Update all dependencies
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| kubernetes-sigs/kustomize | ironbank-github | major |
kustomize%2Fv5.0.0 -> v3.3.1
|
| mikefarah/yq | ironbank-github | minor |
v4.41.1 -> v4.42.1
|
| mozilla/sops | ironbank-github | minor |
v3.7.3 -> v3.8.1
|
Release Notes
kubernetes-sigs/kustomize (kubernetes-sigs/kustomize)
v3.3.1
Test of new API goreleaser-driven release process. LGTM.
Ignore the assets, as there's just a binary that prints the API version number. The important thing with this release is that one may
require sigs.k8s.io/kustomize/v3 v3.3.1from your go.mod file.
Changelog
78d14d0 Introduce dummy program to help with API releases.
40ed9e6 fix zh-doc
3cf6b8e v3.3.0 release notes
281f932 zh example:chart,secret generator plugin
v3.3.0
First release of the kustomize API-only module, with the CLI removed.
See https://github.com/kubernetes-sigs/kustomize/blob/master/docs/v3.3.0.md
v3.2.0
Changelog
f59d799 Add an example of reusable builtin plugins with custom config.
3f1b2bb Add configs
aabbbf0 Add cover target to Makefile
5dfa929 Add create subcommand
ed91bce Add example plugin for go-getter
7783a76 Add internal tooling library for index queries.
66fa2de Add main backend service and configurations
64341a8 Add short version flag
e898c52 Add test for name conflict with base reuse
aa2bf7e Adds frontend + configs to interal/tools/ui
02f6b3e Allow replicas to find modified names.
6a4150d Amend go-getter plugin document according to comments
963913f Automatically anchor resource selector patterns
1237ae4 Consider currentId when replacing/merging resources
c2d6f09 Crawler performance improvements, better structure
24c173a Detect ID conflicts in namespace transformer
dd5b3c1 Do not prefix/suffix APIService resources
2de052e Download submodules when using base from git
2050afd Ease doing custom configuration of builtin plugins.
74ed0b3 Example of configuring builtin plugin.
351df67 First draft of documentation for internal/tools
44b62a8 Fix indirect git resource cycle detection
fa834f9 Fix non-travis tests.
8e9c08e Fix patch path example
bafd6b5 Fix typo in patches definition
594a06d Fixes to create sub-command
adbb622 Handle git:: prefix in urls containing _git
96c5b4a Handle ordering patches with SMP delete directives
ca41674 Implementation of basic crawler organisation.
62edcae Implementation of configurable github crawler.
ac6918d Implementation of github query helper library.
e0d388c Implements search query partitioning by filesize.
c02b4f3 Initial (temporary) implementation of search doc.
2e6dd48 IsInKustomizeCtx should use end of nameprefix array (1/3)
6e13acf IsInKustomizeCtx should use end of nameprefix array (2/3)
93cedba IsInKustomizeCtx should use end of nameprefix array (3/3)
31262cc IsInKustomizeCtx should use end of nameprefix array (code review)
fe8ba8e Log loader errors during resource accumulation
54f1952 Log output from git on errors
df779fd Modify document for elasticsearch migration.
e904f61 Move commands/edit utils package up to commands
eeafd43 Remove import of k8sdeps from create command
a68f95b Rename commands utility function file
eaae7af Retain replicas field in edit marshal path
ed3c29b Simplify name reference candidate resmap building
ed920af Support setting command in go-getter plugin
a081534 Test custom configuration of a builtin plugin.
423a8a6 Test examples against HEAD as well as against latest release.
33bd221 Update README.md
fe45157 Update crawler to cache web request form github.
b4d6e89 Update zh-README.md
86f2216 Update zh-example-README.md
6c44da5 add PriorityClass to the order list
4690558 add document for inline patch (#1411)
9516880 add inline patch document
35481ec add inline patch support for Strategic Merge Patch and JSON patch
e6fffc8 add makefile
b4038a6 add testting for patch transformers
e011f3b change "bases:" to "resources:"
716a730 feat: Add instructions for setting key in configmap
e455acc fix
aedb362 fix doc
73660af fix environment variable typo.
