • Add name method to build config by @luhring in #419
  • build: add support for configurable logging policies by @kaniini in #420
  • Add trimpath to the go pipeline. by @dlorenc in #424
  • build: package: skip SONAME analysis when ELF interpreter setting is present by @kaniini in #425
  • chore: improve mac quick-start guide by @AlexsJones in #427
  • Add an optional "deps" paramter to the go/build pipeline. by @dlorenc in #428
  • pipelines: patch: add support for quilt patch-series files by @kaniini in #429
  • build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 by @dependabot in #432
  • Set builddate in our .PKGINFO control data. by @mattmoor in #435
  • use latest version of melange in lima configuration file by @developer-guy in #436
  • add multiple runner options by @deitch in #263
  • Add go vendor support to the go build pipeline. by @dlorenc in #440
  • add configuration field inline docs by @joshrwolf in #430
  • add extra logging when runner fails to TestUsability by @rawlingsj in #446
  • default for mac is docker, not bwrap by @deitch in #447
  • Update distroless references by @jonjohnsonjr in #452
  • Update README.md by @imjasonh in #453
  • Allow built in melange pipelines to be used in subpackages by @rawlingsj in #455
  • Try to make install work on Linux and Mac. by @amouat in #451
  • Pull in index builddate support. by @mattmoor in #460
  • build(deps): bump github.com/docker/docker from 23.0.4+incompatible to 24.0.1+incompatible by @dependabot in #458
  • Pull in the latest go-apk for xattrs support by @mattmoor in #462
  • upgrade go-apk to latest commit, implement go-apk XattrFS interfaces by @kaniini in #463
  • build(deps): bump google.golang.org/api from 0.119.0 to 0.123.0 by @dependabot in #457
  • Require that build config YAML has only known fields by @luhring in #465
  • include filename when parsing fails by @imjasonh in #466
  • Remove secfixes and advisories altogether by @luhring in #468
  • Validate configuration at the end of parsing by @luhring in #469
  • upgrade alpine-lima to 3.18 by @developer-guy in #467
  • add wolfictl by @developer-guy in #473
  • Bump apko and fix what that breaks by @jonjohnsonjr in #477
  • build(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 by @dependabot in #439
  • build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #448
  • Refactor index code, support writing APKINDEX JSON representation natively by @kaniini in #478
  • build(deps): bump github.com/lima-vm/lima from 0.14.2 to 0.16.0 by @dependabot in #479
  • build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.5 by @dependabot in https://github.com/chainguard-dev/melan...
Read more

Release v0.3.2

31 Mar 17:04
4ed1d07
Compare
Choose a tag to compare
Release v0.3.2 Pre-release
Pre-release

Changelog

  • 4ed1d07 Merge pull request #364 from jdolitsky/release-0.3.x