34287e5 fix example-zh-README.md
d3d4908 fix latest version
c2cc93a fix: tempfile(?)
af29855 fix: windows builds
bc303c4 in plugin executor remove unnecessary code and improve error messages
a279c08 make repospec memebers public
4cb8838 plugin/go-getter: support urls including :
2e7ad48 properly omitempty for 'inventory' in 'kustomize'
d3022cc rename to tools directory
78c9729 translate-zh: glossary.md
6cf8b9e update examples-zh
a4e1ba0 update zh doc
6fcb784 use kubectl apply -k # (#1495)
v3.1.0
v3.0.3
Changelog
bfafbbf Add FAQ about how to customize configuration
fb44880 Add back GCP KMS example
08d7c35 Add storage class name ref
580963e Address replacement of digest by ImageTransformer
579995d Address simultaneous transformation of name and namespace
7998ee7 Addresses slice case with notNamespaceable objects
f1dbab9 Convert go plugin example to GPG based
0edab60 Fix typo: kubectl v1.15 -> kubectl v1.14 (#1333)
9b40f8a Implement code review comments to NameReferenceTransformer changes.
c4d899f Improve NameReference Test cases
0d8d9e2 Move plugin EnvForTest manager into new package
e5ebca6 Test tracking issue "patchesStrategicMerge elements can be dropped"
b43bd54 Update Issue 1264 Reproduction Test
c3ea109 Update goPluginGuidedExample.md
095333f Update references to NewEnvForTest
3c05e2d add extended patch transformer
ed0cfc6 add test for extended patch with overlapping patches
120ba6b docs/versioningPolicy.md: fix expired urls
a85f297 enable extended patch transformer and add tests
6f74419 fix local test failures
f5fc9ac fix local test failures
8121467 fix the ci failure
28d1bad fix the ci failure
dc6dcd8 update the latest version in readme
v3.0.2
Changelog
876f2a8 Fix missing nameReference in default config
145d073 add labels in test patch files
eeed195 include nameprefix and namesuffix to find matched reference for cluster level kinds
33fff65 move strategic merge patch transformer to a builtin transformer
31ab347 refactor the strategic merge patch transformer toward moving it to a plugin (#1340)
v3.0.1
Changelog
c912bae Enable ns transformer for webhook
f996ac8 Fix typo in the go plugin guide
483188b Generate updated ns transformer
efcb7cc Update README.md
8b60b45 Update README.md
c64a72f Update goPluginGuidedExample.md
3bf13f8 Update goPluginGuidedExample.md
6b597f8 Update v3 notes
49b3247 fix the regression on merging configmap with different namespace
v3.0.0
v2.1.0
v2.0.3
Changelog
45ba785 Add configmaps test for json string
8bbe147 Add webhooks to order list of gvk
ea3d5e6 Fix for #818 - Added support for quoted values
eb75203 Fix for #831 - Ignore domain when finding the image tag
6bfd7cf Improve error handling during var resolution.
ed2ad86 Move trim quotes logic to separate function
ff6cd3c Report unused variables.
1303ea3 Run kustomize tests on OSX
e666630 Simplify map conversion logic
9d77cbe Update golang/x/net dependency to release-branch.go1.11
28cefb3 improve error message for loading files listed under crds
78cbff1 improve error message in json patch transformer
b0c3cd7 update the doc for crds: the files in this list should be openAPI definition
f4eef1d update transformerconfigs/crd example
v2.0.2
Changelog
901455e Add Pod initContainer to var reference
bf1c801 Add doc indicating existing of 'behavior' in configMapGenerator
f5f8e49 Add explanatory comments and format
1f063d6 Add more git url regression coverage
d4d993a Add more resid test coverage.
7d3735b Adding goos and goarch from runtime
1382d87 Change ExpandFileSource to work with key=val patterns
5e6c06f Change imagetag to image in docs/eschewedFeatures.md
0f30c09 Delete extraneous copyright.
773c1f2 Make requested wording changes from MR for behavior document
0488f57 More generator tests.
77eebb8 Review changes
48717f3 Switch to black box testing of KustTarget and Resource
1a03dca Test missing file report
d72b162 add a test for a list with no 'items:' provided
8c93f7b add support for varref in maps values
3118ccf add tests for *List kinds and empty lists
d968c0b add varref mountpath test case
9837b5b add volumeMounts/mountPath to varreference
1eab47b fix abs path with symlinks
1a43759 fix invalid relative path in kustomization.yaml
fdba7df if the kind matches '*List$', treat it as a list
0e459eb prevent panic on image transformer
cebcd8a transformers/image: loop refactoring
b15b204 typo: changes verb number to agree with subject
1d005d4 typo: makes verb number agree with subject
v2.0.1
release notes:
- add nil pointer check when loading from remote URL #779
- improve error message when customization file is not found #771
Changelog
ccc4461 Fix nil ptr bug
d720e9e Fix some typos in versioning policy
242b920 Improve error msg returned when no kustomization file is found
7c8db24 Rename kv.KVPair to kv.Pair
9e69b9d Typos in versioning
fc5c726 add documentation for kustomize 2.0.0
e41ca93 move package and add tests
e14ebc0 refactor kv pairs
mozilla/sops (mozilla/sops)
v3.8.1
Note from the Maintainers
In this release of SOPS, we have focused on landing a variety of bug fixes to improve the overall user experience.
For a comprehensive list of changes, please refer to CHANGELOG.rst.
Important Information for SOPS SDK Users
With the project transitioning from the Mozilla Foundation to the CNCF, the Go module path has been updated to reflect this change in ownership. If you use go.mozilla.org/sops/v3 as a library, going forward, import the Go Module using github.com/getsops/sops/v3. Apart from this small adjustment, the SDK's API remains fully backward compatible.
For a one-liner to quickly implement this change throughout your codebase, please refer to: https://github.com/getsops/sops/issues/1246#issuecomment-1625526429
Installation
To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.
For instance, if you are using Linux on an AMD64 architecture:
### Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.linux.amd64
### Move the binary in to your PATH
mv sops-v3.8.1.linux.amd64 /usr/local/bin/sops
### Make the binary executable
chmod +x /usr/local/bin/sopsVerify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
### Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.checksums.sig
### Verify the checksums file
cosign verify-blob sops-v3.8.1.checksums.txt \
--certificate sops-v3.8.1.checksums.pem \
--signature sops-v3.8.1.checksums.sig \
--certificate-identity-regexp=https://github.com/getsops \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:
### Verify the binary using the checksums file
sha256sum -c sops-v3.8.1.checksums.txt --ignore-missingVerify artifact provenance
The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.8.1.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:
### Download the metadata file
curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.intoto.jsonl
### Verify the provenance of the artifact
slsa-verifier verify-artifact <artifact> \
--provenance-path sops-v3.8.1.intoto.jsonl \
--source-uri github.com/getsops/sops \
--source-tag v3.8.1Container Images
The sops binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies.
These container images are available for the following architectures: linux/amd64 and linux/arm64.
GitHub Container Registry
ghcr.io/getsops/sops:v3.8.1ghcr.io/getsops/sops:v3.8.1-alpine
Quay.io
quay.io/getsops/sops:v3.8.1quay.io/getsops/sops:v3.8.1-alpine
Verify container image signature
The container images are signed using Cosign with GitHub OIDC. To validate the signature of an image, run the following command:
cosign verify ghcr.io/getsops/sops:v3.8.1 \
--certificate-identity-regexp=https://github.com/getsops \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
-o textVerify container image provenance
The container images include SLSA provenance attestations. For more information around the verification of this, please refer to the slsa-verifier documentation.
Software Bill of Materials
The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an SPDX JSON file, formatted as <binary>.spdx.sbom.json.
What's Changed
- build(deps): Bump the ci group with 3 updates by @dependabot in https://github.com/getsops/sops/pull/1295
- pgp: improve handling of GnuPG home dir by @hiddeco in https://github.com/getsops/sops/pull/1298
- Delete sops encrypted file we don't have keys for by @felixfontein in https://github.com/getsops/sops/pull/1288
- Improve handling of errors when binary store handles bad data by @felixfontein in https://github.com/getsops/sops/pull/1289
- On macOS, prefer XDG_CONFIG_HOME over os.UserConfigDir() by @felixfontein in https://github.com/getsops/sops/pull/1291
- Do not crash if an empty YAML file is encrypted by @felixfontein in https://github.com/getsops/sops/pull/1290
- Fix descriptions of unencrypted-regex and encrypted-regex flags, and ensure unencrypted_regex is considered in config validation by @mitar in https://github.com/getsops/sops/pull/1300
- build(deps): Bump the go group with 4 updates by @dependabot in https://github.com/getsops/sops/pull/1306
- build(deps): Bump the ci group with 1 update by @dependabot in https://github.com/getsops/sops/pull/1301
- Handle return values of dec.Token() to improve error messages by @felixfontein in https://github.com/getsops/sops/pull/1307
- pgp: make error the last return value by @felixfontein in https://github.com/getsops/sops/pull/1310
- pgp: do not require abs path for SopsGpgExecEnv by @holiman in https://github.com/getsops/sops/pull/1309
- decrypt: fix dropped error by @alrs in https://github.com/getsops/sops/pull/1304
- Handle errors by @felixfontein in https://github.com/getsops/sops/pull/1311
- Report key rotation errors by @felixfontein in https://github.com/getsops/sops/pull/1317
- cmd/sops/main.go: make sure to wrap raw errors with toExitError() by @felixfontein in https://github.com/getsops/sops/pull/1318
- build(deps): Bump the go group with 7 updates by @dependabot in https://github.com/getsops/sops/pull/1319
- Enrich AWS authentication documentation by @nsantiago2719 in https://github.com/getsops/sops/pull/1272
- Better error reporting for missing gpg binary by @makkes in https://github.com/getsops/sops/pull/1286
- Improve RST and MD files by @felixfontein in https://github.com/getsops/sops/pull/1320
- Add linting for RST and MD files by @felixfontein in https://github.com/getsops/sops/pull/1287
- Update dependencies by @hiddeco in https://github.com/getsops/sops/pull/1325
- Prepare v3.8.1 by @hiddeco in https://github.com/getsops/sops/pull/1324
New Contributors
- @mitar made their first contribution in https://github.com/getsops/sops/pull/1300
- @holiman made their first contribution in https://github.com/getsops/sops/pull/1309
- @alrs made their first contribution in https://github.com/getsops/sops/pull/1304
- @nsantiago2719 made their first contribution in https://github.com/getsops/sops/pull/1272
- @makkes made their first contribution in https://github.com/getsops/sops/pull/1286
Full Changelog: https://github.com/getsops/sops/compare/v3.8.0...v3.8.1
v3.8.0
Note from the Maintainers
We are extremely happy to introduce this new minor release of SOPS, now a CNCF Sandbox project under the stewardship of a new group of maintainers.
This release involved significant effort in rewriting and enhancing key source implementations, and includes a number of bug fixes which people had been patiently waiting on for a long period of time. In addition, the release process has been built up from scratch, and now now provides enhanced assurance by publishing SBOMs (Software Bill of Materials), SLSA3 provenance attestations and a Cosign signed checksums file as release artifacts.
For a comprehensive list of changes, please refer to CHANGELOG.rst.
Important Information for SOPS SDK Users
With the project transitioning from the Mozilla Foundation to the CNCF, the Go module path has been updated to reflect this change in ownership. If you use go.mozilla.org/sops/v3 as a library, going forward, import the Go Module using github.com/getsops/sops/v3. Apart from this small adjustment, the SDK's API remains fully backward compatible.
For a one-liner to quickly implement this change throughout your codebase, please refer to: https://github.com/getsops/sops/issues/1246#issuecomment-1625526429
Installation
To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.
For instance, if you are using Linux on an AMD64 architecture:
### Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.8.0/sops-v3.8.0.linux.amd64
### Move the binary in to your PATH
mv sops-v3.8.0.linux.amd64 /usr/local/bin/sops
### Make the binary executable
chmod +x /usr/local/bin/sopsVerify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:
### Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.8.0/sops-v3.8.0.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.8.0/sops-v3.8.0.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.8.0/sops-v3.8.0.checksums.sig
### Verify the checksums file
cosign verify-blob sops-v3.8.0.checksums.txt \
--certificate sops-v3.8.0.checksums.pem \
--signature sops-v3.8.0.checksums.sig \
--certificate-identity-regexp=https://github.com/getsops \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comVerify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:
### Verify the binary using the checksums file
sha256sum -c sops-v3.8.0.checksums.txt --ignore-missingVerify artifact provenance
The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.8.0.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:
### Download the metadata file
curl -LO https://github.com/getsops/sops/releases/download/v3.8.0/sops-v3.8.0.intoto.jsonl
### Verify the provenance of the artifact
slsa-verifier verify-artifact <artifact> \
--provenance-path sops-v3.8.0.intoto.jsonl \
--source-uri github.com/getsops/sops \
--source-tag v3.8.0Container Images
The sops binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies.
These container images are available for the following architectures: linux/amd64 and linux/arm64.
GitHub Container Registry
ghcr.io/getsops/sops:v3.8.0ghcr.io/getsops/sops:v3.8.0-alpine
Quay.io
quay.io/getsops/sops:v3.8.0quay.io/getsops/sops:v3.8.0-alpine
Verify container image signature
The container images are signed using Cosign with GitHub OIDC. To validate the signature of an image, run the following command:
cosign verify ghcr.io/getsops/sops:v3.8.0 \
--certificate-identity-regexp=https://github.com/getsops \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
-o textVerify container image provenance
The container images include SLSA provenance attestations. For more information around the verification of this, please refer to the slsa-verifier documentation.
Software Bill of Materials
The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an SPDX JSON file, formatted as <binary>.spdx.sbom.json.
What's Changed
- chore: update dependencies by @hiddeco in https://github.com/getsops/sops/pull/1275
- build: pin actions to full length commit SHA and add CodeQL by @hiddeco in https://github.com/getsops/sops/pull/1276
- Enable Dependabot for Docker, GitHub Actions and Go Mod by @hiddeco in https://github.com/getsops/sops/pull/1277
- build(deps): Bump the go group with 2 updates by @dependabot in https://github.com/getsops/sops/pull/1280
- build(deps): Bump the ci group with 6 updates by @dependabot in https://github.com/getsops/sops/pull/1279
- release: generate versioned
.intoto.jsonlby @hiddeco in https://github.com/getsops/sops/pull/1278 - pgp: remove
DisableAgentoption by @hiddeco in https://github.com/getsops/sops/pull/1282 - keyservices: address logging regression by @hiddeco in https://github.com/getsops/sops/pull/1281
- chore: update dependencies by @hiddeco in https://github.com/getsops/sops/pull/1283
- Prepare v3.8.0 by @hiddeco in https://github.com/getsops/sops/pull/1284
Full Changelog: https://github.com/getsops/sops/compare/v3.8.0-rc.1...v3.8.0
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.